Whether at home or in companies, the biggest IT security risk is the human element. That’s why hackers try to engage gullible employees in 90 percent of their attacks. You can minimize the risk – if you take the following 10 simple tips to heart.
Tips for the Office
Do not open e-mails or attachments from strangers.
Everyone knows it, but not everyone sticks to it. Because it’s getting harder and harder to tell real e-mails from fake ones. Instead of circulating mass e-mails that are full of typos, phishing e-mails are tailored to the recipient. To achieve that, the scammers google information about this person and sweeten the e-mail by flattering the ego of the recipient. So, for example as a Siemens employee, if you receive an e-mail in the near future from a certain J. Kaeser, who wants to recruit you for a super important innovation project, that could be a huge career boost for you. Or – much more likely – it’s a fake e-mail that installs spyware when you open the attachment.
Protect all devices with PIN or password.
One of five people have at some stage lost their smartphone or had it stolen. It’s a good thing these devices can be locked. According to Bitkom Research, 95 percent of all professional users have made sure it is. If you belong to the remaining five percent, you should immediately start doing the same. Setting up facial recognition (please only use 3D facial recognition), fingerprint, iris, PIN or gesture pattern is child’s play, and unlocking is done in fractions of a second. Whether smartphones, tablets or PCs – a secure login as basic protection is an absolute must.
Use secure passwords – and a different one for each account.
123456 is the most popular password. No joke. This provides zero protection; it’s just an invitation to every hacker. Only long passwords that are not easy to guess (such as names, birthdays, etc.) are really secure – especially if you use a different one for each account. If you’re not a memory artist, you can use a password safe with a master password, which automatically generates secure passwords – under no circumstances should you write down passwords anywhere. Where possible, you should switch to two-factor authentication, which is already mandatory for online banking. You often hear the recommendation that you should change passwords regularly. Security experts are increasingly critical of this tactic, because users tend to use passwords that are easy to remember and numbered consecutively.
Update software immediately.
Is it the worry that an update might interfere with whatever you’re working on, or is it just plain laziness? Many users put off installing software updates. This is risky because software vendors regularly use updates to plug security gaps before they become known to the hacker scene. You should therefore set your device to accept automatic updates. This also applies to the antivirus program, which should be part of the basic configuration of every PC and now also of smartphones.
Encrypt and sign your e-mails digitally.
According to the General Data Protection Regulation, e-mails containing customer data must be encrypted. The same applies to e-mails containing sensitive information. Use a digital signature to be sure that an e-mail actually originates from a particular sender or to identify yourself to a recipient.
Make regular backups.
Sometimes it does happen: You have carelessly clicked on a file attachment with ransomware and now the PC is locked, and hackers are demanding a ransom for unlocking it. No problem! Reset the PC to factory settings and retrieve all data with the backup. Backup? That’s what you had set out to do, but then you forgot about it.
Tips for on the go
If possible, do not use public Wi-Fi hotspots.
Experienced hackers can read the data traffic in public hotspots. Things get really dangerous if you fall into the trap of using a fake hotspot. It’s easy to be fooled into thinking that the “Hiton-Hotel” hotspot is a service of the Hilton Hotel, and not a trap set by a nearby hacker. Therefore, it’s better to go online with your mobile network and use your smartphone as a modem for your PC.
Reveal as little as possible about yourself in public space.
Cybersecurity starts in the analogue offline world, for example in the subway: The employee ID card dangling around your neck or the laptop on your knees are sources of information from which criminals can create deceptively genuine phishing e-mails (see Tip 1). Even in conversations with strangers, for example at a trade fair, you should be careful with information and suspicious if someone asks you strange or conspicuously many questions.
Turn off smart devices when making confidential calls.
In confidential meetings, it is common practice to leave smartphones outside the meeting room, because they can be manipulated to eavesdrop. Smart assistants like Alexa, Siri or Google Assistant do it quite openly. Therefore, switch off all smartphones, smart speakers and smart TVs in the room when you have important things to talk about, with power supply units it is best to pull the plug. And cover the webcam on the PC when you’re not using it.
Be on your guard!
As an employee, report immediately if a device is lost or stolen. This also applies if you suspect that someone has hacked your device. Don’t worry: Even if you’ve made a mistake, nobody’s going to rip your head off. If you act quickly, you can prevent anything worse from happening.