Daily Archives: September 15, 2020

Evolving Security Products for the new Realities of Living Life From Home

Security for all devices

Announcing McAfee’s Enhanced Consumer Security for New Consumer Realities

With millions of people continuing to work and study remotely, scammers have followed them home—generating an average of 375 new threats per minute so far this year. In response, our enhanced consumer portfolio directly addresses the new needs and new threats people face.

McAfee Labs found that these new threats via malicious apps, phishing campaigns malware, and more, according to its McAfee COVID-19 Threat Report: July 2020, which amounted to an estimated $130 million in total losses in the U.S. alone.

To help people stay safer and combat these threats, today we announced our latest consumer security portfolio. Our enriched products come with better user experiences such as a native Virtual Private Network (VPN), along with new features, including integrated Social Media and Tech Scam Protection—all of which are pressing security essentials today.

Specifically, our product lineup has been updated to include:

Boosts to security and privacy

Scams involving tech support and product activation have continued to sneak into people’s inboxes and search results, which require a critical eye to spot. Here are some tips on how to identify these scams. We’re making it easier for people to stay safer with new features such as:

  • Tech Scam Protection: McAfee® WebAdvisor now provides a warning when visiting websites that can be used by cybercriminals to gain remote access to your PC, helping combat the  $55 million total fraud loss in the U.S. due to tech scams.
  • Advanced Malware Detection: McAfee enhanced its machine learning capabilities to improve overall time to detect emerging threats across devices as well as added protection against file-less threats.

Improvements make it easier for you to stay safer

With jobs and things that simply need to get done “right now,” security can be an afterthought. Sometimes that desire for convenience has consequences, leading to situations where people’s devices, data, and personal information get compromised. In response, we’re doing our part to make security more intuitive so that people can get things done quickly and safely:

  • A Better User Experience: An improved PC and app experience with easier navigation and readable alerts, and clear calls to action for faster understanding of potential issues.
  • Native VPN: Easier access to VPN and anti-malware device protection via one central place and log-in.
  • Updated Password Protection: Access iOS applications even faster with automatically filled in user account information and passwords in both apps and browsers on iOS devices.

Further security enhancements for today’s needs and tomorrow’s threats

With people’s newfound reliance on the internet, we’ve made new advances that help them live their increasingly connected lives—looking after security and privacy even more comprehensively than before on security and the apps they use:

  • Optimized Product Alerts: Redesigned product alerts, so consumers are better informed about possible security risks, with a single-click call to action for immediate protection.
  • Social Media Protection: To help prevent users from accidentally visiting malicious websites, McAfee now annotates social media feeds across six major platforms – Facebook, Twitter, YouTube, Instagram, Reddit, and LinkedIn.
  • Enhanced App Privacy Check: Consumers can now easily see when mobile apps request personal information, with app privacy now integrated into the main scan of Android devices.

McAfee is on a journey to ensure security allows users to be as carefree as possible online, now that more time is spent on devices as consumers navigate a new normal of life from home. For more information on our consumer product lineup, visit https://www.mcafee.com/en-us/antivirus/mcafee-total-protection.html

Stay Updated 

To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

 

The post Evolving Security Products for the new Realities of Living Life From Home appeared first on McAfee Blogs.

PCI SSC to Host its 2020 Community Meetings Online as Virtual Events

 

In an unprecedented year, PCI Security Standards Council (PCI SSC) will host its 2020 Community Meetings online, as virtual events, for the first time in the Council’s history. The annual North America, Europe and Asia-Pacific Community Meetings offer an opportunity to bring the PCI SSC community together to network with colleagues, share regional insights, and hear important Council updates.

Phishing Email Examples: How to Recognize a Phishing Email

email phishing scams

Phishing Email Examples: How to Recognize a Phishing Email

Keeping your identity safe on the internet can be challenging. Phishing is a scam that tricks you into voluntarily providing important personal information. Protect yourself from phishing by reviewing some examples of phishing emails and learning more about this common online scam.

What is phishing?

Phishing is a type of cybercrime that steals your sensitive information. To trick you into willingly providing information like your website logins and credit card numbers, phishing scammers disguise themselves as major corporations or other trustworthy entities. Phishing scammers will usually contact you via text or email.

What is a phishing email?

A phishing email is a fraudulent email message that is made to look like it was sent by a legitimate company. These emails contain messages that ask you to provide sensitive personal information in various ways. If you don’t look carefully at the emails you receive, you might not be able to tell the difference between a normal email and a phishing email. Scammers work hard to make phishing emails resemble emails sent by trusted companies as closely as possible, which is why you need to be cautious when you open emails and click the links they contain.

