Left and right you hear about digital misery. Cyber ​​attacks on companies are the order of the day, further fueled by the conflict in Ukraine. In addition to criminals who want to get a low-threshold loot, we also see an increase in the number of attacks by state actors.

“State-who?!”

Governments. I also don’t really know why such an unnecessarily complicated term is used for this ‘in the profession’.

Anyway. Time for a bit of brutal truth: the biggest possible cause of a cyber attack on your company is probably you.

“Whoa, whoa! Are you saying I do all sorts of shady things on my work devices?” Not quite. What I mean is this:

Let’s be honest: it can happen to anyone. So forewarned is forearmed. And forearmed, armed with foreknowledge, may even count for three. So in the rest of this blog I’m going to give you some tips that will help you arm yourself a bit better against fraudulent emails and shaky websites. Will you join me?

1. Install a password manager

You probably know that it is unwise to use the same password everywhere. But creating and remembering a separate password for every program and website you use is of course not feasible. That is what password managers are for.

A password manager is a kind of vault for all your passwords. Basically, you need one master password to access the rest of your login details. Quite practical; this way you only have to remember one password instead of 73 different ones. You have to set everything up, but after that, such a program really makes your life a lot easier. Examples of commonly used, good password managers are LastPass (free, with premium options), Bitwarden (free, with premium options) and 1Password ($36 per year for personal use).

2. Use Multi-Factor Authentication (MFA)‘

You know how it is: you log in with your password, you have to grab your phone all the way to approve the login by pressing a notification. Or, even worse: to enter a complete code . Super annoying. That. That’s MFA.

MFA assumes that a password alone is no longer enough. When logging in, you must therefore use a combination of at least two of the three points below:

• Something you know , such as your password.
• Something you have, for example your email address to which a login code is sent
• Something you are, like a fingerprint to unlock your phone and tap that notification

The idea behind it is that every factor used makes it one step harder for cybercriminals to steal accounts. More and more websites and apps are using it and sometimes even requiring it. Annoying, entering such a code every time, but safe.

3. Invest in good security software…

There is quite a bit of software out there to help you keep your devices safe, such as virus scanners, backup services and VPNs. And then there are paid and free versions, which all have their own functionality package. I can imagine that sometimes you can’t see the software trees for the digital forest. It is not possible to go into your options in detail, but I can tell you what you want to look for when choosing your security software:

• What is the software’s specialization?
  • Every security software has a focus on what they offer. For example, Norton is a company with roots in antivirus software (although their services have expanded). And then NordVPN is a company that specializes in keeping all your online activities safe and private. Choose what you need for your situation.
• Price/quality/quantity
  • Many security software offers packages with licenses for multiple devices (for example 5 devices). If you have a PC and two laptops, for example, this is wise because you can protect all your devices with one subscription. But there are also software packages where you pay per license. Consider what is most advantageous for your composition of devices.
• Compare the features
  • Once you have a shortlist of security software choices with a satisfied smile, it is time to really start comparing. Check carefully what exactly you are paying for. For example, “Smart Home Protection” sounds super interesting, but if you do not have smart lights or a refrigerator, it is of little use to you. Also, some software packages offer a built-in password manager (see tip 1!) and others do not. Compare carefully.
    

And once you have chosen a package, you are not there yet. It is important to keep track of everything.

4. …and keep this (and your other) software up to date

There are also plenty of examples of hacks and data leaks that were caused by holes in software and not by human action. That is why it is important to regularly update all the software you use. Vulnerabilities are constantly being discovered in operating systems (such as Windows), browsers and practically all software. Sometimes they are fixed before someone can abuse them, sometimes not. Do you want to be sure that you are as well protected as possible? Then make sure that you always install the latest updates. The easiest thing to do is to simply check “Automatically Update” for your programs.

5. Recognize suspicious emails and websites

Let’s get back to that picture above. Because all the tips mentioned won’t help you out of the fire if you still click on that link in the email and enter your password on a fake site. (With the exception of 2FA, right? That’s exactly what it’s for.)

To check whether the link in your email or the website you are on is legitimate, there are a few things you can do:

• Pay attention to the URL, spelling mistakes and design
  First, take a good look at the web address of the site you are on. Is it correct?
• Check that you have a secure HTTPS connection to the site.
  This ensures that all traffic between you and the website is encrypted. You can check this by looking for the padlock in the address bar next to the website address. No padlock? Open padlock? Then be 
  super careful with what you do on the site.
• Run the website through a Safety Checker.
  If you have any doubts based on the above, there are two additional things you can do. For example, there are online tools to check whether a website is safe. For example, Google has 
  a search function for the safety status of websites that tells you whether or not it is dangerous to visit a website. For a similar, more extensive check with more detailed information, you can go to 
  URLvoid .
• Research the company’s social media presence
  A final, effective way to check the legitimacy of a (company) website is to look up the company on social media. For example, look at a company’s Facebook or LinkedIn page. Does it look legitimate? How many people work there? Do those pages even exist?

If you compare the above, you should be able to form a fairly complete picture of how legitimate a website is. You can estimate for yourself how much danger you are running. And oh yes, I would write something about recognizing email, but this piece is now too big.