Ruslan Rakhmetov, Security Vision
In the modern world, where a smartphone replaces a wallet, passport and even an apartment key, cyber threats are becoming not an abstract topic for specialists, but a real problem for everyone. A leaked password from social networks, a phishing letter in your work email, a virus in a food delivery app - all this is no longer science fiction, but an everyday reality. In this article, we will analyze simple ways to protect against cyber incidents (the various types of which we analyzed earlier). Let us remind you that cyber incidents (Cyber Incidents are events that actually occurred in which harm was caused (or could have been caused). Such threats cannot always be detected in time, which means that one can imagine that somewhere on the network there are still many dangers "walking" that have not yet reached anyone or have not had time to cause harm. Such potential dangers - actions, programs or events - are called cyber threats (Cyber Threats), and actions and programs designed to save from damage or minimize it can be classified as cyber defense.
Imagine a dark alley: it might be dangerous, but until you get there, nothing will happen. From a technical perspective, such threats come in many forms. For example, malware circulating on the Internet, hackers who create this malware (here and here), phishing emails sent in bulk, or existing vulnerabilities in older versions of your favorite browsers. Such “dark alleys” are not just a problem for companies and geeks. They are everywhere – on your smartphone, in messengers, even on food delivery sites. But simple precautions can significantly reduce the risk.
If you have a phone, internet, and at least one account, you are already part of the digital world, and you are a potential target. Being protected means being able to think like hackers and act one step ahead. Cybersecurity is a set of technologies, processes, and habits that help protect computers, smartphones, data, accounts, and networks from digital threats. Everyone needs it — not just governments and corporations, but also ordinary people.
Cybersecurity covers several areas. Imagine that you are protecting a house, let's look at the main components of cybersecurity using this example:
- Digital hygiene includes basic principles of being cautious online and using strong passwords with two-factor authentication. This includes not opening the door to strangers and installing a strong lock to protect your home while you are at work or meeting friends.
- Data protection includes encryption and backup and acts as a safe for important papers and documents.
- Device protection includes installing antivirus software, updating software and operating systems, and locking the screen to protect data from outsiders. It's like installing an alarm or an external video surveillance camera.
- Network protection contains router settings, VPN, firewall, which act as a fence and security for a residential complex or office.
- Incident response builds and implements action plans if something happens. It works like a fire alarm and insurance, and from a technical perspective, it is implemented for companies, for example, using SOAR.
Let's look at more examples of how cybersecurity works and how protection tools work in different cases:
- Imagine that you receive a call from a "bank" where the operator asks you to provide the code from the SMS. He is very polite, speaks using terms. But if you called back to the official bank number, they would say that you did not request anything. It was a fraudster posing as an employee and implementing the phishing process, which we discussed here and here. Remember, more than 3 billion phishing emails are sent out on the Internet every day, so anyone can be attacked.
- If you type bank.com in the address bar, but get to a site that looks almost the same, but the address is strange (for example, bank-verify.com or an IP address without a domain name) - your browser does not show the lock icon (HTTPS), and the antivirus may warn about a phishing site.
- When it's hot in the summer and you leave the window open, a thief can break in at night and take away valuables. Such a thief worked like a malware: if you launch a dubious file that was sent to you in a messenger or by email. And if you decide to store food on the balcony, it may seem convenient, because it does not take up space in the apartment. But if you do not hang a lock or close the balcony, any passerby can look in and take it. The same principle works with cloud storage, the security of which we discussed earlier.
- If you notice that the hard drive is working, the Internet is "on fire", the fans are noisy when the computer is inactive, check the task manager, perhaps it shows the activity of processes that you did not launch. The firewall/antivirus records requests to unknown addresses and will help prevent the launch of such processes.
- If you imagine that for convenience you use the same key for the door to your apartment, car, office and dacha - this can be dangerous, because if you lose such a key, someone else can find it and gain access to everything at once. Each service on the network must have its own key (password).
In such examples, which can be cited seemingly endlessly, we can highlight simple rules of conduct that can help protect against cyber threats:
1) Don't let strangers and unknown files get close to you, always double-check the sources of links and calls.
2) Never enter passwords on sites without HTTPS encryption, if the traffic is not protected, it can be intercepted via Wi - Fi or obtained by a man - in - the - middle attack .
3) Configure your firewall to manually allow connections to suspicious sites.
4) Close all the windows, regularly update your system and programs, even if you don’t use them very actively.
5) Check the permissions on your cloud folders, especially if you use them for work purposes.
6) Do not install applications with unnecessary permissions or do not grant them when requested. Even a camera for a beautiful "flashlight" on a smartphone can be dangerous.
7) Monitor your accounts and enable login notifications, update your data periodically (for example, once every 3-9 months).
8) Check your accounts to see if your email, passwords or cards have been compromised (e.g. via Have I Been Pwned, Google Security Checkup).
9) For all important services, create complex and unique passwords, use a manager to store and protect them.
10) Enable two-factor authentication (e.g. via SMS or app), it will help protect you in case of data leakage.
11) Back up your data and ensure encryption on your devices (e.g. BitLocker on Windows or FileVault in MacOS .
12) Don't share unnecessary things on social networks: a photo with a passport and ticket against the background of an airplane window and posts in the style of "We went to the country!" are a real gift for scammers.
13) Be vigilant with geolocation: geotags on photos and unerased metadata will allow you, your home or work to be found outside the cyber world.
14) Set up parental controls on your children's devices, teach them not to trust strangers in games and messengers.
15) Remember, the best defense is vigilance: live online as the Zero Trust methodology dictates Zero Trust).
Cybersecurity is a habit, not a technology, it is a rule of life for absolutely everyone. More often than not, victims of fraudsters are elderly people or children who are called or written on behalf of banks and relatives. Parents need to watch both themselves and their child. Students can lose access to mail and accounts through which diplomas, documents and access to platforms are stored. Freelancers and individual entrepreneurs are responsible for their own financial and business security: if a login from an exchange or a cloud with projects is stolen, there is a direct financial blow.
You can buy the most expensive antivirus and get caught by a banal phishing link. You can install the coolest lock in your apartment, but lose the key or fail to protect other entry points (for example, windows and vents). The best weapon is attentiveness.
But technology is also ready to help, even free solutions like Kaspersky Free or Bitdefender provide basic protection, and a password phrase like "Thecat!isjumpingon5sofas" is more secure than "123456" or "qwerty".
Just as we teach children to cross the road, we must also learn how to behave in the digital world. We hope that this overview of cybersecurity will help you not only protect yourself and your data, but also your loved ones. Follow the rules of digital hygiene, be vigilant - and you will remain safe.
.jpg)