How do you spot a phishing email?

Phishing scammers often undo their own plans by making simple mistakes that are easy to spot once you know how to recognize them. Check for the following signs of phishing every time you open an email:

It’s poorly written

Phishing emails often contain grammatical errors, spelling mistakes, and other telltale signs that they weren’t written by marketing departments at major corporations. Even the biggest companies sometimes make small errors in their emails, but if you see multiple, glaring grammatical errors in an email that asks for your personal information, you might have become the target of a phishing scammer.

The logo doesn’t look right

To enhance the credibility of their emails, phishing scammers often steal the logos of prominent corporations or websites. In many cases, however, they don’t steal corporate logos correctly. The logo in a phishing email might have the wrong aspect ratio, or it might be low-resolution. If you have to squint to make out the logo in an email message, chances are that it’s a phishing email.

The URL doesn’t match

Phishing emails always center around links that you’re supposed to click. There are a few ways to check whether a link you’ve been emailed is legitimate. With some email clients, just hovering over the link will be enough to display its URL. Alternatively, you can right-click the link, copy it, and paste the URL into a word processor. On mobile devices, you can check the URL of a link by pressing and holding it with your finger. If the URL you discover doesn’t match up with the entity that supposedly sent you the email, you might have received a phishing email.

Types of phishing emails

Phishing emails come in all shapes and sizes, but there are a few types of phishing emails that are more common than others. Let’s review some examples of the most frequently sent phishing emails:

Account suspended scam

Some phishing emails appear to notify you that your bank account has been temporarily suspended due to unusual activity. If you receive an account suspension email from a bank that you haven’t opened an account with, delete it immediately, and don’t look back. Suspended account phishing emails from banks you do business with, however, are harder to spot. Use the methods we listed above to check the veracity of the email, and if all else fails, contact your bank directly instead of opening any links within the email you received.

Two-factor authentication scam

Two-factor authentication (2FA) has become common, so you’re probably used to receiving emails that ask you to confirm your login information with six-digit numerical codes. Phishing scammers also know how common 2FA has become, and this service that’s supposed to protect your identity might be used for nefarious purposes. If you receive an email asking you to log into an account to confirm your identity, use the criteria we listed above to verify the authenticity of the message. Be especially wary if you’re asked to provide 2FA for an account you haven’t accessed for a while.

Tax refund scam

Everyone likes getting money from the government. That’s what phishing scammers are counting on when they send you phony IRS refund emails. You should always be careful when an email informs you that you’ve received a windfall of cash, and be especially dubious of emails that were supposedly sent by the IRS since this government agency only contacts taxpayers via snail mail. Tax refund phishing scams can do serious harm since they usually ask for your social security number as well as your bank account information.

Phishing at work

You need to be wary of phishing when you’re using your work email as well. One popular phishing scam involves emails that are designed to look like they were sent by someone in the C-suite of your company. They ask workers to wire funds to supposed clients, but this cash actually goes to scammers. Use the tips we listed above to spot these phony emails.

What happens if you click a link in a phishing email?

Never click links in suspicious emails. If you do click a link in an email you suspect was sent by a phishing scammer, however, you will be taken to a web page with a form where you can enter sensitive data such as your social security number, credit card information, or login credentials. Do not enter any data on this page.

What do you do if you suspect you’ve been phished?

If you accidentally enter data in a webpage linked to a suspicious email, disconnect your device from the internet. Next, perform a full malware scan on your device. Once the scan is complete, backup all of your files, and change your passwords. Even if you only provided a phishing scammer with the data from one account, you may have also opened the door to other personal data, so it’s important to change all the passwords you use online in the wake of a suspected phishing attack.

How to recognize a phishing email: simple tips

Let’s wrap things up with some summarized tips on how to avoid phishing emails:

  • When in doubt, directly contact the organization that supposedly emailed you instead of opening links included in suspicious emails.
  • Examine suspicious emails carefully to check for telltale signs of phishing such as poor grammar, grainy logos, or bogus links.
  • If you accidentally click a phishing link, don’t enter any data, and close the page.
  • If you think you’ve been phished, run a virus scan, backup your files, and change all your passwords.

Stay protected

Phishing emails only work on the unwary. Now that you know how to spot phishing emails and what to do if you suspect you’ve been phished, you won’t fall for this type of scam. Just remember to always be careful with your personal information when you use the internet, and err on the side of caution whenever anybody asks you to divulge sensitive details about your identity, your finances, or your login information.

