Security tips to protect your data and devices

30. January, 2020

Technical measures alone cannot provide 100% protection. Our knowledge of possible weak points, coupled with vigilance and healthy mistrust, make a decisive contribution to turning an optimally secured system into a secure system.

Security routines as good New Year resolutions

As the weakest link in the defence against cyber-attacks, we users are particularly likely to be targeted. Whether in case of ransomware attacks, phishing attacks or social engineering – many attack scenarios aim at us opening an infected email, clicking on a damaged link or unintentionally revealing sensitive information in an unconsidered moment.

Our security tips for protecting data and devices help you to stay alert and establish good habits, even when using the Internet on a daily basis:

  • Shut down the computer

After work, close all programs and turn off the computer. Restarting the next morning will give you the opportunity to install updates, and during the time your device is not networked, it will not be vulnerable to attack.

  • Pay attention to changes

Sometimes a successful attack is barely noticeable, e.g. if foreign computer capacities are misused during crypto mining. This results in a drop in performance, increased power consumption, overheating of the devices and a shorter service life. A slowdown of the systems, increased advertising and unfamiliar behaviour can also point to other malware. Please scan devices and systems with up-to-date antivirus software!

  • Restrict the physical access

Prevent physical access to your devices: Set strong passwords and use screen lockout when you leave your computer unattended. Portable devices should also be protected with screen locks – but we recommend that you do not leave these devices unattended. Watch out for prying eyes when accessing or entering private data!

  • Safe disposal of storage media

Simple content deletion is not enough to actually remove all traces and prevent data recovery. It is better to physically destroy hard disks, USB sticks or CDs or, if not possible, to overwrite them several times.

  • Be careful in WLAN

Free WiFi hotspots can save data volume – but they also cost you security. Free WiFi is often unprotected, and passwords and data sent through it can be accessed and misused relatively easily by third-party users. Even password-protected guest networks are no guarantee that your data cannot be read by third parties. Therefore, only use secure connections for accessing and entering private data. Secure your WLAN at home as well, with a (self-defined) password!

  • Use secure connections

When surfing, always make sure you have secure connections and valid certificates. Information about this is displayed in the address bar of the browser. Also check the correct spelling of URLs and company names: phishing sites that try to steal bank data or passwords are often deceptively genuine, and incorrect URLs or domains often provide the decisive clue. Therefore, do not follow links to sites that require personal data, but rather surf directly to services such as your net banking login.

  • Deactivate macros and JavaScript

If possible, prevent JavaScript from running automatically or block JavaScript content from non-confidential sources. Disable macros or use only appropriately signed macros. If a document that was sent to you requests that you enable macros, deny permission if in doubt.

  • Thankfully reject cookies

Check and adapt the settings of your browser if necessary: Just like search engines, they like to collect and store data. Limit this stored data and delete cookies and cache from time to time. If possible, refuse to set cookies while surfing or limit it to functional cookies.

  • Be careful with downloads

Do not download “cracked” programs, key generators or similar from the Internet: These services are not only illegal, but also popular hiding places for malware of all kinds. Be careful even with legal downloads and do not install apps from unknown sources!

  • Avoid links

Avoid networking different services and accounts and use individual user data instead. If an account has been cracked, you can prevent attackers from accessing several accounts at the same time – and thus possibly completely locking you out of your own accounts.

  • Secure password management

Use different, complex passwords for different services and never store them unencrypted on your computer. Enable two-factor authentication (2FA) if possible and use a password manager like KeePass2 or Lastpass. Passwords from data-breaches in combination with various email addresses are regularly tried on other services to crack accounts.

  • Protect personal data

Never disclose personal information on sites that are not trustworthy. Think about what you post on social networking sites, as this information is often used for persuasive phishing attempts. Check the privacy policies of websites, legal notes, and licensing agreements. Harmless services or apps may be securing access or data rights that go far beyond the features of the advertised service.

  • Information & Awareness

Keep the possibilities and means of fraud attempts (phishing campaigns, CEO fraud, social engineering…) in mind and keep yourself regularly informed about current threats and malware campaigns. This is also the safest way to satisfy curiosity about “fantastic videos” or the alleged “last reminder” in the attachment, which so often helps fraud attempts to succeed.

  • Create backups

Current threats such as ransomware earn money by encrypting or blocking the data of their victims and only releasing it again against (bitcoin) payments. An up-to-date backup of all important data, which is kept separate from the computer and therefore cannot be encrypted, makes it invulnerable to these dangers. But even in the event of a different type of virus attack, a backup helps to disinfect the system without losing data.

  • Consult specialists

In case of uncertainties, it is always worth consulting a specialist – the company’s IT department or IKARUS Support. As soon as an email or behavior on the PC appears suspicious, we recommend documenting the anomalies if possible and obtaining a professional opinion. In this way, possible attacks can be prevented or infections that have already occurred can be quickly contained before they can spread further and cause greater damage.

Red Teams, Blue Teams, Purple Teaming

Living Off the Land attacks

MSSP of the Year 2024

SIEM

What is a SIEM?

Nozomi Guardian Air
HarfangLab Guard
MITRE ATT&CK Framework
v.l.n.r.: Joe Pichlmayr (CEO IKARUS) – Anouck Teiller (CSO HarfangLab) –Alexander van der Bellen (Bundespräsident Österreich) - Frédéric Joureau (Erster Botschaftsrat der französischen Botschaft in Wien) – Christian Fritz (COO IKARUS)
EDR
Cyber Kill Chain
Business Email Compromise
Prognosen für die zehn größten Cybersecurity-Bedrohungen für 2030
E-Mail Verschlüsselung
Schritt für Schritt zum Notfallplan für IT-Security-Incidents
Account Management
Bedrohung

WE ARE LOOKING FORWARD TO HEARING FROM YOU!

IKARUS Security Software GmbH Blechturmgasse 11
1050 Vienna

Phone: +43 1 58995-0
Sales Hotline:
+43 1 58995-500
sales@ikarus.at

SUPPORT HOTLINE

Support hotline:
+43 1 58995-400
support@ikarus.at

Support hours:
Mon – Thu: 8am – 5pm
Fri: 8am – 3pm
24/7 support by arrangement

Remote maintenance software:
AnyDesk Download