A tremendous amount of security advice floats around the web every single day.But as a regular internet user, how do you identify authentic advice from outdated or wrong ones?
Here are some of the bad advice we at Emsisoft have found on the web, that we thought you should be aware of.
You must change your password regularly
Frequent password changes can be annoying for a lot of us. That makes us take shortcuts to create a password, such as recycling passwords or using personal information in the passwords. That in turn weakens the account security.
Furthermore, the practicality of changing passwords has declined due to an increase in the number of accounts a user has online. Changing all these passwords frequently can only be a nightmare for us.
That is why having a good password manager is essential in today’s environment to notify you of password breaches and protect your accounts with multi factor authentication.
You can change language setting to avoid ransomware
Do you know what CIS means?
This refers to states where countries like Russia have situated AKA Commonwealth of Independent States. Ransomware gangs have agreements with law enforcement agencies in this region that they would not target organizations in those regions given they would not face repercussions from the law.However, the major loophole in configuring your keyboard layout to CIS language is that ransomware also checks the system’s active language, not just installed languages.
And most importantly language checking is only one small step in the verification process of the target. Ransomware operations can easily identify whether the organization is legitimately located in the CIS regardless of its keyboard language settings.
It is best to implement proven ransomware mitigation techniques to protect yourself and the organization.
Using a Mac is the safest
In reality, no operating system is immune to malware. That applies to Mac as well.
So it doesn’t make sense or the right approach to transition to an entirely new operating system thinking it would potentially improve your security.
VPN ensures your security and privacy
Do you know that the benefits of a VPN are quite limited?
Yes, VPNs do encrypt your network traffic which was useful back in the day when websites had unencrypted HTTP. But the majority of the web now uses HTTPS. Hence VPN does not offer too much security or privacy.
Unless you try to access geo-restricted content or torrents, you do not definitely need VPN to improve your cyber security or privacy.
Never use public charging stations
Cybersecurity experts have warned about juice jacking, a type of attack that loads malware to the USB port of a public charging station leading your device to be plugged into a compromised USB port leading to data theft or malware infection.
But in reality, the chances are very slim because the threat actors are difficult to implement and not scalable. So keep it on the bottom of your to-do-security list.
Public Wi-Fi is a No go
Back in the early days, most websites used unencrypted HTTP which led others on your network to easily snoop on your network traffic.
With the release of HTTPS, a protocol that secures the communication between your browser and web server this all changed because HTTPS encrypts the traffic.
That is why it has become a low threat when using public WI-FI nowadays as 95% of the websites use HTTPS.
It is better to Avoid Suspicious Links
The problem with this statement is that it is so vague that people avoid the suspicious-looking links and they click on links that do not look suspicious to them without a base reason why it doesn’t look suspicious. This causes more havoc. That is why we should talk about the clues that indicate the link is malicious.
- Destination address of the link does not match the link
- Content that includes the link is off-brand
- Asking information that you should not disclose
Knowing what a malicious link is and how it looks is more important nowadays.
Say No to QR Codes
QR codes and its applications have increased in popularity and a lot of companies & institutions use them for their day to day business operations. Some security experts have warned that they can be used to redirect people to phishing sites & malware downloads.
Theoretically speaking this is not completely impossible but in reality users tend to get attacked via email or SMS inbox.
We can say that this advice is not completely wrong but rather it has a very low priority when it comes to security risks.
To be safer than sorry, if you are to enter financial information, regardless of whether you access that page via a URL or QR code, it is best to type in the URL manually before sharing the information.