The post Phishing Email Examples: How to Recognize a Phishing Email appeared first on McAfee Blogs.

Write Code That Protects Sensitive User Data

Sensitive data exposure is currently at number 3 in the??ッOWASP Top 10??ッlist of the most critical application security risks.

In this blog post, we will describe common scenarios of incorrect sensitive data handling and suggest ways to protect sensitive data. We will illustrate our suggestions with code samples in C# that can be used in ASP.NET Core applications.

What is sensitive data?

OWASP lists passwords, credit card numbers, health records, personal information and business secrets as sensitive data.

Social security numbers, passwords, biometric data, trade memberships and criminal records can also be thought of at sensitive data.

What exactly sensitive data means for you will depend on:

  • Laws and industry regulations such as EU's General Data Protection Regulation (GDPR) or the UK's Data Protection Act (DPA) that govern the use of "personal data".
  • Business requirements. The law may not enforce strict measures around sensitive data that your application creates or stores for its users, but breaching that data would still hurt your users and, by extension, your business.

In software applications, we can think of sensitive data as:

  1. Most user data (for example, names listed in public user profiles may not be sensitive).
  1. Application data (such as session IDs and encryption keys) that helps protect user data from being exposed.

Various sources and authorities may have different definitions of sensitive data. However, if you're a business that develops an application that works with user data, it's in your best interest to use a broad interpretation of "sensitive data" and do your best to protect it.

What vulnerabilities can lead to sensitive data exposure?

Let's discuss some of the most common vulnerabilities that can expose sensitive user data.

Leaking access control that enables forced browsing to restricted content

Due to inadequate access control, users who are not expected to see sensitive data may in fact be able to access it, even though the data is not referenced by the application in any way. An attack called force browsing takes advantage of this situation.

Imagine you're a regular user of a web application, and when you look around the UI, you don't see any administrative functionality available. Still, if you manually enter a URL that you think may be available to admin users (such as??ッhttps://www.myapp.com/admin), you do see the admin UI. This is forced browsing: the application didn't guide you to a restricted resource, but neither did it prevent you from accessing it.

Improperly managed sessions

When sessions are managed improperly, session IDs of authenticated users are at risk of being exposed, and attackers can take advantage of this to impersonate legitimate users. Two common attacks that are made possible by improper session management are session hijacking and session fixation. Attacks like these can have a severe impact if targeted at privileged accounts and can cause massive leakage of sensitive data.

One major reason why sessions can be mismanaged is that developers sometimes write their custom authentication and session management schemes instead of using battlefield-tested solutions, but doing this correctly is hard.

Insecure cryptographic storage

Insecure cryptographic storage??ッrefers to unsafe practices of storing sensitive data, most prominently user passwords. This is not about not protecting data at all, which results in storing passwords as plain text. Instead, this is about applying a wrong cryptographic process or a surrogate, such as:

  • Using an outdated and weak hashing algorithm (think SHA1 or MD5), which makes cracking hashed data quick and easy once the data has been exposed.
  • Using a custom hashing algorithm.
  • Using encryption instead of hashing for password protection.
  • Using protection that is not a cryptographic process at all, such as string transformations or Base64 encoding.

This vulnerability is extra important because secure cryptographic storage is the last line of defense: strong cryptography saves the data once it has been exposed by other risks in an application.

How do you protect sensitive data?

Let's see what kind of??ッsecure coding practices??ッcan help you avoid vulnerabilities such as the ones listed above, and minimize the risk of disclosing sensitive data.

To prevent forced browsing to restricted content

  • Implement a robust authorization mechanism??ッwith early and uniform authorization checks that are executed right after authentication.
  • Use proven frameworks for authentication and authorization. Modern frameworks often implement secure authentication and authorization behind the scenes, provide sensible defaults, and allow you to write extensions based on your application's requirements. For example, on the Microsoft stack, ASP.NET Core Identity is a proven framework that abstracts away authorization management.
  • Do not rely on hiding privileged UI as the only authorization check. Hiding a UI element will not prevent access to the resource that it refers to. For example, in an ASP.NET Core MVC application, let's say there's a link to a view that only authenticated users should see:
    @if (User.Identity.IsAuthenticated)
    {
        

This is a hidden page!

