Avoid being hacked
Information may be misused – do you really know who you are sharing it with?
The consequences of being hacked may be serious, both for yourself and for others. Unauthorised persons may gain access that enables them to change, delete and steal information.
Avoid being hacked
- Use good passwords
Good passwords are an easy way of improving security. Below you will find some good password tips:
- Never share your password with anyone. A credible company would never ask you to disclose your password. Do not send passwords via e-mail, chat or similar.
- Using a sentence as a password is a good idea.
- It is better to use a long password and write it down than to use a short one that can easily be guessed. Keep the password in a secure place or use a dedicated service (password managers).
- Use two-step verification where possible. You will first state you username and password, and then receive a one-time autorisation code that confirms that it is really you trying to log in.
- Be careful about logging in to a new service through an existing one, for example using your Facebook account to log in to Spotify.
- Do not allow the browser to remember passwords for websites.
- Use different passwords for different services.
Read more about passwords (NO) at nettvett.no
- Keep your computer and software up to date
Criminals may take advantage of weaknesses in old programmes.
- Turn on automatic updates for all programmes. Windows or MacOS and browsers are especially important.
- Uninstall old versions and programmes you do not use.
- Installing an antivirus programme and a firewall and keeping them up to date is also important.
- Make sure that your daily user account does not have administrator rights.
- Do not get fooled by e-mails
E-mails are the most common way of hacking people. Faking the sender address is easy, and it can be very difficult to detect.
- Be sceptical about e-mails that contain links or attachments.
- Attachments may contain viruses or malware.
- Consider senders and websites carefully before you disclose information. Never disclose personal data or information about your finances via e-mail or on an unsecure website.
- Check where links in e-mails actually go to – hold the cursor over the link.
- Do not send personal or confidential information unencrypted via e-mail.
- Double-check the recipient address before you send an e-mail.
- Be careful on open networks
Some wireless networks are shared with strangers, for example in an airport or a hotel.
- Do not send confidential information via an unsecure (unencrypted) connection.
- The padlock symbol in the top left-hand corner indicates that the connection is secure (encrypted).
- Share documents in areas that the recipient has access to instead of sending them as e-mail attachments.
- Confidential information and personal data must always be sent encrypted. For example, place the information in a password-protected document and send the password via text message.
- Contact the user support at your place of study or work to set up a secure (encrypted) internet connection.
At internet cafes:
- Do not use one of the cafe’s computers for work involving confidential information.
- Be aware that people might look over your shoulder.
- Delete any traces. Empty search logs and similar. Delete cookies.
- Log off all services you have used.
- Viruses and other malicious software
Malicious software, or malware, is often called viruses, worms or Trojans. They enter your device together with other information, as hidden content in ordinary files or websites.
- Be careful about clicking links in windows that pop up in your browser.
- Use antivirus programmes and a firewall and keep them up to date. Do not plug in unfamiliar USB units or let people charge their devices from your unit.
- Malware can cause greater damage if your daily user account has been assigned administrator rights.
- If you notice that your device is behaving differently than normal, it may be a sign that it is infected.
Malware can do all sorts of things once it has been installed. For example, it can take over your computer and remotely control it. It will usually also steal all your passwords.
One example is ransomware (NO). Ransomware encrypts and makes the content of your computer inaccessible. The virus is spread via links or attachments in e-mails.
- Make a backup copy regularly.
- Do not pay the ransom.
- Ransomware may spread to disks and other units connected to the computer. Do not keep memory sticks or disks plugged into the computer.
- Social engineering and "CEO fraud"
Social engineering uses human contact and exploits social weaknesses to get hold of or influence information. Trade secrets, personal data and information about IT systems can be valuable to others and be exploited for fraud or criminal offences.
Criminals usually play on temptation, fear and trust when they try to swindle you. Here are some examples:
- A friend is on holiday and suddenly needs to borrow money from you.
- Someone calls you out of the blue and wants to help you with some problem on your computer.
‘CEO fraud’ is to trick a member of the finance staff to pay an invoice or transfer money. CEO fraud is sent via an e-mail or text message from a person acting as a member of the management. It may be an e-mail or text message in which you are asked to transfer money without further dialogue, and it is often very urgent. The methods and language used become more and more sophisticated, and such fraud attempts may therefore be very difficult to detect.
- Read the e-mail carefully to look for unusual addresses or fields.
- Excessive mention of trust, threats or temptation is a well-known sign of attempted fraud.
- Check the payment information and/or invoice carefully and compare it with previous transactions.
- The management should inform finance staff in advance if they know that urgent money transfers will be needed in the near future.
- If you are a member of the finance staff and receive an e-mail from your leader to transfer money, send him or her a text message and ask for confirmation.
- Identity theft
Identity theft is a term used about different types of crime where someone uses your identity, for example, for card fraud or to order things in your name. The information that is exploited may include your name, address, personal ID number, credit card and account number.
The sooner you discover the identity theft, the greater the chance of limiting the damage. Be aware of signs that may indicate that you are the victim of identity theft. Read more about identity theft (NO) at nettvett.no
- Threats against Higher Education Institutions
Many criminals operating online are looking for information that can be exploited to make money. Cryptoviruses and CEO fraud have been widely reported in recent years, also in Higher Education Institutions (HEI). In addition, there have been examples of HEI's infrastructure being used as a stepping stone for crime targeting other enterprises.
The Norwegian Police Security Service’s (PST) open threat assessment addresses several points that concern Higher Education Institutions:
- Countries expose Norway to foreign intelligence activity with a major damage potential. Such activity will be aimed primarily at targets in the Norwegian defence and public security sector and at political decision-making processes and critical infrastructure.
- Countries recruit or plant students and researchers in Norwegian higher education and research institutions.
- Companies and institutions that develop or use technology with both military and civilian use will also be subject to targeting by foreign intelligence services (e.g. cyberattacks). Countries of concern are continuing their efforts to obtain technological know-how for use in advanced weapons development or development of weapons of mass destruction.