We’re living more of our lives in the digital world. Everything from banking to medical appointments, and gaming to streaming can be done online today. That makes life much easier for us all. But it also exposes us to the risk of data theft, identity fraud, extortion and account compromise.
It could even create problems for employers if personal devices and home networks are hacked to access corporate data and systems.
One security vendor claims to have blocked 161 billion cyber-threats for its customers last year alone, up 10% from 2022. Even this is likely to be just the tip of the iceberg. To protect our digital lives, we should consider the following six best practices.
Six Best Practices to Protect Your Digital Life
Tackle Social Engineering Risks
Phishing, smishing and vishing are among the most successful ways threat actors can covertly install malware, or trick us into handing over personal information and/or log-ins to high-value accounts.
They often create a sense of urgency to rush us into risky decisions and use legitimate phone numbers, domains and logos to deceive us.
Yet with effective anti-malware on all our devices and machines, we can filter out as many phishing emails as possible. Also consider the following:
- Multi-factor authentication (MFA) on accounts to mitigate the threat of stolen credentials
- Be cautious of any unsolicited message or phone call. Never click on links or open attachments in these messages, and never hand over personal/financial info over the phone
- Check for grammatical mistakes in messages
- Hover the cursor over the sender domain to check if it’s legitimate
- Double check urgent messages direct with the purported sender, rather than replying to the email/text
Stay Safe on Social Media
Social media is a hotbed of scams, phishing messages and malicious ads – sometimes sent from legitimate but hacked accounts.
Oversharing is also a risk, threat actors are primed and ready to harvest personal information from social media posts to unlock accounts and commit identity fraud.
All of which means users need to keep their wits about them on their favorite social platforms. As a first port of call, they should be mindful of what they post, and use strong passwords/MFA on all accounts.
“Engaging with unfamiliar accounts or accepting friend requests from unknown individuals can expose users to risks, including malware, scams, or catfishing attempts,” Cyber Security Units founder, Lisa Ventura, told Infosecurity.
“You should regularly review followers, and permissions granted to third-party apps, and stay up to date about platform-specific safety tools. That way, social media users can maintain greater control over their online presence and security.”
Keep Your Kids Safe Online
Parents are understandably anxious about their children’s internet browsing habits. From inappropriate content and cyber-bullying to online predators, identity theft and sextortion, there seem to be threats lurking around every corner.
Trend Micro UK & Ireland technical director, Bharat Mistry, told Infosecurity that “parents must take charge” to keep kids safe online.
“Start by talking openly about online dangers like cyber-bullying and predators. Set firm rules on screen time and app usage, and activate parental controls to block harmful content,” he continued.
“Monitor their activity regularly while building trust, so they come to you with concerns. Teach them the power of strong passwords and the danger of sharing personal information. Stay involved – your guidance is their best defense in the digital world.”
Protect All Devices
Mobile devices and laptops are our primary portal into the digital world. But they’re also more likely to be unpatched and under-protected than desktop PCs.
We’re also more likely to use them while distracted, which can play into the hands of scammers and phishing actors. Apps are an area of risk if they contain hidden malware. It’s claimed the average smartphone user has 40 separate apps installed.
It’s also worth bearing in mind that, with tens of millions of Americans now working remotely, a mobile-related breach could quickly become a workplace problem.
Hackers can target our devices to steal data and log-ins, hold our device and data to ransom, enroll us in premium rate services, or make money from flooding the device with adware.
Device owners should therefore ensure they:
- Only download apps from legitimate sources
- Install anti-malware and app scanning tools on every laptop and mobile device
- Always keep their devices and apps updated
- Never log-in to high-value accounts when on public Wi-Fi
- Remember their phishing awareness training
- Use MFA and strong passwords on all accounts
Keep Passwords Under Lock and Key
Passwords are the key that unlocks everything from our emails and banking/crypto accounts to ride sharing, streaming and social media.
There’s a healthy underground trade in these credentials, which are then used to hijack accounts and carry out identity fraud.
They are stolen direct from users via phishing attacks, breached en masse from businesses, and sometimes obtained via automated “brute force” attacks. It doesn’t help that many of the world’s most commonly used passwords are easy to guess.
With so many stolen login combos circulating on the dark web, users must take action by:
- Using strong, unique passwords for all accounts and storing in a password manager
- Switching on MFA for all accounts
- Potentially enrolling in an identity management service, which trawls the dark web for exposed credentials
- Immediately changing their passwords if notified that one was in a breach
Protect the Smart Home
From smart TVs to connected fridges, the modern home is jam-packed with intelligent devices. But if they’re internet connected, they can also be reached by hackers – who might hijack devices to conscript them into botnets that can be used to launch attacks on others.
"Change the default password on your wi-fi router and all of your smart home devices, if possible.”Paul Bischoff, Comparitech privacy advocate
They might also be able to pivot from smart endpoints to email, social media and other online accounts accessed from home networks. Or they could access data streams to eavesdrop via security cameras, which could present a physical security risk.
The key is to ensure smart home devices are always updated and protected with strong, unique passwords and/or MFA. Also disable port forwarding or UPnP and ensure all devices are isolated on a guest network.
"Change the default password on your wi-fi router and all of your smart home devices, if possible,” Comparitech privacy advocate, Paul Bischoff, told Infosecurity. “If you can set up a VPN on your router, then you can route smart device connections through the VPN, thereby protecting your home from direct attack. Also, disconnect any smart home devices that you don't use."
Conclusion
Stay Alert, All the Time
While cyber-criminals have a set of tried-and-tested techniques to get what they want, the threat landscape is also in constant flux. A healthy interest in the darker side of digital will help to ensure that when those threat actor tactics techniques procedures (TTPs) change, it won’t come as a surprise. Artificial intelligence (AI) in particular is one to watch. It will certainly make it easier for criminals to launch convincing phishing and other attacks.
Above all, one of the most powerful things we can do is to know when it’s best not to use the internet at all.
“I also always caution parents about sharing photos of their children or ‘back to school’ photos of them, and caution people about sharing if they are away on holiday, if their profiles are public facing,” concluded Cyber Security Unity’s Ventura. “Think before you share is a good mantra to have."