The Internet has a lot of things that catch our attention. It may be an interesting application or website, a surprising message saying that we’ve won a prize, a headline for a blog, news, an article, or anything that triggers our curiosity.
We’ve all been there before, clicked on something we shouldn’t have and the next thing we know, our computer is frozen with a whole heap of things running on our screen which we can’t exit.
Every day phishing attacks and malware gets more sophisticated making it harder to know what is real and what is fake. With a few skills, it will massively reduce your chance of getting Malware.
1. Install an antivirus protection tool.
Trend Micro can give you the confidence to work in the digital world by safeguarding your information. It protects against viruses, dangerous websites, and other threats. The security for your remote workers or even branch offices can be managed via the Internet. They help people or companies protect your information from hackers from your business security solutions and for your online security at home.
If you’re running an older operating system that hasn’t got Windows Defender installed, you could look at other antivirus options. There are many on the internet up for grabs. BE AWARE, when you are looking for these, there are fake websites advertising for “antivirus protection” which gets you to click a link to install what you think will protect you, however, it actually will infect your computer.
Do your research before you impulsively install something quite the opposite to what you’re looking for. Malware protection options I would recommend are:
2. Browse Smart
Sometimes people allow the infection of Malware to be just a little too easy. If you’re browsing websites such as Free movie downloads, Spin to win $3 million dollars, or Click Allow to win a prize, you’re almost asking to get infected. Please do not save passwords in your browser. Use a trusted password manager like Bitwarden, or 1Password.
If you think you’ve clicked on a dodgy link you should get an IT professional to look at your PC. You can could make a start by downloading and doing a free scan from Sophos
3. Never click links in a suspicious email
Firstly, check the email that it is sent from. If you’ve received an email from apple support requesting you to update your password, and the sender’s email address is firstname.lastname@example.org this could ring alarm bells. Being aware of the subtle differences in an email address from the sender is key.
If it sounds urgent or is trying to get you to create an emotion to make a decision then alarm bells should ring. Stop and breath.
The next test you can do is to hover over any external links within the email. If the link is a fake, you’ll see a series of random letters or perhaps a similar domain, but not a valid domain eg. applecomputers.com rather than apple.com.
Also hover over any links and see if they go to where you would expect. If in doubt do not click on it and search for the site in google to go to it.
Test your staff and family and see if they know how to recognize phishing emails with this test from Google.
4. Pull the plug
If you think you’ve clicked into something that could be infecting your computer, take no risks. Pull the power plug out of your computer and contact your tech support immediately. It pays to pull out the ethernet cable as well – just to be extra safe that your computer won’t be on the network and potentially infect other computers.
There is no time to be wasted when it comes to Malware. You’re better to be safe than sorry.
5. Use strong passwords
Strong passwords are a must when it comes to cyber security. NEVER have the same password for multiple logins. Passwords need to be long and contain capital letters and numbers. Do not have anything that can be linked to you i.e birthdays, addresses, etc.
Applications like Bitwarden or 1Password are secure ways to manage your passwords. These apps can generate random strong passwords for each site and store them safely so that you do not have to remember them.
6. Take care in recognizing who’s calling you
These days hackers have become more and more common in the Telemarketing and Social Engineering side of things. Hackers will commonly target elderly people who are more inclined to believe them.
Never give out credit card details, bank accounts, passwords, or anything of this nature to an unrecognized source over the phone. Be cautious about who you are talking to.
These scammers pose as everyday services such as phone providers (Vodafone), IT companies (NZCS), electricity companies, anywhere that you could potentially be a customer.
They will usually tell you that you have an outstanding amount to pay or a problem with your computer and ask you for your details to pay the bill. Some of them will suggest you download a remote control tool like Anydesk or Teamviewer and you should refuse to do this as this.
If you’re ever uncertain whether you’re talking to the correct person, ask if you can ring them back. If they say no, hang up. Most companies will understand if you want to call them back due to security reasons and ringing them back is the best solution to finding out who you’re speaking to. Don’t redial the number on your phone, look up their number on their website, and go from there.
7. Log out of websites when finished
This one’s super important. However safe you may think you are being while browsing, we will always pose a risk of getting malware. Logging out of your computer and important web sites once you’re finished is a MUST. Do not save passwords on your browsers (Google etc have an option to “save password”). If you do and get malware all your passwords will be taken and you will need to reset them all.
If you think there is a chance someone has your password make sure you change it as soon as possible. Turn on two-factor authentication if there is an option.
8. Use Two-Factor Authentication (2FA)
At first, we used only one password for everything including social media accounts but that wasn’t good enough nowadays that’s why many people are now using 2FA (Two factor authentication. Sometimes known as MFA – multi factor authentication). The 2FA adds a second method of identity verification to secure our accounts.
First, the thing you know is your password, then something unique that you have. It can be your phone or your fingerprint. Attackers can’t access your account even if they have your password because they cannot have your fingerprint.
You can also use a code. Whenever someone attempts to log in to your account, you will receive a text message or an email with a randomized 6-digit number.
If you want to enable two-factor authentication in your Google account, follow these steps:
- Go to Google Account and log in to your account.
- Click on the Security tab on the left.
- Click on 2-Step Verification.
- Click the Get Started tab.
- Enter your Google password to verify it’s you.
- Click Try It Now.
- Tap Yes on the Google pop-up that appears on your phone or tablet.
- Confirm your phone number. It serves as the backup option in case Google Prompt doesn’t work.
- Enter the 6 digit code that you received to your phone number and click Next.
- Click Turn On to enable the 2FA.