The key to protecting your digital life
Even those who consider themselves well educated about security threats - and do everything they have been taught to do - can still end up as a victim. The truth is that with enough time, resources, and skill, anything and anyone can be successfully attacked.
This is why it is important to make it as time-consuming and impractical as possible for a motivated criminal to steal things most important to your safety, financial security, and privacy. Attacks are not free for the criminals. Every tool, tactic, and technique costs them time, as well as money to facilitate. What you want to do is make it too “expensive” for the adversary. If cybercriminals find it too difficult to compromise your stuff, there is a good chance they will simply move on to an easier target. Here are some steps to prevent you from being the easiest target.
Step 1: Assessment
Take inventory of the digital bits and bytes that have creeped into your everyday life. Think about what could put you in a vulnerable position, or be exploited by a criminal for profit. Ask yourself these questions:
- What is on my social media accounts, and can anyone on the Internet see it?
- Do I really need to share my email address, phone number, address, or personal information with this site or in this social media post?
- Have I replied to any emails or clicked any links from people I do not know?
- Have I installed any apps that I have not fully vetted or understand?
Step 2: Reduce your personal attack surface
Every day, we carry a sizable portion of our digital identities on our smart phones and tablets. Often, we lose physical control of our devices, whether lost, stolen, or picked up by others while we are not attending to them.
These 5 things will cover 90% of your mobile threats
- Enable the locking mechanism on your device.
- Always lock your device before you put it down, and we know you are forgetful, so just to be safe ensure it automatically locks after a short period.
- Set your devices to require the unlock method immediately after it has been locked.
- Keep your devices up to date with the latest operating system and app versions.
- Regularly backup your devices.
Tips to protect your personal computers
- Keep all software up to date. Turn on automatic updates (and do not keep delaying them).
- Use reputable anti-malware software.
- Enable full-disk encryption.
- Avoid all pirated materials, including music downloads, and software.
- Do not plug unknown USB or other external devices into the computer.
- Create backups, and set them to run automatically!
The average person does not need to worry about some elite attacker group working tirelessly just to gain access to your email account. The reality is they do not need to work that hard. Attackers often leverage a technique known as “social engineering” to get the data they are after. This technique does not require much technical knowledge or sophistication. All they really need for a successful attack is a Gmail account, public computer, and a ‘can-do’ attitude!
What is Social Engineering?
Social engineering is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. Social engineering can take many forms, and it’s usually differentiated based on its delivery mechanism.
Common Methods of Social Engineering Attacks
- Phishing is a form of social engineering delivered through email.
- Smishing is phishing over a SMS text messaging.
- Vishing is a form of social engineering over a telephone.
- Quid Pro Quo (Latin for 'something for something') is a benefit to the victim in exchange for information. For example, an attacker pretending to be IT support.
In other words, social engineering involves an attacker pretending to be someone they are not.
How can I protect myself from social engineering attacks?
Slow down and assess
Pause for a moment to assess an unsure situation. Attackers prey on human instincts such as trust, excitement, fear, and curiosity. Ask yourself a few questions:
- Do I recognize the sender?
- Would this company or person ever ask me for confidential information over email?
- Does it sound too good to be true?
- Are they pressing me to act right now?
- Are they trying to scare me into believing I am under imminent threat?
Pay attention to details
Are there any oddities like misspellings, weird attachments, poor grammar, or is it from an email address that just looks a bit off? Attention to detail goes a long way in noticing social engineering attempts.
When in doubt, do not click
Links are quite common in emails, but when they are from an untrusted source, we should take extra precautions. A quick check on whether you recognize the domain will go a long way. In the end, follow your gut – it is right more often than you think!
Reduce your online footprint
The less you share online and on social media, the less attractive of a target you become. Avoid posting personal information – even the most innocuous detail, such as the name of your pet can be used against you!
Turn on two-factor authentication
You will hear this one over and over. If you are given the option, always enable two-factor authentication (2FA) or multi-factor authentication (MFA) to add an additional layer of security to your accounts. This extra verification method means that even in the worst-case scenario, if a social engineering attack is successful and someone gets your password, it will be more difficult for them to gain access to your sensitive data.
Remember that your information is as valuable to a criminal as it is to you. By guarding it with both technical protection, as well as logical attention, you can make yourself too expensive to target.