“Hey, check out this link!”
Is that a .ru domain?
“This will make your computer run so much faster if you do this...”
I’ve never heard of that site before.
“You need to take action now! Go here to help:…”
Why the urgency?
I love discovering the plethora of creative and cool things the Internet has to offer. You can find pretty much anything, which also makes it a double-edged sword. While most of the things you come across will be benign (especially if it is https://technology.gma-cpa.com/), attackers are trying to trick you into taking certain actions.
Even though there’s no way to eliminate all risk when connecting to the internet, here are five ways for you to be shrewd and cautious.
1. Be Purposeful When Exploring
We’re often looking for something specific when searching the web or catching up on the latest updates on various social media platforms. This develops a spiderweb of different sites that we visit.
When following links and browsing sites, be mindful of the destination. Have the following questions in mind when browsing:
- Is this a known organization?
- Does the website look well maintained?
- Do I know and trust the source that gave me the link/address?
If something seems off, leave the site.
Along with the sites we visit, we also want to get apps and media from sites for further enjoyment or a tool to help with tasks.
Enter the #1 rule of internet downloads: Do not download anything you did not seek out.
Don’t click on the pop-ups to download a game or utility. Don’t download the picture that a site prompted you to. Don’t download the spreadsheet with the interesting-looking stats if you were not looking for it.
If a download dialog box pops up and you don’t know why, close it! These tactics are used to entice you to make a certain action.
2. Do Not Ignore Warnings
Browsers and apps will sometimes give warnings about certificate issues, indicating it’s an untrusted site or a variety of other reasons. Don’t ignore these notifications! It means there’s something wrong and could indicate that the site has been compromised. It’s safest to close the site or app immediately.
3. Protect Credentials and Logins
There’s a saying in the cyber security world, “Attackers don’t break in, they log in.” Stolen credentials are the main method attackers use to access networks and services. Protecting your credentials and logins will go a long way in keeping you safe.
First, when logging on to a website, make sure it’s the proper domain. For example, https://login.microsoft.com/ is a proper domain, whereas https://login.microsoft.com.officelogonservice.com/ and https://login.microsofl.com/ are not.
Next, use a password manager and don’t reuse passwords. A password manager will help you create complex passwords that are unique to each account you have. Make sure you protect your password manager with a very strong password.
Most importantly, if the service offers multi-factor authentication (MFA), use it. This greatly increases the security of your account.
4. Use Endpoint Protection Software
Antivirus software is a must. Luckily, Windows Defender comes with Microsoft computers and is one of the most effective antivirus software out there. Macs also have built-in antivirus software. Make sure it’s turned on and actively protecting your computer.
While antivirus protects from known malware and some known methods of infection, anything new or that uses tools native to the computer will sneak by its security. There are products available that offer advanced detection methods and zero-trust models that provide superior protection, such as Watchguard Endpoint Protection Detection and Response (EPDR).
5. Use a Domain Name System Filter Service
Domain Name System (DNS) is used by your computer to find the actual location of the services and sites you connect to. A DNS filtering service can filter out locations known to be malicious, which is a great way to keep your computer from harm.
There are some free options out there that you can use on your personal devices. The free options often lack features needed to operate in a business environment and can break internal applications. For organizations that want to add this layer of protection, there are several products designed to work in these environments, including WatchGuard DNSWatch.
The following are free services available:
- Free Fast and Secure DNS (cloudflare.com)
- Quad9 | A public and free DNS service for better security and privacy
By putting these tips into practice, you’ll keep yourself much safer and protected from the Internet’s endless number of cyber threats—so your online experience is a positive one and you won’t fall for the latest tactics of today’s cyber criminals.
Our Technology Solutions Group includes a team of cyber security experts. We’re happy to meet with you for a cyber security risk assessment of your organization’s IT infrastructure. Or, you can contact us online or call 410.685.5512 with any questions.