Picture this: You’re at your computer, working, and suddenly you receive a message from your manager or CEO: “I need you to buy 100 Amazon gift cards for a very unique customer. I’m in a meeting and can’t do it; please take care of it ASAP.”
We’ve seen a lot of these. But we’ve also done a lot of cybersecurity training at Deel, so we know that this is a classic example of a phishing attempt trying to instill a sense of urgency and get you to act fast, falling victim to cybercrime.
We know that contractors usually don’t have access to robust security systems like full-time employees. You can’t always reach out to an IT security expert for advice or pay for expensive tools to keep your data protected.
What CAN you do then, as an individual, to make sure you’re safe from leaks, hacks, and phishing attacks as much as possible?
We asked one of our own: Albert Didi, Deel’s Information Security Director. Here’s what he recommends.
Keep your system updated
If you regularly install system security updates as they become available, you will dramatically reduce your attack surface.
Software developers continuously identify and fix vulnerabilities in their products, but cybercriminals are doing something similar: they’re always on the lookout for unpatched systems they can exploit.
Security updates are designed to address these vulnerabilities and make it harder for attackers to break into your system.
Use multi-factor authentication (MFA)
Whenever you can, set up multi-factor authentication for any tools and platforms you need to log into, including your social media accounts. This extra security layer that goes beyond your password reduces risk of unauthorized access even if someone steals your password—they still won’t be able to access your accounts without a code sent to your smartphone, your fingerprint, etc.
While better than just a password, SMS-based MFA still has vulnerabilities. The best choices include, for example, authenticator apps like Google Authenticator.
Don’t reuse your passwords
People have the habit of reusing passwords because it’s nearly impossible to remember different passwords for every single tool we use every day.
However, that’s an unsecure practice as hackers instantly gain access to all your accounts if they steal a single password.
For example, if you have an account on a social media service and there’s a huge data breach with passwords leaked, hackers will take your email address and password and try them for other services, too. Even if you’re using slightly different passwords (like abcd with exclamation mark for your Instagram password and question mark for Facebook), you’re stil at risk.
Use anti-malware software
Install anti-malware software on your devices and keep it updated.
You can start with the most basic one that’s already provided with your operating system, like Windows Defender. Enable it to provide real-time protection and frequently check if it’s up to date.
Keep offline backups for all important data
Create an offline backup that doesn’t exist in any place that’s accessible from the internet. This way, you can at least recover your work in case you fall victim to a cyberattack and hackers corrupt your data, making it impossible for you to access it.
Individuals may do well with keep their data in a dedicated Gmail account with completely different credentials that you don’t use anywhere else and that no one else knows.
However, an offline backup is ideal. G-drive is NOT an offline backup, but an external hard drive or a USB is.
Learn how to recognize phishing attempts
As we mentioned before, the main tactic phishing emails use to get you to click is trying to cause a sense of urgency. The hackers’ goal is to make you not think twice about the situation. Here’s an example:
You receive an email that there’s been unusual behavior on your credit card. The email urges you to click and see, so you’re likely to do it because you don’t want to lose money. So, you will act fast without thinking about it properly.
If you identify any motive related to urgency, think twice. Do against your instinct, which will tell you click on it right away.
The second step is to verify through another channel. So, if you receive a message, email, or even a phone call from your bank, never give them your credit card details or click any links, but call the bank directly. If you receive a text message from your boss telling you to complete a transaction because they’re in a meeting and it’s urgent, use Slack or call their number directly to verify.
Have you already been implementing some of these security measures? What else do you do to protect your devices from cyber-attacks? Share your experience in the comments below!