In 2023, cybersecurity is as important as ever. Whilst the challenges today are similar to what they were a few years ago, they are also far more complex, and on a much bigger scale.
The last time we checked this was in 2018. Times were a bit simpler back then for many reasons. This includes cybersecurity. Yet, today we face many of the same issues. For example, the fact that we are still relying on basic passwords that we continue to struggle to remember is not good. Especially when hackers can crack basic passwords in seconds these days.
Yes, hackers do advance their abilities at an incredible pace, and whilst, there’s no 100% sure safety measure, we shouldn’t just completely give up. On the contrary, we should be a bit more vigilant. So, let’s check 12 tips to keep yourself safe in the digital age and how they update for 2023.
This one is obvious, yet the most neglected. Don’t use simple passwords like 12345, and don’t use one password for multiple accounts. While it sounds crazy, 123456 and the related ones like qwerty and so on, are still dominating the lists for most common passwords. Don’t write down or store passwords in a plain text file. Instead, opt for a password manager program. If you don’t want to use a password manager, then at least create better passwords. Also, create stronger passwords. Incorporate LowEr and UppER case variations, numb3rs, speci@l symbols. A P@Zsw0Rd like that is far better than a regular password. And use different passwords for your accounts. If a hacker discovers one password of a user, usually they quickly try it for all known accounts of said user.
Don’t download or open attachments in emails and other messages from people you don’t know. Despite being in the age of social media and chat apps, email is still the primary way for hackers to get easy access to their potential victims. Especially if they are going after business users. A simple email with a potential “offer” or “payment request” can contain a file which has malware in it. Yes, you’re supposed to have antivirus software to check, but these days malware is very clever and there are plenty of ways to circumvent the scans. Also, another popular option is email spoofing, ie. appearing like it’s being sent by someone other than the original source, for example, a friend or a popular brand. If you receive an attachment from someone you know, but you’re not expecting one, or the email text is not typical to their style, ask that person if it was them, before opening the file. They may have been hacked.
Never share your password with anyone. One common practice for hackers is to set up phony emails or spoof sites claiming that there’s an issue with your account and you need to enter or send your password to verify it’s you. This is a classic phishing campaign technique. Legitimate companies and services would never ask for your password or PIN via email, text or other means. If you are suspicious when a familiar company or a bank sends you something like that, don’t click on the link in the email. Instead, open a new browser window or a tab and type the domain of the site by hand and log in to your profile, as usual, to see if there are issues. Or contact the company via its official support page and ask for verification that they indeed sent the email. This is one of the tips that remains unchanged but still neglected as the goal is to instil fear in the person to act fast and neglect the obvious inconsistencies.
Always check if a website is secure before you enter any account or bank card details. Look for “https” at the start of the web address and the green padlock or unbroken key icon at the top of the page next to the address bar. Nowadays Google is severely punishing websites which aren’t using an encrypted connection. Even smartphones and other apps are required to use a secure connection in order to be allowed on major app stores. Of course, not all apps and sites follow this requirement completely. Some are still allowing the transfer of images and other seemingly harmless data via an unencrypted connection. The big players though are slowly closing that door, too. Modern browsers are also much better at notifying users if their connection isn’t secure or if there’s an issue with the site’s certificate. If you get such a warning, don’t dismiss it quickly, but read it and it’s best to heed it.
Enable two-factor authentication (2FA) for the services which offer it as a feature. Major social media and online service providers already have such features and they are free. These measures can be annoying to set up, but they add a much-needed extra layer of security. Again, it’s not a complete 100% guarantee of safety, but it’s a lot better and will defer most attempts. There are various options, too. The most common one is to simply get an SMS code to enter after your password. Often, this one is regarded as the least secure form of 2FA as hackers could intercept the SMS or spoof the number. Other options are to use a predefined and secured device as the second layer of confirmation. Or an app like Google Authenticator. For systems which require even stricter security, the additional layer could be a special hardware key which is stored on a flash drive. We are also close to the age of passwordless 2FA where instead of classic passwords, users rely on encrypted keys that their devices exchange.
