Light Dark
October 31, 2016 By Lucie Hys 4 min read
Intelligence & Analytics

October has flown by! National Cyber Security Awareness Month (NCSAM) may soon be over, but these cybersecurity tips are evergreen. (As are the NCSAM lessons we passed on in weeks one, two and three.) Here are 10 more cybersecurity rules people should follow — but often don’t!

1. Sharing Is Caring. Unless It Is Oversharing.

Name of your dog, favorite band, favorite color — can the answers to common security questions be found on your social networks?

2. Know What Mobile Apps Are Safe to Download

Download mobile apps only from trustworthy sources. Always:

3. Don’t Be Indolent — Create a Login

Using your social media account or email to log in to the third-party sites? Know that if you log in to third-party site with a social account, your data can be shared between that social network and the third-party app.

4. Not Only Lights Should Be Off When Leaving the House

Turning off your Wi-Fi and Bluetooth may save you not only battery, but also a lot of trouble. Make this a habit:

5. Keep Your Money Safe

FICO reported that ATM compromises in the U.S. jumped sixfold in 2015. Fraudsters like to target places that are unattended, such as ATMs, gas stations, etc. Take precautions to decrease your risk of becoming the victim of credit card fraud and remember:

6. Encrypt Your Data

By encrypting, you are essentially converting data into a code to prevent unauthorized access. While encrypting an entire drive is safer, an average user should at least encrypt the files that are sensitive. Ask yourself following questions:

Plus a pro tip from @0DDJ0BB: “Encoding nor hashing is the same as encrypting. [It’s] important to understand the differences.”

7. Reusing Passwords Is a Big No-No

It’s hard to keep track of different passwords, but that’s what a password manager is for. You shouldn’t be reusing passwords, period. It’s especially true in this case:

8. Cloud Gets Hacked Too

Many people think that whatever they have stored in the cloud is automatically protected and can’t be seen by others. Not true: Cloud services get hacked, too. Uploading files into the cloud essentially equals storing them on someone’s computer. If you intend to store data in the cloud that should never hit the spotlight, make sure to do this first:

9. Recognize Phishing Emails

Phishing emails are becoming more sophisticated. Question all emails, even those that appear to be from people you know.

10. Remember Basic Password Hygiene

Heard of choosing passwords that inspire (i.e.,1t1sTim3toCa11M0M)? Neat reminder! Remember basic password hygiene:

A Final Thought on NCSAM Lessons

Are you oversharing on social media? Are you encrypting your sensitive files before uploading to the cloud? How about your significant others, friends and colleagues? You must take steps to answer all of these questions and remediate your behavior when appropriate.

While these tips may seem simple, it’s surprising how many people get scammed. Insiders carried out approximately 60 percent of all attacks in 2016 — in many cases inadvertently — through bad security habits or by falling prey to outside schemes such as phishing attempts.

If you enjoyed these NCSAM lessons, share this post with your community so your friends and co-workers can also stay safe online.

Illustrations by Nathan Salla

 |  | 
Lucie Hys
Product Marketing Manager, IBM Security

More from Intelligence & Analytics
October 30, 2023

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

September 12, 2023

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

September 7, 2023

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature