Security tips

Do not fill out fun forms on social media, with information about yourself

• Used to build a profile about you.
• A very common way to use your information to reset your passwords.

Avoid filling out forms that request personal information; these sometimes circulate on platforms like Facebook and are often structured with a series of questions about random things, but with the occasional question about what your first pet's name was, which school you attended, your middle name, and so on. It's a clever way to slowly but surely build a profile with information about you and others, which is then used to reset passwords and gain access to some of your accounts – most importantly, your email, as it is often linked to other services.

Use strong passwords

• At least 12 characters.
• Include both uppercase and lowercase letters.
• Include numbers and special characters.
• Use phrases with punctuation.

By strong passwords, we mean passwords longer than 12 characters, combining lowercase and uppercase letters, special characters, and numbers. To make it easier, it's recommended to use phrases instead of complicated combinations of characters that you won't remember. For example, it's easier to remember "The-horse-eats-oats1!" than "zzK34xPG@19!"

Use a password manager

• Have a unique password for each service/website.
• There are many good free options for individuals, such as Bitwarden, 1password or Keeper.
• Do not save passwords in your browser.
• It's easier to remember one strong password than 50.
• It can be used for all sensitive and important things to remember.

A password manager simplifies password management and makes it easier to use long, secure passwords when all you need to remember is one strong password instead of 50 different ones. The password manager is also a useful tool for keeping track of other important information and for consolidating your accounts and passwords in case something unexpected happens, allowing a family member to manage your digital identity.

Think about what you share on social media

• Don't share your location.
• Don't announce your vacation to everyone.
• Don't share information that can be used to access your accounts.

Think before sharing information openly on social media – could this be something someone can misuse? For example, if you constantly share your location, it's easy for potential burglars to take advantage when you're far from home. The same goes if you announce that you're going on a two-week vacation – it's very easy for someone to swing by and pick up your mail. A common example is someone ordering something in your name for delivery to your mailbox and then simply picking it up when you're not home. It can range from new bank and credit cards to expensive items or even address changes and similar if you don't have digital government mail.

Be cautious about email messages

• It's highly unlikely that your boss is emailing you to make a bank transfer.
• If something seems too good to be true, it usually is.
• Always verify before taking action on an email.

Scammers always try to create a sense of urgency – be vigilant if someone wants you to act immediately. When you receive an email that seems correct but also seems to have something wrong – it could be sentence structure, the sender, formatting, or something else that's not as it usually is – always verify before doing anything. In most cases, we have a purpose for an email and can verify with the sender/recipient, either through a return email or some other means. Be especially cautious when it comes to financial commitments; scammers often try to create a sense that something must happen immediately so that you'll act without a thorough investigation.

Always keep your software updated

• Update programs and apps as soon as an update is available.
• Attackers often exploit vulnerabilities in old versions.

If you have many programs installed on your computer or apps on your phone, it's important to try to keep them updated as best as possible. The more apps and programs you have, the larger the attack surface for a potential attacker exploiting old versions with known vulnerabilities.

Use antivirus software

• Have some form of antivirus on your computer.
• Not as necessary on a mobile phone.

If you use a computer extensively, make sure to have some form of antivirus. Today, Windows comes with Microsoft Defender, which is a suitable option – use it and keep it updated. For mobile devices, the built-in protection is usually sufficient as long as you are careful with installed apps and avoid installing things from outside the respective app store.

Do not connect unfamiliar devices

• USB drives.
• Memory cards.
• Phones.

If you find a device on the street, in a parking lot, or similar, be very cautious about connecting it to a computer or phone. It's relatively common for devices to be placed where just one person connecting it to a computer can trigger some form of malicious software. This can range from USB drives and memory cards to devices like mobile phones.

Be aware that QR codes can lead to fake websites

• Do not scan QR codes if you're not completely sure about the content.
• Check the URL/website that the QR code leads to – most mobile devices display the link before opening it today.

If you're walking around and see a QR code on a lamppost or somewhere that you scan to see what it's about – be aware that someone may have deliberately set it up to lure people to a malicious website. A new type of scam using this is people distributing flyers about bitcoin that appear to be a lost bitcoin wallet. When a person scans the QR code, they are prompted to log in, which in turn gives the attacker access to that person's data instead.

Do not download attached documents from email if you're not completely sure about the content

• Review attachments in another tool if possible.
• Submit them to the IT department if you're unsure.
• It's always(!) better to be cautious.

Attached files in emails are the most common way for hackers to gain access to an organization's network. It only takes one employee downloading a document, opening it, and allowing a macro to run in an Excel document they believe is a quote for an attacker to take over the computer and establish a foothold in the network. A common method is for an attacker to gain control of the email of a smaller legitimate company, such as a tradesman. From there, they investigate which customers the tradesman has and whether there's a larger target to move on to. Then, an email is sent out from the legitimate tradesman containing a quote to a recurring customer. The chance is that the customer will open the quote even if they haven't ordered a job, and if the language in the email is a bit off – that's all that's needed."