Security awareness

Security Awareness Tips Infographic

S. O.
August 4, 2015 by
S. O.

Cyber Security Aareness tips-page-001 (1)

[download] CLICK HERE TO DOWNLOAD THE PDF[/download]

Phishing simulations & training

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.

Please include attribution to InfoSecInstitute.com with this graphic.

Share this Image On Your Site

Transcription

Awareness can save you for from being hacked. In spite of all the other counter-measures, cyber security awareness is the only cross-platform solution that a user can apply to every technology that they are using. The use of mobile devices make them the weakest link in the security chain, closely followed by social media applications. Targeting victims through social media has proven to produce great results because the attacker uses a mixture of social engineering and technical skills. What are some tips that can protect you from being hacked?

#1 Public computers that anyone can use should not be trusted at all because they may be infected with malicious software that records any action that you perform, upload uploading it to a distant server.

#2 Always lock your phone when you're not using it. Lock patterns are an easy alternative to passwords but passwords are more secure. Your phone may also have a facial or a digital print recognition feature that you can use.

#3 Never use the same password for multiple accounts, because if a website in which you have one account is gets compromised, a hacker can access every other account you have.

#4 Never share your password with others.

#5 Writing your password on a post-it on your desktop is not a good idea.

#6 Posting information in social media about critical changes or projects can harm you and your company. You can’t control the spread of any information and you don’t want to be the source of any information leak.

#7 If no longer needed, confidential documents with personal information such as social security numbers, credit card numbers, bank account numbers and health records should be destroyed, using the right tools.

#8 Knowing that you are on vacation in another country for two weeks is definitely valuable information that a criminal Facebook "friend" will be happy to get.

#9 Smartphone and tablets can be tracked using your vendor account or a third part application. This step can save your phone when stolen or lost because you can lock it remotely and this makes it harder for hackers to access your data

#10 Always update your devices. This is true for almost every electronic device having a firmware. Even if it’s your fridge notification about an update, please do install it. Many devices do this automatically, but if you’ve turned this option off, you’ll need to download the updates manually.

Why is this important? Because every update in general patches some security flaws that can be used by a hacker to attack and eventually take control of your device.

#11 Some vendors are more reputable about the applications that they offer than others; especially regarding security. But never install an app that you have downloaded or that comes from a non-trusted source. Most vendors verify the authenticity of their products, so they’re much safer.

#12 Before downloading any app or when installing it, please read all the requested permissions. If an app requests access to your personnel personal information or another resource that you are not comfortable with, please don’t install it.

Many applications upload your personal information by your approval without you knowing it; that’s because you didn’t check the permissions that you approved.

#13 Never leave your phone alone in public places. Your personal information is very precious. Even if you believe that your phones are protected by passwords or digital prints, consider that there might be a vulnerability or a security flaw that a hacker can exploit.

#14 Like spam email, SMS (Short Message Service) can be used to ask you about your private information or to call a specific number to receive a gift. So as a rule, please delete every suspected SMS that you receive. If you receive a link, don’t open it. It can redirect you to a faked page requesting your login and password, or a malware.

 #15 Never use a non-protected WI-FI access point. When you do, a hacker can redirect you to a malicious websites and push you to execute a malicious code that can be used to take control of your phone (and yes -there are many frameworks in the security world that make this task easy).

If you are using a public access point (coffee shop, etc.), please don’t use your banking or any other critical accounts, because if the application contains some security flaws, this can lead to leaks of sensitive information.

#16 Rooting your mobile device can be the source of many risks and can also cut off many of the protections built into the official operating system itself. Some Installed applications can profit from your rooted phone to execute low level operations and have access to precious information.

#17 Turn off the Bluetooth when you are not using it. There are many attacks that target mobile devices with an active Bluetooth. When successful, it can access sensitive information or even take a total control of your phone.

#18 We recommend that you never store sensitive data in your phone, such as credit card numbers or passwords, especially in apps that store those information without any encryption or without any password protection (like memo apps).

#19 It may seem excessive, but regularly deleting your navigation history and disabling the automatic password remember function can protect your private life, especially if it’s a home tablet that can be used by family and friends.

#20 Always use a strong mix of numbers and characters when choosing a password. When you do not, you are exposed to many attacks that targets mainly target weak passwords.

#21 Be sure to verify any email or notification asking for your password, because social engineering is a great way to compromise your account.

#22 When you see a post about unbelievable celebrity news, it would be wise that you don’t click, because it can be an attacker trying to attract you to a malicious website. The same goes for free airline tickets or how to get $100,000 without any effort.

#23 In general, social networks notify you when there are changes in to your account but you want to always keep an eye on your account's activity. Any suspicious activity is an alert that your account may be compromised.

#24 Keep an eye on your friend’s activities. If you see any suspicious post or messages, please contact them via phone or text message to check.

See Infosec IQ in action

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

#25 The auto-connect to other devices or networks function should be disabled because an attacker can create a fake device or access point. When your device becomes connected, they will be able to take control of it.

S. O.
S. O.

IT Security Consultant with a proven track record of detecting multiple security vulnerabilities on a variety of popular websites and having successfully accomplished many penetration testing missions internationally. Ruby and Python enthusiastic, music and biography lover, and games and pixel art developer.