}

However, if the??ッHome??ッcontroller's??ッHidden??ッaction is not configured as available to logged-in users only, an anonymous user would still be available to enter the direct URL and access the hidden page. To prevent this, the controller action should be protected as well:

    [Authorize]
    public IActionResult Hidden() => View();
  • Cover authorization logic with tests. As your codebase evolves, inadvertent changes can create vulnerabilities, and it's vital to make sure they are detected as soon as possible. This is why it's important to write and maintain automated tests for authorization code that test all roles, as well as anonymous access.

To avoid improperly managed sessions and session ID leaks

  • Do not expose session IDs in URLs. Keeping a session ID as part of a URL is an easy way to enable session hijacking via URL sharing or logging.
  • Keep session IDs in cookies only. Instead of using URLs, only keep session IDs in cookies. This way, unless an attacker can access request headers, sessions will not be hijacked maliciously. In addition, they certainly won't be hijacked unintentionally as a side effect of URL sharing.
  • Use HTTPS??ッthroughout your application. Don't refer to HTTP resources from pages that use HTTPS. Make sure to configure HTTP to HTTPS redirects. If for some reason you're forced to use a mix of HTTPS and HTTP, create new session IDs every time when connection security changes from HTTPS and HTTP, or vice versa.
  • Use HSTS (but do it carefully). When you've gained confidence in your full-HTTPS infrastructure, start setting the??ッHSTS??ッ(Strict-Transport-Security) header that prohibits the web browser from attempting to communicate with the web application via plain HTTP ever again. Since browsers actively cache HSTS settings, start with a small??ッmax-age??ッvalue and gradually increase if all goes well. This is how you can configure initial HSTS options in an ASP.NET Core application:
    public void ConfigureServices(IServiceCollection services)
    {
        // ...
        services.AddHsts(options => options.MaxAge = TimeSpan.FromHours(6));
        // ...
    }
  • Maintain healthy cookie settings. Unless client-side scripts in your application need to read or set cookie values, set the??ッHttpOnly??ッattribute. When transmitting cookies over HTTPS, make sure to set the??ッSecure??ッattribute. Enforce a??ッStrict??ッsame-site policy if your application doesn't use OAuth2, or??ッLax??ッif it does. Finally, set cookie expiration to a reasonably short time span. Here's how you would configure cookies in an ASP.NET Core application that uses ASP.NET Core Identity:
    public void ConfigureServices(IServiceCollection services)
    {
        // ...
        services.ConfigureApplicationCookie(options =>
        {
            options.Cookie.HttpOnly = true;
            options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
            options.Cookie.SameSite = SameSiteMode.Strict;
            options.ExpireTimeSpan = TimeSpan.FromHours(1);
        });
        // ...
    }

To keep cryptographic storage secure

  • Do not use encryption for password storage. Use hashing instead. Encryption is a two-way process, and hashing is a one-way process. When a database of symmetrically encrypted passwords is exposed, the attacker gets access to the encryption key and instantly restores passwords to their original form, making protection useless. To make it difficult or impractical for an attacker to obtain original passwords, they should be hashed.
  • Apply a unique salt to each password. A salt is a randomly generated string added to a password before hashing. Salting protects against attacks based on pre-computed hashes and helps hide identical passwords in a database.
  • Use a modern hashing algorithm??ッthat is slow (a good thing!) and designed for secure password storage. The extent to which an algorithm is slow should be configurable using a work factor. OWASP currently recommends choosing between??ッArgon2id,??ッPBKDF2, and??ッBcrypt.
  • Never create your own hashing algorithms??ッfor production applications. Writing hashing algorithms is insanely hard. A half-baked custom algorithm will inevitably introduce multiple weaknesses, thus defeating the purpose of the endeavor.

Summary

We've learned how applying a set of secure coding practices in access control, session management and cryptographic storage can help you avoid a set of vulnerabilities and minimize the risk of disclosing sensitive data.

There's one more fundamental advice that OWASP gives:??ッdon't store sensitive data unless you absolutely need to. Data that is not stored cannot be compromised.

Whatever decisions you make on data storage policy, remember to detect vulnerable code early with continuous testing, code review, static and dynamic analysis.

The Top 4 Tips for Keeping Your Digital Marketing Company Safe From Cyber Crime

As the Digital Age flourishes, more and more people are switching to working online and having businesses that revolve around all things digital and technological. A well-known example of this is the marketing industry. In recent years the marketing industry has converted to being almost entirely digital; thus creating the genre of marketing: digital marketing. Almost every company has or has the ability to reap the benefits of digital marketing, making this industry a lucrative and important one.

