Here are a few security mistakes to be aware of.<\/p>\n
Email: This ruse is nothing new<\/strong><\/h2>\nSocial engineering<\/a> tactics are as old as the day is long, yet people keep falling for them. Today, phishing via email has become incredibly commonplace.<\/p>\nAlthough criminals are improving the \u2018quality\u2019 of these emails, with some targeted \u2013 known as spear phishing \u2013 emails looking incredibly authentic most do not (telltale signs<\/a> include poor spelling, random email address and far-fetched claims that you\u2019ve won millions).<\/p>\nKeep yourself safe by carefully checking the recipient, the request, and use some common sense \u2013 search via Google rather than using the enclosed website address. Also, be cautious of attachments, as they may be malware-infected. It\u2019s important to check file extensions and to only open files deemed safe and from legitimate sources.<\/p>\n
Social media: New hunting ground<\/strong><\/h2>\n![\"oops](\"https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2017\/05\/shutterstock_168318926.jpg\")
<\/p>\n
Social media has become the go-to-market for cybercriminals<\/a> eager to compromise people. It\u2019s no surprise, as many users still fail to adequately look after their networks (for example, a 2016 survey showed that 58% of people do not know how to update their privacy settings).<\/p>\nAs with email, and post too, always check the authenticity of the sender (do they look credible?), the message and the link (which will likely be shortened). Beware trending hashtags too, as many as now using these to catch out unsuspecting Twitter and Facebook users trying to catch-up with the latest breaking news.<\/p>\n
Attitude: It won\u2019t happen to me<\/strong><\/h2>\nForget technology for a second, culture is arguably the biggest issue with security right now, and this has been the case for 20 years. CEOs think they won\u2019t be targeted and citizens think much the same (i.e. it won\u2019t happen to me<\/a>).<\/p>\nThis complacency is misguided, as everyone is a potential target<\/a>. Accordingly, this attitude can often result in poor security habits, with individuals and organizations treating, for example, password and Wi-Fi security not as seriously as they should.<\/p>\nThis is despite the fact that good cybersecurity can be achieved relatively easily, through good password hygiene, regular software updates, anti-virus and even password managers, VPNs and secure encrypted messaging apps.<\/p>\n
Passwords: The easy way in<\/strong><\/h2>\n![\"password](\"https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2017\/05\/shutterstock_341618303.jpg\")
<\/p>\n
Generic, guessable passwords can be easily cracked, and they can open a can of worms if you use the same password across several accounts. Brute-forcing passwords is increasing fast and easy for criminals today equipped with either huge computing power, or access to buy such expertise on the dark web.<\/p>\n
Weak passwords, such as 123456; password; 12345678; and qwerty remain commonplace<\/a>, with many people failing to see how this \u2018low-hanging fruit\u2019 is an entry point for cybercriminals. According to Forrester<\/a>, 80% of all attacks involve a weak or stolen password<\/em>.<\/p>\nFortunately, some web providers now forcing you to generate random passwords, or create complex ones. You may want to consider a password manager, as well as passphrases<\/a>.<\/p>\nSoftware updates: A lack of<\/h2>\n
Whether on desktop, laptop or mobile, there\u2019s always another software update<\/a> for an app, our operating system or security solution. Interestingly, the constant pop-ups irritate us, with many people failing to understand just how important they are.<\/p>\nIf we fail to update, we\u2019re effectively leaving our software and devices vulnerable to attack, as cybercriminals look to exploit out-of-date flaws. Configuring automatic updates from trusted providers can make sure these are installed regularly.<\/p>\n
Although criminals are improving the \u2018quality\u2019 of these emails, with some targeted \u2013 known as spear phishing \u2013 emails looking incredibly authentic most do not (telltale signs<\/a> include poor spelling, random email address and far-fetched claims that you\u2019ve won millions).<\/p>\n Keep yourself safe by carefully checking the recipient, the request, and use some common sense \u2013 search via Google rather than using the enclosed website address. Also, be cautious of attachments, as they may be malware-infected. It\u2019s important to check file extensions and to only open files deemed safe and from legitimate sources.<\/p>\n Social media has become the go-to-market for cybercriminals<\/a> eager to compromise people. It\u2019s no surprise, as many users still fail to adequately look after their networks (for example, a 2016 survey showed that 58% of people do not know how to update their privacy settings).<\/p>\n As with email, and post too, always check the authenticity of the sender (do they look credible?), the message and the link (which will likely be shortened). Beware trending hashtags too, as many as now using these to catch out unsuspecting Twitter and Facebook users trying to catch-up with the latest breaking news.<\/p>\n Forget technology for a second, culture is arguably the biggest issue with security right now, and this has been the case for 20 years. CEOs think they won\u2019t be targeted and citizens think much the same (i.e. it won\u2019t happen to me<\/a>).<\/p>\n This complacency is misguided, as everyone is a potential target<\/a>. Accordingly, this attitude can often result in poor security habits, with individuals and organizations treating, for example, password and Wi-Fi security not as seriously as they should.<\/p>\n This is despite the fact that good cybersecurity can be achieved relatively easily, through good password hygiene, regular software updates, anti-virus and even password managers, VPNs and secure encrypted messaging apps.<\/p>\n Generic, guessable passwords can be easily cracked, and they can open a can of worms if you use the same password across several accounts. Brute-forcing passwords is increasing fast and easy for criminals today equipped with either huge computing power, or access to buy such expertise on the dark web.<\/p>\n Weak passwords, such as 123456; password; 12345678; and qwerty remain commonplace<\/a>, with many people failing to see how this \u2018low-hanging fruit\u2019 is an entry point for cybercriminals. According to Forrester<\/a>, 80% of all attacks involve a weak or stolen password<\/em>.<\/p>\n Fortunately, some web providers now forcing you to generate random passwords, or create complex ones. You may want to consider a password manager, as well as passphrases<\/a>.<\/p>\n Whether on desktop, laptop or mobile, there\u2019s always another software update<\/a> for an app, our operating system or security solution. Interestingly, the constant pop-ups irritate us, with many people failing to understand just how important they are.<\/p>\n If we fail to update, we\u2019re effectively leaving our software and devices vulnerable to attack, as cybercriminals look to exploit out-of-date flaws. Configuring automatic updates from trusted providers can make sure these are installed regularly.<\/p>\nSocial media: New hunting ground<\/strong><\/h2>\n
<\/p>\nAttitude: It won\u2019t happen to me<\/strong><\/h2>\n
Passwords: The easy way in<\/strong><\/h2>\n
<\/p>\nSoftware updates: A lack of<\/h2>\n