The risk of being hacked is real for ordinary PC users, and for a corporate network, the risk of a cyberattack increases significantly. If accounts are not sufficiently protected, personal data such as photos, videos, private messages can be lost, and large corporations, of course, risk to lose transaction account numbers, information about employees and competitors, confidential documents and other materials that can cause huge damage.
Use multi-factor authentication
Perhaps one of the most effective safeguards is multi-factor authentication for all accounts you use. The method involves the use of secondary information, such as, for example, an SMS code or captcha keys, as an addition to the main password.
Thus, even if the password is easy enough, the possibility of someone will instantly recognize the code in SMS or email is negligible, which means that the chance of obtaining personal data by other people is also reduced.
Multi-factor authentication should be used primarily with messenger accounts such as WhatsApp, Facebook, Twitter, Instagram, which contain the largest amount of private information, as well as to any work accounts within the corporate network.
Use reliable DLP systems
The best way to prevent the leakage of confidential information within a company is to use a DLP system (data leak prevention).
Let's consider the activity of DLP systems using the example of SecureTower from Falcongaze - a system that has existed on the market for a long time and has proven itself as a convenient and functional software solution. SecureTower allows you to:
- control the work of corporate computers from the main server;
- track movements on sites, messengers;
- block the sending and printing of important materials;
- calculate the time and quality of work of employees;
- carry out confidential operations only after a request to the management;
- control access to cloud storage;
- view employees' emails, channels and messages of correspondence;
- analyze text, video files, images, recognize speech;
- record audio and video calls, etc.
SecureTower analyzes the degree of data confidentiality and monitors the violation of the rules of security for the use of corporate information, as well as the interaction of employees with each other and unauthorized users.
Set a password manager
Let's talk about passwords. In 2021, you shouldn't use passwords like "1234" even for accounts that are not used or used for spam emails.
All passwords for online accounts must be strong and unique. What is really important is that the password is long, includes a mixture of letters and symbols of different case, and also is not common across platforms. It is especially unsafe to use passwords suitable for social networks and any financial services (online banking, online store account) at the same time.
The best way to avoid the problem of duplicate passwords is to install a password manager program. Such a program generates 100% reliable passwords, moreover, it saves them in its memory, so there is no need to suffer and remember the password every time you log into the system. Some of the most popular password managers on the market are LastPass or KeePass.
Learn to recognize phishing attacks
People who work quickly on a computer, instantly clicking and moving between tabs, run the risk of incurring a cyberattack with their own hands. When windows for new messages, notifications pop up on the desktop, the user's instinctive desire is to open or close the interfering window as quickly as possible. But it’s not worth doing.
The pandemic has contributed to the remote work of millions of corporate employees, and with it the increased number of phishing attacks and fraudulent programs from supposedly cloud systems such as Google Drive.
Fraudulent programs can pretend to be a message from a boss that requires the most urgent response as possible. Absolutely anyone can fall into the trap of such programs, so the main thing is not to click mindlessly, but to look closely at the pop-up windows.
Every online service you use, from Facebook to your work account cloud storage or smartphone, is constantly open to attack. Fortunately, day after day, specialists are fixing bugs in applications and releasing new versions, the main thing is to update them on time.
Start with your smartphone. In the settings, you can check the relevance of the OS, whether an update is available, its date. Usually, most applications update automatically, however, these settings can be adjusted.
When you're done with your phone, update the software on your work PC. It is especially important to keep track of the relevance of updates on corporate computers, because they contain more confidential information.
Use data encryption services
Over the past 5 years, more and more programs have appeared on the market that help encrypt data when sent, as well as data stored on the device. This protection method is very useful, in particular, for online payments, sending confidential data to other services.
Signal and WhatsApp are popular applications when it comes to encrypting messages. Any messages in text, photo and video format, voice messages, audio and video calls are encrypted automatically, in accordance with the factory settings of the services. The disappearing messages feature is also available here. Signal is better than WhatsApp in some respects as it collects less metadata and is not owned by Facebook. If you're having trouble making the switch to Signal completely, WhatsApp at least offers a higher level of protection than other apps.
To encrypt emails, the ProtonMail service is most often used, which in the same way hides data when sending, the program is very popular among companies, because work correspondence passes, mainly, not through instant messengers, but through email services.
Wipe off your digital footprints
The past may one day return in the face of old accounts that are no longer used, but still retain personal information, and can become a powerful weapon in the hands of intruders. Hackers often use data from old accounts and mailboxes to gain access to up-to-date user information.In general, by reducing the amount of unused information online, you can significantly reduce the risk of a cyberattack. The easiest way is to regularly clear your Google search history, however, you can use alternative Google services to delete data.