Light Dark
October 24, 2016 By Lucie Hys 3 min read
Intelligence & Analytics

Have you become smarter about cybersecurity during National Cyber Security Awareness Month (NCSAM)? Keeping in mind all the cybersecurity tips we shared during week one and week two, here are seven more NCSAM lessons to remember:

1. Be Wary of Attachments

Be wary of an attachment even if it appears to be from a friend or family member. Although an email might look like it came from someone you know, it may have come from a fraudster impersonating that person. Many viruses can spoof the return address. If you weren’t expecting the email, always check with the person who appears to have sent the message to make sure it’s legitimate before opening any attachments.

2. Don’t Compromise Security for Convenience

As you move across the web, you are often prompted to save your passwords. It’s so tempting, isn’t it? Don’t do it! You shouldn’t trust your browser with your passwords.

3. Know the Difference Between Breaking News and a Malicious Hoax

Do not fall for the big news spreading only via email, short message service (SMS) or social networks. If it’s not in the papers, it may be a scam.

4. Nowadays, Even the Walls Have Ears

Did you know your phone can listen to conversations even when it appears to be off? So can your smart TV, Amazon Echo and other smart devices.

5. Internet of Things Devices Hold Valuable Data

Be sure to protect your connected devices. Business Insider predicted that there will be 24 billion IoT devices by 2020, and attacks against them have already started to make the headlines.

Default credentials and outdated firmware are commonly at fault. Failing to change a default username and password on an internet-enabled device is as good as having no password at all.

6. Use Two-Factor Authentication

Small inconveniences in the present can save you big trouble in the future. Though not foolproof, two-factor authentication (2FA) adds an extra step — and an extra layer of security — to your basic login procedure.

7. Do You Have a Big Brother?

The news about Marc Zuckerberg covering his laptop’s microphone and webcam spread around the world. But he is a high-profile target, so why should ordinary folks bother? Think of all the things your devices have seen you do. Cybercriminals can hijack the web cameras, home cameras or baby monitors to spy on whoever is on the other end. Why take the chance?

More NCSAM Lessons?

What other advice would you give to everyday users? If we missed any key NCSAM lessons, let us know on Twitter with hashtag #InfosecTips.

Illustrations by Nathan Salla

 |  | 
Lucie Hys
Product Marketing Manager, IBM Security

More from Intelligence & Analytics
October 30, 2023

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

September 12, 2023

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

September 7, 2023

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature