Tips for personal security
Tips for personal security section aims to raise awareness on general security issues to reduce the levels of attacks and also to reduce vulnerability by taking some personal security precautions. Therefore, it provides guidelines and practical advice on safety, security, and protection to individuals and organisations.
- Awareness andpersonal digital hygiene
Since people’s interaction with the digital world has increased, and cyber risks and threats are omnipresent, improved cybersecurity has become a necessity for all individuals and organisations upon the digital networks. These bring the awareness and personal digital hygiene tips -which are based on Bamrungchok’s (n.d.) digital hygiene guide- and encourage all actors to perform routine-based digital practices to minimise their encounter with cyber risks.
These digital hygiene tips include:
- The use of strong and frequently changed passwords.
- Use of Anti-Virus Protection & Firewall.
- Keeping software and all applications up to date.
- Regular backups of all files.
- Keeping internet connection protected by using safe browsers and HTTPS connections whenever possible.
- Being proactive and aware of phishing attempts/ransomware attacks.
- Encrypting the internet activity to protect your data.
- Digital and data detox for enhancing your digital well-being.
- The use of Two-Factor Authentication (TFA), Multi-Factor Authentication (MFA) and Third-Party Authenticator (TPA) Practices
TestMatick (2018) & Cipher (n.d.) supported that such authenticator services add additional layers of security and protection to the standard password method of online identification. Through the utilisation of a Two-Factor Authentication, an internet user gains an additional method of authentication such as a Personal Identification Code, another password, or even fingerprint. With Multi-Factor Authentication (MFA), internet users enter more than two additional authentication methods after entering their username and password. A Third-Party Authenticator application enables two-factor authentication, usually by generating a random code on a different device and/or service (e.g., on smartphone or email account), which users are prompted to subsequently add on the website they attempt to gain access to. All these platforms provide authentication and identification to users, by using their media accounts.
- Password policies
Password policies set and design rules to enhance security awareness, computer security, as well as encourage users to employ strong passwords and use them properly. Jithukrishnan (2022) presents some key points of those rules:
- Use of long passwords.
- Do not reuse the same passwords everywhere.
- Do not use personal info.
- Passwords should be changed regularly.
- Check passwords against a list of commonly used, expected, or compromised passwords.
- Never text or email passwords.
- Implement MFA as an extra layer of security.
- Use a password manager for creating strong passwords based on best security practices and storing them securely.
- Remote workforce/ Learn how to gain personal security at home/ Stay safe while working from home
- Encourage all remote employees to use separate login credentials for personal and professional accounts.
- Prompt remote workers to secure their home Wi-Fi routers and networks, because many popular routers come with easily discovered administrator credentials and should be updated for stronger security.
- Prompt remote workers to report any potential risks such as a misplaced device or suspicious emails and other communications.
- Communicate regularly with staff who work from home to share best practices, emerging risks, and other relevant updates.
- Utilise Virtual Private Networks (VPNs)when accessing company applications and data. A virtual private network adds a layer of security when accessing corporate systems from outside the office.
- Establish the utilisation of encryption of data to help your organisation ensure that their information is always protected, even when moving beyond the corporate network.
- E-mail protection (what to look for, what to avoid)
- Use a spam filter.
- Create a spam folder and drag emails that might be spams.
- Don’t open emails or open attachments from a person or a company you don’t know or trust. Instead, report the message as spam.
- Avoid sending any sensitive information such as passwords, bank account numbers, social security numbers, over email.
- Avoid replying to or clicking on links inside spam emails.
- Use antivirus software.
- Be cautious when connecting to public and open Wi-Fi networks.
- Keep passwords secure.
- Security solutions and services/ Web protection
- Internet of Things (IoT) security is a network of connected devices, each with a unique identifier that automatically collects and exchanges data over a network. It helps gain visibility and apply security controls to the growing network of IoT devices, which are increasingly used for mission-critical applications and storing of sensitive data yet are often unsecured by design.
- Cloud security is a set of technologies and strategies that can help an organization protect cloud-based data, applications, and infrastructure, and comply with standards and regulations. It helps gain control over complex public, private, and hybrid cloud environments, by detecting security misconfigurations and vulnerabilities, and helping to remediate them.
- Web Application Firewall (WAF): WAF is a policies-based filter located in front of a web application and audits the HTTP/S traffic moving between the Internet and the application which attempts to detect and prevent malicious threats and activities.
- API Security: Application programming interfaces (APIs) enable communication between different applications. API security solutions help protect APIs and prevent exploitations of transmissions or vulnerabilities. Since this process allows a person to transfer information between services and applications, it is highly vulnerable to interceptions.
- DDoS Protection: DDoS protection can help prevent disruptions during DoS and DDoS attacks.
- Software Composition Analysis (SCA) solutions: SCA analyses the open-source components of your application. After the SCA identifies open-source software, the tool provides information about each library, including licensing information and data on detected security vulnerabilities. Enterprise versions of SCA often provide additional capabilities, such as automated policies.
- Social engineers manipulate human feelings, such as curiosity or fear, to carry out schemes and draw victims into their traps. Therefore, be wary whenever you feel alarmed by an email or attracted to an offer that ‘seems too good to be true’ displayed on a website. Being alert can help you protect yourself against most social engineering attacks taking place in the digital realm.
General prevention tips:
- Do not click on suspicious links.
- Back up the data regularly on an external storage device or online service.
- Use strong passwords for all logins.
- Use file extensions to detect dubious files.
- Practise good digital hygiene.
- Use anti-virus protection and anti-spyware software.
- Use of secure authentication methods such as TPA, TFA, MFA.
- Keep software and security updated.
- Control access to systems such as firewall installation, intrusion detection system (IDS) and intrusion prevention system (IPS).
- Adopt the principle of least-privilege by limiting privileges to the minimum necessary to perform a job or task, or limit the number of possible entryways by restricting application privileges on any devices.
- Implement email security and spam protection by setting spam filters to reduce unwanted emails.
- Monitor for suspicious activity by investigating unusual actions promptly.
- Educate the users: share awareness of common attacks, trends, and best practices on cybersecurity, encourage users to report unusual system behaviour.
- Avoid opening emails and attachments from suspicious sources.
- Use multi-factor authenticator.
- Be wary of tempting offers.
- Keep antivirus/software up to date.