As more people are beginning or expanding their careers in digital marketing, there are some things that they should know; most notably, how to keep their digital marketing company safe from cybercrime. Cybercrime can impact and ruin people’s lives as hackers can steal, exploit, and tamper with personal information and accounts. And for a business that exists only digitally, it’s important to take the necessary precautions in order to keep the business safe.

What You Need to Know to Keep Your Company Safe

Whether you own a digital marketing business, or you work for one, it’s imperative that you take cybercrime seriously. An expert from a company that is a digital forensics investigator pointed out that cybercrime is becoming a common threat for internet users. He added that hackers are becoming more skilled as people’s dependence on technology increases. With that being said, here are 4 ways that you can protect your digital marketing business or your digital marketing job from cybercrimes.

1.    Be Sure to Keep All of Your Software Up to Date

This is perhaps one of the easiest ways that you can make sure that your digital marketing business is safe from cybercrime. One of the most common ways that hackers get into accounts and documents is by finding code defects in the software. When it comes to the software designers’ attention that there is a code defect, an update will come out that will fix this error. However, when people don’t update their software, hackers can see this and will enter the account, document, etc., through this code defect. Because hackers can see what software has been updated and what software hasn’t, it will be worth your while to keep all of your software up to date.

2.    Think About Email Marketing Security

To protect your marketing content and all of your clients’ personal information, you will have to make sure that your email marketing system is secure. Hackers are aware that email is one of the most essential tools in digital marketing, so will try to gain access to these accounts. 

Email marketing systems often hold crucial, yet sensitive information belonging to clients; therefore, you should utilize email marketing tools that feature security measures that will store sensitive information using encryption, and lock down access. To further ensure that your marketing email is secure, make it a point to train all employees on how to keep these systems secure and avoid data breaches.

3.    Encrypt and Back-Up Sensitive Data

Encrypting and backing up data is the best way to avoid a security breach and to prevent hackers from stealing all of your data in the event of cybercrime. Data encryption means to translate data into another code that only people with access to a decryption key/password can read it. Similarly, backing up data simply means to make copies of the data and store it on another device or in a cloud storage provider.

4.    Set Up Strict Limitations

It will be in digital marketing agencies’ best interest to set up strict limitations that will not allow employees to install unauthorized software or open files that contain viruses. Setting up strict digital limitations could potentially save you from a catastrophic event. By being proactive and setting up strict limitations will prevent malware from infecting your company’s computer and network.

Keep Your Digital Marketing Content Secure

Digital marketing companies are a common target when it comes to internet crime, so it’s necessary you do all that you can to avoid being hacked or exploited. To keep yourself, your employees, your clients, and your overall business safe and secure keep these 4 digital marketing security tips in mind.  Turning these tips into actions will significantly lower your chances of becoming a victim of cybercrime.

About the Author

Jennifer Bell is a freelance writer, blogger, dog-enthusiast, and avid beachgoer operating out of Southern New Jersey

The post The Top 4 Tips for Keeping Your Digital Marketing Company Safe From Cyber Crime appeared first on CyberDB.

Security settings nobody cares to check when installing new software and why it’s dangerous

We live in the age of cyberspace, and every day each of us is faced with the need to use information technology. The human online presence is boundless, starting from posting personal data on social networks, making online payments, and downloading new software. Thus, our smartphones and PCs contain a lot of information about us. And we become much more vulnerable to attackers online than in real life. Cybersecurity is one of the key aspects of life in the information era. All electronic information, services, and devices require protection and compliance with certain security rules. But users rarely use reliable anti-virus software or specialized solutions to protect against DDoS attacks and ignore security settings. What can be the outcome and how to avoid potential hazards?

What Is Cyber Threat?

Everyone must have met this term on social media. But what exactly does it mean? It is a malicious act that is aimed at data damaging and stealing or disrupting the smooth functioning of digital devices. One of the first known computer viruses was Elk Cloner spread in the wild in the early 1980s. But cyber threats do not remain static and become more sophisticated. Malware is often hidden in software that you install on your devices. And the likelihood of this risk increases if you download it not from a trusted source, but from the net. When installing new programs, it is important to be alerted by various warnings, especially if they want to access your personal data.

Types of Cyber Security Threats

Today there is a great variety of malicious programs that may unnoticeably pop in your computer and gadgets. The most common are the following ones:

Viruses are malware that joins another program and when it is launched (which usually happens through the user’s negligence), it begins to reproduce itself and modify other applications on the computer by implementing elements of its malicious code into them.

