If you believe cybercrime is something that only happens to businesses and “other people,” now is a good time to reboot your attitude.
According to a recent Cisco consumer survey in the UAE on the general approach to security in the country, 55% of respondents in the UAE think their personal data is more at risk now than 12 months ago. 63% use their personal phone for work tasks, and 54% use public networks for work tasks. It is safe to say that whilst awareness of making devices more secure is there, we still have a long way to go to comprehend and put into practice what ‘securing’ devices entails.
“As one of the key pillars of the UAE’s digital transformation agenda, the country has put cybersecurity at the heart of its knowledge-driven economy. Today, with the rapid evolution of different kinds of cyber-attacks, raising public awareness of cybersecurity is more important than ever, and it goes hand in hand with the rapid adoption of digitization in the UAE,” said Abdelilah Nejjari, Managing Director for the Gulf Region at Cisco.
Here are 5 steps that can help you stay safe in a world of rising cybercrime.
You’ve heard it before—don’t reuse the same passwords for different sites regardless of the network service provider you use. If you do, you’re making the attacker’s job easier even if your passwords are strong. A hacker could break into a website, steal your username and password, and run those credentials against other websites to get even more of your information.
But, you say, how do I remember dozens of different passwords? A simple solution is to write them down. Don’t write them on a sticky note on your computer monitor. Store them in a digital password manager or record them in a file that you keep in a safe place. That way you don’t have to commit them to memory.
Passwords need to be paired with multi-factor authentication (MFA) to create an effective security control. A password is like a house key. You can use it to lock your door and protect your possessions, but if it falls into the wrong hands you could wind up losing your valuables. That’s because a key—a password—does nothing to validate who comes through your door.
That’s where MFA comes in. It’s an authentication mechanism that grants you access to a website or application only after you successfully present two or more pieces of evidence, such as a PIN number or a device such as a cell phone. Today, most websites allow you to enrol in some form of MFA for better security.
Enabling automatic updates is an easy way to reduce your exposure to cyberattacks and can be done with a few clicks on your Mac or Windows machine. In most cases, this is true for Linux machines too. When a security vulnerability is announced, there’s often a very short window before a cybercriminal cooks up an exploit to take advantage of it. Enabling automatic updates, or patches, ensures your system is always running the latest versions of software.
Be sure to do this not only for your operating system but especially for your browsers (Safari, Chrome, Firefox, Edge, etc.). Most of our internet activity—for work, email, shopping, banking, and so on—is done via browsers on any wireless network. And browsers are a favourite target of cybercriminals.
Phishing scammers rely on your trust when they email you a link or attachment to click on a bad link. Bad actors rely on it when they impersonate a tech support person or IRS agent on the phone to extract information from you. Still, others rely on it when they invite you to fill out a survey in exchange for a $200 gift card. In many of those circumstances, they may intend to catch you off-guard with a sense of urgency. In all these situations, it pays to be sceptical.
The same is true in some situations in the offline world. If you’re out in public or travelling, an attacker can stand near you and scan your RFID-enabled credit cards, eavesdrop on a phone call in which you give your credit card information, or even glean information about you from your baggage tags. In such cases, you can reduce your risk of cyberattack by sharpening your situational awareness and exercising a degree of scepticism about the intentions of people around you.
Often, we don’t ask questions because we’re too trusting or too embarrassed. But asking questions is how we learn and take control. For example, if you don’t know how to set up MFA or how to turn on automatic updates, ask someone who does. It could be a security practitioner at work or a tech-savvy friend or family member.
For security practitioners, a helpful practice is to empower people and peers to ask questions. It’s easy to get impatient and frustrated with those who are less tech-savvy, but it’s precisely this behaviour that makes some users reluctant to speak up. Instead of chastising users for their security faux pas, start the conversation with them and try to tap into their innate curiosity.
These five measures will help reduce your risk of exposure, even at a time when the bad guys are pulling out all the stops to make you a cyberattack statistic.