Did you know that 1 in 2 security breaches (link to Norwegian site) are caused wholly or partly by human error? The ways businesses protect themselves from hacking, data breach and attacks are constantly changing – and so are the expectations for you as an employee.
To help you become more confident in cybersecurity, we have gathered seven things that you need to know:
7 things you should know about cyber hygiene
1) Two-factor authentication (2FA) strengthens your login security
Two-factor authentication, also known as multi-factor authentication or 2FA, is a simple way to make your login security better. How? By requiring a second piece of information beyond your password.
In terms of authentication, one often speaks of authentication factors in different domains:
- Something you know – Knowledge factor – e.g. a password
- Something you have – Possession factor -e.g. a phone with an authenticator app
- Something you are – Inherent factor – e.g. a fingerprint
So why is two-factor authentication so important? Even if your password was to leak, a malicious actor could not access your accounts with 2FA enabled if they don’t have the second factor (which they most often don’t have). To get started, install an authenticator app on your phone and enable it on all services that allow for it.
2) Maintaining an older version of your devices’ software is dangerous
Are you one of those that spend weeks postponing the latest iOS version upgrade on your iPhone? Hopefully, you’ll get rid of this bad habit after you hear this: Maintaining an older version of your devices’ software is dangerous, as new software patches fix previously discovered vulnerabilities.
The European Union Agency for Cybersecurity recommends keeping software up to date for maximum protection. An update a day keeps more viruses at bay.
3) 1 in 2 security breaches are caused wholly or partly by human error
Despite antivirus protection, you are not as protected as you might think. In fact, 1 in 2 security breaches is caused wholly or partly by human error.
Imagine you receive an email in your inbox from a friend you have not heard from in two years. When you open the email, it says: “Please click http://shorturl.sdgxz.com, it was so funny!” What do you do?
You should never open an attachment unless you are certain who sent it, so make sure to give your old friend a call to be certain of the email’s contents. The spoofed email is an example of phishing, crafting messages or calls that use social engineering techniques to lure the recipient to take the bait.
4) … and businesses are more worried about employees than hackers
Businesses even find employees scarier than hackers. Half (48%) of businesses are more worried about employees breaching data guidelines than external hacks.
Moreover, one in five firms doesn’t give their employees regular cybersecurity training. 42% of medium and large businesses have been affected by cybersecurity breaches, and 1 in 18 said breaches were major.
5) As many as 90% of malware infections and 72% of data breaches in organisations originate from phishing attacks
Information passed along over a telephone call is often seen as credible, however, one of the more common methods of attacking software businesses is through social engineering.
A person calling you and claiming to be from your company’s support desk may actually be an imposter. As many as 90% of malware infections and 72% of data breaches in organisations originate from phishing attacks.
6) 63% of Norwegian businesses claim low awareness around security makes them vulnerable to hybrid threats, yet only 28% find it probable that they will be victims of such an attack
In what way can you be a target when on the internet? National entities are increasing their efforts on cyber espionage, according to the Norwegian Intelligence Service. Although you might fear for your financial details, they are not the only target for foreign attempts of cyber espionage.
63% of Norwegian businesses claim that a low awareness around security makes them vulnerable to hybrid threats, yet only 28% find it probable that they will be victims of such an attack.
7) Act responsibly online – you leave more footprints than you think
One day you’re surfing the web and you decide to install a chrome extension. It simplifies so many things for you! The next day, you find out that every single webpage you visited is up for sale online.
Bottom line: Ensure you only install items on your computer you trust. Despite several layers of security installed on your work computer, the user (you) is responsible for maintaining that security by asking your organization’s IT personnel about anything you suspect could be a problem.