Cyber Security Month - 5 tips on cybersecurity

#
Cyber Security
#
Information Security
Hovering computer, notebook, tablet and smartphone. Green overlay of a cloud with lock and dashboard graphics.
We show you with five selected topics what to watch out for and how you can protect yourself. It's about phishing, malware, social engineering, and passwords, as well as training and awareness.

Use this blog post as a training opportunity in your organization. Post it on your intranet and educate your employees throughout the month of October.

Cyber threats are increasing rapidly every year. This year, the global cost of cybercrime is expected to reach $9.5 trillion, according to Cybersecurity Ventures (1). This is 1.5 trillion more than was predicted for 2023 (2).

In cyberattacks, companies or individuals are maliciously attacked by individual hackers or groups of hackers over the Internet in order to obtain data, information, or money.

The EU's European Cyber Security Month campaign highlights the topic of cybersecurity every October. It aims to make states, companies, and individuals more aware of the dangers of cybercrime, and of ways to stay protected.

Cybersecurity month is a great opportunity to shine a light on five selected information security areas to watch out for. And how to stay safe!

What are cyber threats and cybersecurity?

Cybersecurity: A sign with a lock connected to various networks.

Cybersecurity refers to technical as well as organizational measures to protect  IT infrastructure and organizational data against malicious attacks. This includes the protection of computers, networks, servers, smartphones, and smart devices, but also data protection and information security.

There are three types of cyber threats:

  • Cybercrime: attacks on systems to make money or to disrupt business operations.
  • Cyberattacks: these are mostly politically motivated information gathering.
  • Cyberterrorism: attacks on electronic systems to spread panic and fear.

The attack types are the same for all threats. The spread of malware (viruses, Trojans, spyware, adware, ransomware, botnets) puts computers and systems out of service or damages them. SQL Injections enable hacking of databases to obtain information. Phishing is an attempt to obtain login and financial data as well as to find out personal information. Man-in-the-middle attacks intercept information between two parties, e.g., a computer and a network. In the case of denial-of-service attacks, networks or servers are flooded with data traffic so that the infected computer systems can no longer run, and companies are unable to function. Attack targets are typically governments and companies, but can also be private individuals.

How can you protect yourself from cybercrime as a company and also as a private person? On the one hand, technical protective measures are essential. On the other hand, our behavior has a decisive influence on the risk of becoming a victim of a cyberattack.

Phishing - what it is and how to protect yourself

Phishing: A letter on a fishing hook.

Phishing emails are emails sent under fraudulent pretext by hackers, who try to obtain login details, bank and credit card details, or other personal information. As a rule, the goal is to make money with the data obtained or to gain access to systems. The emails often look deceptively real and appear to come from a legitimate source, such as your bank. Urgent calls to action entice users to click on links and enter their data.

It is therefore important not to click on links in emails, especially from unknown senders. Be wary of any request for login information. No reputable company will ever ask you to adjust your access data via a stored link or to disclose them by replying to an e-mail. Also, be careful if you are asked to provide your credit card or bank account information.

Watch out for misspelt, missing, or misaligned letters in emails and links. These are also indicators of phishing.

But phishing is no longer limited to email. Access credentials or credit card information can also be obtained by phone (vishing) or SMS (smishing). QR codes can also be manipulated so that scanning them leads to a fake login page.

Read more about phishing in the blog "Phishing - the danger that lurks on the net".

Malware - what it is and how to protect yourself

Malware: A screen with a beetle on it.

Malware, also known as malicious software, is software that can damage your computer, smartphone, or tablet or disable it entirely. Malware is mainly spread via the internet while surfing, downloading software, such as email attachments, or via social media. Malware can also be distributed via USB sticks and other mobile data carriers. As with phishing, the motivation is mostly financial or industrial espionage. Hackers can also be politically motivated or want to damage a company's reputation.

Viruses, Trojans, spyware, adware, and ransomware are forms of malware, and they are often spread via botnets.

On the one hand, technical measures provide protection against malware:

  • Keep your operating system, software, and apps up to date and always install the latest security patches.
  • Install anti-virus protection.
  • It is advisable for companies to use all-round protection software that analyzes the data in real time and closes security gaps.

On the other hand, the users must also behave securely:

  • Do not open any e-mail attachments from unknown senders and be wary if you do not expect an attachment from a friend. If necessary, ask the sender first for more information.
  • Do not click any links that you are not certain are legitimate. Check links for misspelt, missing or replaced letters, for example, if the letter "O" is replaced by the number "0".
  • Only visit secure Web sites that are protected with https. You can recognize them by the small security lock sign next to the URL in the address line.
  • Do not access the Internet via unsecured WLAN networks. It is best to use your mobile phone to generate a personal hotspot.
  • Protect your private WLAN with a suitable password and create separate access for guests.
  • Do not connect any unknown data carriers, USB sticks, or hard drives to your computer.
  • Only download software that is authorized by your company or that is offered in the official app store.