6. Monitor activity
Keep regular track of your bank statements and event log in details and active sessions on your email and social media profiles. The data will show you any unusual activity or if some unknown device has accessed the account. Each of your profiles on social media, most email platforms and all online banking services keep a log of the devices and IP addresses that were used to log into the account. So, check them out on a regular basis and if you discover an unfamiliar device or IP address that’s out of the usual ones, that’s a big red flag that someone accessed that profile. Of course, if you use a lot of different devices and networks, that could be confusing, but overall, each user has a pattern and it’s easy to spot the odd one. This is not a sure guarantee that no one has accessed your account, as hackers could spoof that too, delete it, or simply remote access it via your compromised device and network.
Never use public WiFi or public computers to access your online banking, email, or even your social media profiles. This would go without saying, but it’s still a very unfollowed piece of advice. Yes, it’s tempting to use public WiFi at the airport or concert hall, and you could use it to watch a video or surf basic websites. If you absolutely must access something more important, then do that only via a VPN connection. While there are plenty of free VPN services out there, it’s best to use a company VPN or a paid service as they have better overall protection. They also offer additional features and services.
Pay attention to what permissions a mobile app wants when you install it. A weather app, for example, shouldn’t need access to your contact data. These days Android and iOS are far better at giving users a proper explanation and view of what permissions each app has. Even better, the platforms automatically revoke the permissions if the app hasn’t been used after a certain period, usually a month. With that said, you should still be mindful while you install the apps in the first place. Sometimes we just want to start using the app and we skip through the setup but consider just how much private and possibly company data you have on your phone. Those extra few seconds you spend on reading the app permissions before the installation could really save you a lot of headaches.
9. Lock it
Set up a lock screen on your mobile device with a PIN or a fingerprint. It’s much more secure than a pattern or worse, no lock screen at all. These days facial recognition is also quite popular. Overall though, it’s not as secure as the fingerprint. Most new phones actually now demand the user to set up at least a PIN to access the device. It’s a simple way which can be very beneficial and will stop unwanted access to your device from “friends” or anyone who is in physical possession of your device.
10. Be mysterious
Avoid sharing too much personal information on social media. The data can be used by hackers for ID theft or phishing scams in order to lure you into a digital trap. In fact, this may just be the most crucial tip for 2023. Thanks to the rise of artificial intelligence and the so-called deep fake videos, these days it’s possible to take just a few images of a person and to use them to create completely fake, but still very realistic, videos of that person. With enough effort, it’s also possible to fake their voice, too. This approach is already used for identity theft and to trick companies to redirect payments for regular clients to a “new” account.
11. There’s no such thing as a free lunch!
Avoid common online scams like “Free gift if you do our survey!” or “Congratulations, you’ve won!” and the like. All they want is your data. It seems obvious, but a lot of Internet users are still hungry for that good deal. The pandemic drove online shopping up to historic heights, and a lot of people who had never done this before started using online shopping on a regular basis thanks to that period, but they weren’t used to some of the realities of this service. The main one being if a deal is too good to be true, it most likely has a “hidden” cost which sometimes can be indirect, but still high.
12. Of course, keep your software as up-to-date as possible
This is an obvious one, but an old survey by Skype shows that about 40% of consumers don’t update their software when they are prompted to. Another research from the University of Edinburgh and Indiana University showed that almost half of the consumers experience issues or frustrations when updating. Still, the price is weaker cyber security, so it’s up to you. We’d always recommend you to update your software and devices on a regular basis.
If you have a business and want to do your best to protect it, consider a free consultation with Neterra! For 27 years, the company has been providing enterprises globally with excellent backup services, ransomware and DDoS attacks protection, secure, fast and dedicated connectivity, cloud solutions and dedicated servers in European carrier-neutral data centers.