Now that the new year has begun, it’s time to put our good intentions into practice. Getting back to the gym instead of lounging on the couch? Are you switching your home energy to green electricity? Or embracing “Veganuary” rather than gorging on granny’s Sunday roast? Go for it! But which aspects of IT security can help make 2022 a safer year than the one that has been plagued by countless phishing attacks, data leaks and, most recently, the Log4j security vulnerability? Check out our list of what to look out for at home and at work.
Personal checklist for IT security 2022
1. Update, update, update!
Without wishing to labour the point, it’s important to remember that software can only offer maximum stability and protection against newly discovered security vulnerabilities if it is kept up to date. So be sure to install any patches and regular updates for software and operating systems. This applies across all systems and devices – from laptops and tablets to mobile phones.
2. Stop and think before you act!
Criminals use phishing attacks to trick employees into revealing passwords or other confidential company information. Their tools of choice are fake email senders – for example, from a manager in the case of targeted attacks – and wording designed to create pressure, such as “for your immediate attention!”. The best response in these cases is to pause for a moment and check the plausibility of the content: Did your boss really send the email? And does the link it contains actually lead to the company website? When in doubt, simply pick up the phone and call the alleged sender to check. This helps you expose even the most convincing phishing emails.
3. Passwordless = secure!
Many online retailers and service providers have long since implemented two-factor authentication for their customer accounts. This means knowing a username and password is no longer enough. Users must also enter a confirmation code generated by a previously registered smartphone app such as Google Authenticator. This is a good start – but can security be further enhanced? Yes! Passwordless authentication by an app makes use of biometric data, such as fingerprints or facial recognition, which thieves cannot easily crack even if they have access to an unlocked smartphone. And since the biometric data is only stored on the device itself and is never transmitted elsewhere, data protection is also maintained. Check where you can take advantage of passwordless authentication and convert your user accounts accordingly.
4. Listen to the IT department!
In addition to keeping up with your normal workload, be sure to read any update emails from your IT department, click through online training courses and take part in information calls. They might seem tiresome, but these measures are implemented with your best interests in mind. Warnings about current attacks on the company network or information about upcoming security training are aimed primarily at raising awareness of the dangers. Cybercriminals are constantly adapting their strategies to find new victims. But employees who know all the tricks and rules can protect themselves and the company.
5. Call the experts!
If you’re an IT manager in a company, you know that one person cannot provide all the answers. Nobody should shy away from calling in external expertise, particularly in a rapidly evolving area such as IT security. For example, security service providers can use penetration tests to determine how immune a company’s internal systems are to DDOS attacks, phishing attacks or software exploits. Specialist knowledge is also required for implementing new security measures. Cloud solutions from all the established providers offer the best security for the money, especially regarding highly sensitive areas such as customer identity and access management (CIAM) or passwordless authentication.
If you heed these tips, you can face the months ahead more confidently regarding IT security.