Stop Doing This Online Right Now
Cyber Security Awareness eLearning prepares your staff to ready to take on web risks
If your company needs to ensure your staff are properly trained to spot web sites that could represent trouble or how to be cautious with company data you might want to check out Cyber Security Awareness & eLearning Training Service from Connectis Group. Our Security awareness training is an education process that teaches employees about cyber security, IT best practices, and even regulatory compliance. The training also includes how to avoid phishing and other types of social engineering cyber attacks, spot potential malware behaviors, report possible security threats, follow company IT policies and best practices, and adhere to any applicable data privacy and compliance regulations (GDPR, PCI DSS, HIPAA, etc.)
Readers of our blog at Connectis Group, I suspect, have been online long enough to know the web isn’t what it used to be in the early 90s. Today, the Internet is so accessible from so many devices, that sometimes we might for the sake of speed, blindly trust sites we visit without realizing what’s goes on behind this long dark tunnel of being online and internet browsing. Be that as it may, over the years we’ve developed our own online conduct and level of trust of sites on the web — however, these days we should have our guard up — and not take security for granted any longer.
Each web site or company has a presence on the web to gather your information for their own gains and often share your information with third party companies which use targeted advertising to induce you to purchase something. Facebook made more than $40 billion in revenue in 2018, approximately 89 percent of which came from digital advertisements. When it comes to protecting yourself, you are largely on your own.
Stop! These Practices Can Be Dangerous on the Web
Stop Logging into the third-party apps using your Facebook and Google credentials
On many sign-in pages, you’ll find Google and Facebook’s instant log-in buttons. While using them is a very convenient method that eliminates the hassle of remembering or creating numerous credentials for different websites, they carry a huge privacy trade-off. Companies like Facebook that rely on advertising for revenue made authentication frameworks. When you log-in using your credentials, you agree to share your activity on the third-party service with host companies such as Facebook and Google (and vice-versa). By using these credentials to access other sites, the tech companies create your digital profile to accurately predict your interest and purchasing needs and will send you targeted ads you’re likely to engage with. Plus, the website you’re attaching to gains more access to your info out of this relationship than they probably need. For instance, when you create a new account on Spotify via Facebook, it automatically fetches your public profile, birthday, and friends list.
It’s our advice as a cyber security expert to stay away from automatic sign-in buttons, and if you’ve been using them for a while, head over to your Facebook or Google account settings to revoke access to whichever service you’ve linked it to.
Don’t say “YES” to any browser’s save password pop up
Most browsers ask if you’d like to save the password whenever you sign in or register for a new platform. BUT YOU SHOULD NEVER HIT THAT “YES” BUTTON.
The built-in password manager on browsers is not as secure as we suppose them to be. Your credentials will often be stored in a plain text format that any hacker could easily grab with a bit of fiddling. Last year alone more than 300 million passwords were compromised. I’d recommend switching to a dedicated password manager. I myself use an opensource password manager and am quite happy with it. Password managers are specially designed to protect your credentials and they work across all apps and operating systems.
Never enter web sites that don’t have HTTPS
I’m sure most of you have noticed that when you browse an internet, you find that the browser automatically appends a few additional characters before the URL. One of those is “HTTP,” an internet protocol that determines how a website structures and transmits data. A more encrypted and private upgrade to HTTP called HTTPS was released a while back. Its biggest value is that whatever information a website exchanges with the server is secured and can’t be covertly tapped into by intruders. I wish all websites would have already migrated to HTTPS, but sadly, HTTP is still valid, leaving your data vulnerable to breaches.
I would again recommend avoiding visiting any non-HTTPS sites. You can also install a free browser extension that forces HTTPS across the internet and on every service you visit.
Filter which cookies you will allow but don’t leaving them behind
Many of us probably don’t give a second thought to that Allow Cookies pop-up when you visit a site for the first time. But I am of the notion that we all should. As you might already know that Cookies are these tiny pieces of information that companies store in your browser so that they know it’s you when you revisit them for advertising and personalization. Cookies barely have any encryption and can easily end up in the wrong hands.
Very unfortunately, most websites don’t function as intended when you entirely disable cookies, either. So, what’s the way out? You put them on self-destruct mode since, if you didn’t sign up, you likely don’t have any use for that website. To do that, you will need a third-party browser extension like Cookie-Auto-Delete, since most browsers don’t have a native setting for this. I have mine enabled on most of the browsers I use to navigate internet.
Scrolling past terms and conditions
Everyone’s done it – I did it many times even knowing the consequences. We simply scroll past the terms and conditions so we can quickly get to the click “NEXT” button. Avoid doing this, it could be truly detrimental to your personal data and can lead to serious consequences. I get it, T&C are usually lengthy and often technical and all sounds like Greek to us.
Fortunately, there are a handful of signs you can look for to understand what you are agreeing to. You can search for common terms such as “information” and “data.” Or you can head over to helper sites like TOSDR.ORG, which summarize policies of well-known services in plain English.
Connectis Cyber Security Awareness eLearning will educate your people to spot risk before they happen. Keep safe!