Jason Hong

This List of Security Tips Goes to Eleven

By Jason Hong • October 03, 2013
Categories: Cyber Threats, Passwords, Risk Management, Smartphone, Social Engineering, Social Networks

If you’re looking for a short list of tips to share with your employees this has one more than the David Letterman top 10 list.  These short and simple tips demonstrate things you should absolutely, never, ever, ever do when using your computer.

1. Don’t install any software you weren’t expecting to install. There are lots of fake anti-virus scares out there that will try to trick you into installing malware on your computer. A simple heuristic here is: if you weren’t expecting to install any software, then don’t install it.

2. If you are browsing the web and are asked to install a new video codec, don’t click on anything that will install new software. There are also lots of fake videos out there that will try to trick you into “upgrading” your software, which ends up installing malware on your computer. Again, if you weren’t expecting to install any software, then don’t install it.

3. Don’t download and install software that come from email attachments. If you ever get an attachment from email, make sure it is not a file you can run, like an .exe file. Bad guys like sending fake emails with attachments that can harm your computer. No, your bank will not send you anti-virus software or toolbars over email. Don’t fall for these kinds of scams.

4. Don’t share your passwords.

Scenarios you might relate too . . .

 

  • You recently starting dating someone, and want to share your passwords with them because you really, really trust them. This is a very bad idea.
  • You get an email or a phone call from someone who claims they work in your company, and that they need a password to get some important information. This is a common tactic by bad guys to trick people into sharing sensitive information.
  • You get an unusual email from someone you know asking for a password. Call them and talk to them to verify.

5. Don’t re-use passwords for important accounts. If you re-use passwords across accounts, then if one account is broken, all of them can be broken. Be smart, be safe, and use separate passwords for important accounts, including bank accounts, email, and work accounts.

6. Think twice about unusual emails or status updates from people you know. It’s really easy for a person to create a fake email using the name of your CEO or someone on your board of directors, and then use that fake email account to ask for sensitive documents. Don’t do it.

7. Don’t respond to status updates that are really out of character for a person. These might include, for example, a status update about a video of a party or how they are stuck overseas and need money. These are common scams that bad guys use after they have broken into a person’s account, to trick that person’s friends.

8. Don’t respond to emails or status updates that are (a) from unknown people and (b) try to get you to click on something. Most email scams use similar techniques to get people to click on them, to trick people into installing malware. One common approach is to include information about major sports events or celebrities in the news. Another common approach is to appeal to people’s compassion, by pretending to be a charity aiming to help people affected by a recent disaster. Don’t click on links in these kinds of emails, either use a search engine or type the web address directly into your web browser.

9. Don’t respond to unusual emails from companies asking for sensitive personal information. Companies will not ask for personal information like bank accounts, social security numbers, or passwords over email. They will also not ask you to upgrade your account or install software. Never, ever, ever respond to these kinds of emails.

10. Don’t use your mobile phone to talk about sensitive information in public places. One lawyer once talked on his mobile phone about who in his firm was going to be fired, while on a public train! Be aware of your surroundings, and don’t talk about sensitive information if others can easily hear about you.

11. Don’t post sensitive information about your company, your friends, or yourself on social networking sites. Don’t post information about internal products, sales meetings, and other sensitive information. Don’t post information about your friends’ breakups, drunken photos, use of drugs, or anything else that might embarrass them. And most importantly, don’t post information about hating your boss, being hungover, use of drugs, or anything else that could embarrass you in the future.

 
Wombat helps companies educate users about all of these topics. A list of our training subjects and tools can be found here.
Tags: , , , , ,