Whether a newbie or a seasoned internet user, anybody can become a victim of a scam targeting consumer or enterprise internet users. The question is why this remains a recurring security challenge.
My view: We are not being sufficiently vigilant when using internet services and too often fail to embrace best practices governing usage. A common analogy would be the attention we devote to hygiene to maintain our personal health. Our parents taught us to wash our hands, avoid touching our eyes and cover our mouth when coughing. We were also warned not to share food and drink, talk with strangers, or accept gifts from them.
Many of you may have heard the phrase, “If it’s too good to be true, it most likely is.” That proverb, implies that if someone you don’t know offers something of value, for little or no effort, be suspicious – both about the offer as well as the person making it.
When it comes to online safety, you can similarly protect yourself by being mindful about internet hygiene. Here are a few simple steps you can adopt to keep the bad guys at bay.
Wash your hands: Maintain your computer (laptop, desktop, mobile phone) in terms of operating system and application updates. Also install endpoint protection software and keep it updated as well.
Avoid touching your eyes: Don’t visit web sites of questionable content and integrity. Check your web browser. Make sure that the site address starts with https://. A check mark, or green banner indicates a trusted site.
Don’t share your food or drink: Think about who you share your documents with and how you are doing that. Pay attention to the sharing rights you enable when using file sync / share services (e.g. DropBox, Box, OneDrive, Google Drive, etc). Avoid using the full share to a public audience, as this will let anyone upload potentially harmful programs without your knowledge.
Don’t talk to strangers: Do not reuse username / passwords among different web sites. Use a password manager program to create and maintain unique passwords. If there is an option to also include “advanced” security settings such as two factor authentication, use that feature in addition to unique username / passwords
Don’t accept gifts from strangers: Email continues to be the most common way to trick users. Today’s malicious emails are cleverly crafted to look like messages from trusted senders. Avoid opening unsolicited emails, especially those containing a link to click on, or asking you to open an attached file. These may contain malicious instructions to re-direct you to a harmful website, or contain malicious instructions within the file that install ransomware (encrypting your computer, and asking you to pay a ransom to decrypt your system).
If it’s too good to be true, it most likely is: Email that arrives in your inbox carrying the announcement of an enticing offer for free stuff is most likely not genuine. It’s usually spam so delete the message without opening it. Remember this general rule of thumb: Your trusted service providers – whether it be your bank, your utility service providers, the government, Apple, Google, Symantec or others - will not send you unsolicited email asking you to take an action by clicking on a link. Rinse, wash, repeat.