Worms are programs very similar to a virus. It is capable of self-replication and can lead to irreversible consequences for your system. However, the worms do not need to infect other files to reproduce.  They crawl into a computer and send their copies to all your contacts.

Trojans, also known as Trojan horses, are one of the most dangerous hazards. They usually try to trick you by disguising as useful programs. After entering the system, attackers gain free access to the infected computer. Trojans pave the way for other malicious objects, such as viruses and ransomware.

Ransomware is a program that blocks your device and encrypts your files. It demands a ransom to get the system restored. Ransomware is considered a weapon of choice for cybercriminals because it enables them to make significant profits in cryptocurrencies that are difficult to trace. The ransomware code can be easily obtained from the black market, and it is never easy to defend against it.

Adware is a code that is included in the software to display advertisements without the user’s knowledge. Often such programs collect and forward personal information about the user to their developer, change various browser settings, and create uncontrolled traffic by the user. All of this can lead to both security policy violations and direct financial losses.

Spyware collects information about an individual user or organization without their knowledge. This malware records which keys users press getting personal data such as usernames, passwords, or credit card details.

Rootkits are able to hide hazards from anti-virus programs. They give attackers access to administration of the infected computer. They usually go unnoticed by the user, other programs, and the operating system itself.

Cryptojacking is a type of malware that is becoming more widespread. These objects are used for hidden cryptocurrency mining and are usually installed using a Trojan program. As a result, intruders can use the resources of your computer to mine cryptocurrencies.

Main Mistakes That Cause Data Leakage

Sometimes users themselves create fertile ground for cyber threats. We ignore and neglect to implement many basic security measures. The risk of catching malware increases in the following cases:

·        A download of free software. Buy legal programs and register them. Free software often asks to install additional programs on your PC that may carry a serious threat.

·        Untimely software updates. Make sure your software is up to date. Take time to install automatic updates for your system as they reduce the vulnerability of your system. It should be downloaded from trusted software vendors.

·        Occasional downloads. Block pop-ups to prevent unwanted programs. The web browser you are using should be locked. This prevents potentially dangerous ads from being displayed on the screen. Google Chrome, Firefox, and Microsoft Edge have built-in blockers. Viruses often use the extensions .vbs, .shs, .exe, .scr, .chm, .bat. If the system asks to download or open such a file, cancel your previous actions.

·        Opening potentially unsafe attachments and links. Do not click on links or open attachments received from unknown e-mail addresses. One of the most important sources of malware is emails from scammers. It can initiate fishing even from the Spam folder. Remove unwanted emails from strangers or companies, no matter how friendly they may look. Immediately close sites that open on your computer without your consent. Never follow any links as a single click can lead to malicious software being downloaded to your computer.

·        Ignoring recommended security settings. There are some basic safety practices to follow to boost your device protection. Users often neglect them opening the way to attackers.

Steps on Protecting Your PC

Everybody can  And there is a whole list of such solutions that will optimize the security level of your devices.

1.      Create strong passwords

This is one of the key rules of cybersecurity. The password must consist of a complex combination of characters. Use a different password for each service and site and never share your passwords with anyone, keep them on paper, or enter them on third-party sites. Use other protection means where.  For Windows, for example, you can activate Windows Hello technology which uses the face recognition method to log in. You can also use password managers such as KeePass.

2.      Back up your system

This process ensures that all data is copied and stored in a separate place to avoid loss of information. If the original document is damaged, you can restore it from a copy stored in a safe place. OS developers give clear-cut instruction on how to do it:

 You can also use special cloud storage.

3.      Enable two-factor authentication

Most reputable online services support two-factor authentication. Enable it with a software token (available on Facebook, Twitter, Google, etc.) or with a one-time password with SMS delivery.

4.      Use VPN

Use a VPN to protect your network data from being stolen. Experts consider public Wi-Fi networks unsafe. When working with them, you should not enter access to passwords, logins, personal data. Use such an Internet connection only via a VPN.

5.      Install antivirus software

Reputable antivirus programs will allow you to more carefully select and examine any software for its potential danger. Besides, the antivirus software will additionally ask for confirmation of the download decision and make comments on the security of file installation.

Unfortunately, it is not possible to entirely eliminate the risk. But implementing good safety practices helps significantly reduce it. It is not difficult and often free of charge to boost your security. Timely actions can prevent a lot of potential hazards. It would be the best approach to create a safety checklist covering the above-mentioned tips and check its compliance regularly.

The post Security settings nobody cares to check when installing new software and why it’s dangerous appeared first on CyberDB.