Social engineering - what it is and how to protect yourself

Social engineering: A shield with a person.

Social engineering is a method in which fraudsters fake an identity in order to obtain information or to convince their victims to take a certain action. For example, they can pretend to be a help desk employee in order to persuade the victim to provide login data or to convince them to visit an infected website. Most of the time, social engineering is used to attempt to obtain login data, steal credit card or bank information, or gain access to IT systems. The more information that can be gathered about a victim, the higher the chances of success in an attack. Most of the information is found on the Internet, e.g., on company websites or in social media, but it may also come from public registers or the phone book.

It is important that you never pass on internal or confidential information about yourself or your company to strangers. Passwords and access data should never be shared. Do not allow yourself to be pressured or persuaded to download a particular file or visit a given website.

Read more tips on how to protect yourself from social engineering in our blog.

Secure password protection

Passwords: A shield with a good sign above a password entry field enclosed by hands.

Every day we have to enter passwords for our work or private lives in order to be able to log into systems. A well-chosen password is essential for protecting yourself against dangers from the Internet.

If passwords are revealed, data can be manipulated or stolen. Hackers have special tools with which they can easily discover passwords if the passwords are not created according to certain rules.

To ensure protection, a good, secure, individual password must be created for each application. Never use the same password for multiple systems or websites and never give your login details to anyone else. Otherwise, the passwords lose their effectiveness for protection. Always activate 2-factor authentication if the system allows it. This also increases security.

Note the following points when creating a new password:

  • It must not contain any personal information such as name, date of birth, license plate number etc. or username.
  • The current NIST recommendation is to choose a password that is easy to remember, contains at least 16 characters and is made up of at least 4 existing words. If the password must be shorter than 16 characters, it should contain numbers, upper and lower case letters as well as special characters and ideally be more than 10 characters long.
  • It cannot be found in a dictionary, and it does not contain sequences of numbers or letters (e.g., AAA, 1234, abcd, etc.).

The following tips can help you avoid having to write passwords down and make them easier to remember:

  • Acronyms: use the first letter of every word in a sentence.
  • Multiple words: combine at least four random words. You can add numbers and / or special characters.
  • Password manager: use a password manager to create and manage passwords. Most password managers can also be combined with two-factor authentication. This means that you only have to remember one password instead of many.

Read more about passwords in the blog "Secure passwords and what you need to know about them".

Protection through training and awareness

Cybersecurity: Pictogram. One hand holds the internet symbol.

Nowadays it is more important than ever that employees are trained on the topics of information security. Training courses should take place at regular intervals and ideally be coordinated with one another.

Employees are the most important element of protection when it comes to cybersecurity. Use this element of defense by enabling your employees to recognize the dangers associated with the Internet and to behave correctly.

The European Cyber Security Month is a good opportunity to train employees on the subject of cybersecurity with a targeted campaign. Create virtual games, quizzes, e-learning courses, or events where employees can actively participate on site. The topic can also be brought to people’s attention with posters, intranet pages, or e-mails.

In our blog posts we discuss how to plan and implement a security awareness campaign and how to successfully change the behavior of employees. You can find an overview of all blog posts here.

(1) Cybersecurity Ventures (2022): Cybercrime To Cost The World 8 Trillion Annually In 2023. https://cybersecurityventures.com/cybercrime-to-cost-the-world-8-trillion-annually-in-2023/

(2) Cybersecurity Ventures (2023): Cybercrime To Cost The World $9.5 Trillion USD Annually In 2024. https://cybersecurityventures.com/cybercrime-to-cost-the-world-9-trillion-annually-in-2024/

Inspiration: https://www.kaspersky.de/resource-center/definitions/what-is-cyber-security

Newsletter

Don't miss any more news about cyber security awareness and get tips and tricks for employee training in your company.

Vielen Dank für Ihre Newsletter Anmeldung.
Beim Absenden des Formulars ist etwas schief gelaufen.
Umschlagsymbol

Form, E-mail, Phone

You can fill out a short form or send us an email. We will get back to you within two working days. You can also call us directly. Click on "Contact" and you will receive all the necessary contact details.

Kalendersymbol

Free online consultation

If you would prefer to book a specific appointment, you can do so by clicking on the blue button below. The online booking system will open in a new window and you can schedule your free consultation.