Avoid being hacked
Information may be misused – do you really know who you are sharing it with?
The consequences of being hacked may be serious, both for yourself and for others. Unauthorised persons may gain access that enables them to change, delete and steal information.
Avoid being hacked
Hacking means that a person, group or state gains access to computers, systems, servers or networks that they should not have access to. Those who attack, goes after the weakest link - us humans. Hacking can affect anyone connected to the internet. It can also take place in the physical world.
Sensitive research data, personal information and information about IT systems are examples of information that can be valuable to others. Information can be misused for fraud, criminal acts or other countries' intelligence. To reduce the risk of hackers succeeding, there are various ways to protect yourself.
- Use good passwords and two factor authentication where you can
Good passwords are an easy way of improving security. Below you will find some good password tips:
- Use two-factor authentication where it is possible.
- Never share your password with anyone, including IT-support. A credible company would never ask you to disclose your password. Do not send passwords via e-mail, chat or similar, either.
- Use different password for different services. Be careful about logging in to a new service through an existing one, for example by using your Facebook account to log in to Spotify.
- Using a password sentence that is hard to guess as a password is a good idea. A long password is more secure than a short one.
- Keep passwords in a secure place or use a dedicated service (password managers). Check with your place of work/study which program they recommend.
- Do not allow the browser to remember passwords for websites.
- Be aware if login requests occurs unexpectedly. It can be a fraud.
Read more about passwords (NO) at nettvett.no
- Keep your computer and software up to date
Weaknesses in old programs can easily be misused.
- Turn on automatic updates for all programs. Windows or MacOS and browsers are especially important.
- Uninstall old versions and programs you do not use.
- Installing an antivirus program and a firewall and keeping them up to date is also important.
- Don't get fooled by e-mails
E-mails are the most common way of hacking people. Faking the sender address is easy, and it can be very difficult to detect.
- Be sceptical about e-mails that contain links or attachments.
- Check where links in e-mails actually go to – hold the cursor over the link.
- Attachments may contain viruses or malware.
- Consider senders and websites carefully before you disclose information. Never disclose personal data or information about your finances via e-mail or on an unsecure website.
- Do not send personal or confidential information unencrypted via e-mail.
- Double-check the recipient address before you send an e-mail.
- If you receive a strange e-mail from a friend or colleague, call them to check if it is legitimate.
- Be careful when you are asked to click OK to become an administrator.
- Protect yourself from viruses and other malicious software
Malicious software, or malware, is often called viruses, worms or Trojans. They enter your device together with other information, as hidden content in ordinary files or websites.
Malware can do all sorts of things once it has been installed. For example, it can take over your computer and remotely control it. It can also steal all your passwords.
One example is ransomware (NO). Ransomware encrypts and makes the content of your computer inaccessible. The virus is spread via links or attachments in e-mails.
- Make a backup copy regularly.
- Do not pay the ransom.
- Ransomware may spread to disks and other units connected to the computer. Do not keep memory sticks or disks plugged into the computer. This also applies to network disks (OneDrive, Dropbox, Google Drive etc.).
- Don't let strangers plug devices into your computer (hard drives, USBs or cell phones), and don't keep external equipment plugged in at all times.
- Log out of cloud services and programs where you have to log in with a password, when you are done using them.
- Be aware of social engineering
Social engineering tricks people and exploits social weaknesses to get hold of or influence information. Trade secrets, personal data and information about IT systems can be valuable to others and be exploited for fraud or criminal offences.
Social engineering usually play on temptation, fear and trust when they try to swindle you. Here are some examples:
- A "friend" is on holiday and suddenly needs to borrow money from you.
- Someone calls you out of the blue and wants to help you with some problem on your computer.
“Porn scam” are e-mails trying to trick you into paying money. If you do not pay, the swindler threatens to publish videos or pictures of you watching porn. These threats are false and you must not pay. The sender does not have any such information on you.
In order to scare you, these e-mails sometimes include a password from a former leak. The password is from a web service you use or have used.
- If you still use this password, change it immediately.
- Do not pay.
- Other than that, you can safely ignore these e-mails.
"CEO fraud" is to trick a member of the finance staff to pay an invoice or transfer money. CEO fraud is sent via an e-mail or text message from a person acting as a member of the management. You may be asked to transfer money without further dialogue, and it is often very urgent.
- Read the e-mail carefully to look for unusual addresses or fields.
- Excessive mention of trust, threats or temptation is a well-known sign of attempted fraud.
- Check the payment information and/or invoice carefully and compare it with previous transactions.
- The management should inform finance staff in advance if they know that urgent money transfers will be needed in the near future.
- If you are a member of the finance staff and receive an e-mail from your leader to transfer money, send him or her a text message and ask for confirmation.
Read more about social engineering (NO) and CEO fraud or porn scam (NO)
- Be aware of identity theft
Identity theft is a term used about different types of crime where someone uses your identity, for example, for card fraud or to order things in your name. The information that is exploited may include your name, address, personal ID number, credit card and account number.
The sooner you discover the identity theft, the greater the chance of limiting the damage. Be aware of signs that may indicate that you are the victim of identity theft. Read more about identity theft (NO) at nettvett.no