I suggest you read the article. For your security, there is a list of recommendations to be followed to prevent cyber attacks.
Basic Rules of Cyber Hygiene
1.Use licensed/legalized operating systems, other software products, timely and systematically update them.
2. Use antivirus software with heuristic analysis technology.
3. Use a firewall and proprietary anti-malware tools.
4. Back up your data on a regular basis, store it on external storage media (SDD, HDD, etc.) and set up a “system restore” function.
5. Do not connect USB flash drives and external disks, do not insert CDs and DVDs, etc. into your computer if you do not trust their source completely. There are hacking techniques in place even before you open the file on a flash drive and long before your antivirus scans it. If you found the device inside the office or outside, received it in the mail or with delivery, or a stranger gave it to you with a request to print the document, or just open and check its contents – there is a high probability that the device is dangerous.
- Read more about your own devices and be careful with devices that you receive from other people for work or other purposes.
- When connecting devices, ensure that they are automatically scanned for malware.
- Disable automatic start of removable media (autorun.inf protection).
6. Do not store authentication data in easily accessible places (e.g. on your desktop). Use special software tools (e.g. KeePass) to store passwords. Use strong passwords, including those that can be used to store passwords:
- are at least 8 characters long;
- contain letters, numbers and special characters;
- do not contain personalized information (date of birth, phone numbers, document numbers and series, vehicle numbers, bank card numbers, registration addresses, etc.);
- are not used in any other accounts.
7. Avoid the use of Internet banking, electronic payment systems, the introduction of data authentication when accessing the Internet via a public (unprotected) wireless network (in cafes, bars, airports, and other public places).
8. Be especially careful when opening e-mail attachments from unknown persons. E-mail is the most appropriate means of distributing malicious software today. While working with your mail, you should check the attachment extensions and not open files even with secure extensions. Don’t follow unknown links or download files with potentially dangerous extensions (e.g., .exe, .bin, .ini, .dll, .com, .sys, .bat, .js, etc.) or even secure extensions (e.g., docx, .zip, .pdf), as vulnerabilities, macros, and other threats can be exploited. Pay attention to your email name: even if it seems legitimate, you still need to check it (by phone or any other means), or it is the person who sent you the attachment message.
Sometimes, especially under the pressure of time, it can be difficult to distinguish between malicious and legitimate files. Use VirusTotal to scan suspicious files by simultaneously scanning them with more than 50 antivirus programs. This is much more effective than scanning files with an antivirus offline, but keep in mind that when you upload files to VirusTotal, you give them to a third party. Please note that even if the VirusTotal check fails, this does not exclude the possibility that the file may be harmful.
Think three times before opening an attachment.
9. When using Internet resources (Internet banking, social networks, messaging systems, news, online games), do not open suspicious links (URLs), especially those that point to sites that you do not normally visit.
- Be sensitive to online fraud. The most common means of misleading is phishing. Particular attention should be paid to the domain name of the Internet resource, asks for authentication data before clicking on the link: attackers may mask the domain name to make it look familiar (facelook.com, gooogle.com, etc.).Otherwise, there is a high probability to switch to phishing, which is identical to the real ones from the outside, and “give” your own authentication data by yourself.
- If you need to enter data authentication, make sure you use a secure HTTPS connection, and check the SSL certificate to make sure it is not cloned or forged.
- Harmful URLs can be encoded as QR codes and/or printed on paper, including in the form of abbreviated URLs generated by special services such as tinyurl.com, bit.ly, ow.ly, etc. Do not enter these links into your browser, but do not scan QR codes on your smartphone unless you are sure of their content and origin.
- Use VirusTotal to check for suspicious links in the same way as to scan files.
10. Be careful about leaky windows and messages in your browser, software, operating system, and mobile device. Always read the contents of these windows and do not “approve” or “accept” anything in haste.
11. When using remote access, it is necessary to restrict access using the “white list” (IP whitelisting).
12. Set limits on the number of invalid logins/passwords to be entered. Regularly review the logs, task scheduler and autoloader for unauthorized actions.
Remember, safety comes first!