Avoid being hacked
Information may be misused – do you really know who you are sharing it with?
The consequences of being hacked may be serious, both for yourself and for others. Unauthorised persons may gain access that enables them to change, delete and steal information.
Avoid being hacked
- Be careful about clicking links in windows that pop up in your browser.
- Use antivirus programmes and a firewall and keep them up to date. This also applies to private computers and units.
- Do not plug in unfamiliar USB units or let people charge their devices from your unit.
- Malware can cause greater damage if your daily user account has been assigned administrator rights.
- If you notice that your device is behaving differently than normal, it may be a sign that it is infected. Contact IT Support for help.
- Use good passwords
Good passwords are an easy way of improving security. Below you will find some good password tips:
- Never share your password with anyone, including IT-support. A credible company would never ask you to disclose your password. Do not send passwords via e-mail, chat or similar, either.
- Use different password for different services. This is important, since passwords fall into the wrong hands quite often.
- Using a sentence as a password is a good idea.
- A long password is safer than a short password.
- You may use a system or pattern, but be creative. “The animals went in to Facebook two by two”, is too easy to guess.
- It is impossible to remember all passwords. Keep the passwords in a secure place or use a dedicated service (password managers)
- Use two-factor authentication where this is possible.
- Be careful about logging in to a new service through an existing one, for example by using your Facebook account to log in to Spotify.
- Do not allow the browser to remember passwords for websites.
- Do not type your password into all login request that may occur unexpectedly. Some of these may be fraud.
Read more about passwords (NO) at nettvett.no
- Keep your computer and software up to date
Weaknesses in old programmes can easily be misused.
- Turn on automatic updates for all programmes. Windows or MacOS and browsers are especially important.
- Uninstall old versions and programmes you do not use.
- Installing an antivirus programme and a firewall and keeping them up to date is also important.
- Be careful when you are asked to click OK to become an administrator.
- Don't get fooled by e-mails
E-mails are the most common way of hacking people. Faking the sender address is easy, and it can be very difficult to detect.
- Be sceptical about e-mails that contain links or attachments.
- Check where links in e-mails actually go to – hold the cursor over the link.
- Attachments may contain viruses or malware.
- Consider senders and websites carefully before you disclose information. Never disclose personal data or information about your finances via e-mail or on an unsecure website.
- Do not send personal or confidential information unencrypted via e-mail.
- Double-check the recipient address before you send an e-mail.
- If you receive a strange e-mail from a friend or colleague, call them to check if it is legitimate.
- Viruses and other malicious software
Malicious software, or malware, is often called viruses, worms or Trojans. They enter your device together with other information, as hidden content in ordinary files or websites.
Malware can do all sorts of things once it has been installed. For example, it can take over your computer and remotely control it. It can also steal all your passwords.
One example is ransomware (NO). Ransomware encrypts and makes the content of your computer inaccessible. The virus is spread via links or attachments in e-mails.
- Make a backup copy regularly.
- Do not pay the ransom.
- Ransomware may spread to disks and other units connected to the computer. Do not keep memory sticks or disks plugged into the computer. This also applies to network disks (OneDrive, Dropbox, Google Drive etc.)
- Social engineering
Social engineering tricks people and exploits social weaknesses to get hold of or influence information. Trade secrets, personal data and information about IT systems can be valuable to others and be exploited for fraud or criminal offences.
Social engineering usually play on temptation, fear and trust when they try to swindle you. Here are some examples:
- A friend is on holiday and suddenly needs to borrow money from you.
- Someone calls you out of the blue and wants to help you with some problem on your computer.
“Porn scam” are e-mails trying to trick you into paying money. If you do not pay, the swindler threatens to publish videos or pictures of you watching porn. These threats are false and you must not pay. The sender does not have any such information on you.
In order to scare you, these e-mails sometimes include a password from a former leak. The password is from a web service you use or have used.
- If you still use this password, change it immediately.
- Do not pay.
- Other than that, you can safely ignore these e-mails.
"CEO fraud" is to trick a member of the finance staff to pay an invoice or transfer money. CEO fraud is sent via an e-mail or text message from a person acting as a member of the management. You may be asked to transfer money without further dialogue, and it is often very urgent.
- Read the e-mail carefully to look for unusual addresses or fields.
- Excessive mention of trust, threats or temptation is a well-known sign of attempted fraud.
- Check the payment information and/or invoice carefully and compare it with previous transactions.
- The management should inform finance staff in advance if they know that urgent money transfers will be needed in the near future.
- If you are a member of the finance staff and receive an e-mail from your leader to transfer money, send him or her a text message and ask for confirmation.
Read more about social engineering (NO) and CEO fraud or porn scam (NO)
- Identity theft
Identity theft is a term used about different types of crime where someone uses your identity, for example, for card fraud or to order things in your name. The information that is exploited may include your name, address, personal ID number, credit card and account number.
The sooner you discover the identity theft, the greater the chance of limiting the damage. Be aware of signs that may indicate that you are the victim of identity theft. Read more about identity theft (NO) at nettvett.no