The first step in protecting yourself is to be aware of the risks. Familiarize yourself with the following terms to better understand the risks:
Hacker or attacker. These terms are applied to people who seek to exploit weaknesses in software and computer systems for their own benefit. Although their intentions are sometimes benevolent and motivated by curiosity, their actions tend to violate the intended use of the systems they operate. The results can range from simple harm (creating a virus without deliberate negative impact) to malicious actions (stealing or changing information).
Malicious code. Malicious code (also called malware) is an unwanted file or program that can harm your computer or compromise the data stored on your computer. Various classifications of malicious code include viruses, worms, and Trojan horses. Malicious code can have the following characteristics:
Additional actions are required from the user before the malware infects your computer. Such an action can be opening an email attachment or going to a specific web page.
Some forms of malware are distributed without user intervention and usually begin by exploiting a vulnerability in the software. After infecting the victim computer, the malware will try to find and infect other computers. Such malware can also be spread through email, websites, or network software.
Some malicious programs pretend to do one thing, but in fact they are doing something else behind the scenes. For example, a program claiming to speed up your computer may actually be sending confidential information to a remote attacker.
Vulnerabilities. Vulnerabilities are flaws in software, firmware, or hardware that an attacker can use to perform unauthorized actions on the system. They may be caused by software programming errors. Attackers use these errors to infect computers with malware or perform other malicious actions.
To minimize the risks of cyber attacks, follow the basic best practices of cybersecurity:
Keep the software up to date. Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it.
Run up-to-date antivirus software. Reliable antivirus software is an important measure of protection against known malicious threats. The antivirus can automatically detect, quarantine and remove various types of malware. Be sure to enable automatic updating of virus descriptions to ensure maximum protection against the latest threats. Since detection is based on signatures — known patterns that can identify code as malware — even the best antivirus will not provide adequate protection against new and complex threats such as zero-day exploits and polymorphic viruses.
Use strong passwords. Choose passwords that will be difficult for attackers to pick up, and use different passwords for different programs and devices. It is best to use long, strong passphrases or passwords consisting of at least 16 characters.
Change the default usernames and passwords. Default usernames and passwords are easily accessible to attackers. Change the default passwords to sufficiently strong and unique passwords as soon as possible.
Implement multi-factor authentication (MFA). Authentication is the process used to verify a user’s identity. Attackers usually use weak authentication processes. MFA uses at least two identification components to authenticate the user, which minimizes the risk of an attacker gaining access to the account if he knows the username and password.
Install a firewall. Firewalls can prevent some types of attacks by blocking malicious traffic before it gets into the computer system and limiting unnecessary outgoing connections. Some device operating systems include a firewall. Enable and configure the firewall correctly, as indicated in the user manual of the device or system.
Be suspicious of unexpected emails. Phishing emails are currently one of the most common risks for the average user. The purpose of a phishing email is to get information about you, steal money from you, or install malware on your device. Be suspicious of all unexpected emails.