Category Archives: Social Media

Online Shopping Safety Tips

Using Public Wi-fi

“If you are shopping on your phone or computer and using an unknown WiFi connection, save the purchases for later. Don’t enter any personal information such as name, address, or credit card number until you are on a secure and known connection.” – Loki Labs, www.lokilabs.io

Visiting a New Website

“Check the seller’s customer satisfaction ratings. Review other user’s comments and check out the seller’s rating on sites like Google Shopping. Low “star” ratings may provide a red flag that cautions you to find a more reputable seller.” – Diverse Concepts, www.dciits.com“Check the Better Business Bureau website to see if there are a large number of complaints about the seller. https://www.bbb.org/greater-maryland/” – Diverse Concepts, www.dciits.com

“Go directly to the seller’s site rather than clicking a “coupon” link that was sent to you by an unknown source. Scammers can often use a tactic called cross-site scripting to craft a hyperlink that appears to be the actual merchant site but actually relays your credit card information to the scammer when you put your payment information into the payment web form. Unless you can verify that a coupon came from the actual vendor’s site to which you have already subscribed, it’s best to avoid random coupons with unknown origins.” – Diverse Concepts, www.dciits.com

“Find out the seller’s physical address. If the merchant only has a P.O. box listed, then that may be a red flag. If his address is 1234 in a van down by the river, you may consider shopping elsewhere.” – Diverse Concepts, www.dciits.com

“Check the seller’s privacy policy. While we might not think about it, some sellers resell our personal information, buying preferences, and other data to market research companies, telemarketers, and spammers. Read carefully and always make sure that you are opting-out and not opting-in when asked whether you want to have your information shared with “3rd parties” (unless you like a lot of spam in your e-mail). You may also want to obtain a separate e-mail account to use while shopping online to avoid clogging up your personal e-mail box with the barrage of sale ads and other junk mail that is frequently sent out.” – Diverse Concepts, www.dciits.com

“If you’re buying something on a new website and they want you to sign up for an account, use a new password. Never use the same passwords for shopping sites as you do for anything else, such as email, bank logins, etc. (It’s a good idea to use a different password for every site you go to but this is especially important.) Even if the company you’re purchasing from is legitimate, you don’t know who might have access to their database now or in the future.” – Loki Labs, www.lokilabs.io

Resources:

Recognizing and Avoiding Spyware

What is spyware?

Despite its name, the term “spyware” doesn’t refer to something used by undercover operatives, but rather by the advertising industry. In fact, spyware is also known as “adware.” It refers to a category of software that, when installed on your computer, may send you pop-up ads, redirect your browser to certain web sites, or monitor the web sites that you visit. Some extreme, invasive versions of spyware may track exactly what keys you type. Attackers may also use spyware for malicious purposes.

Because of the extra processing, spyware may cause your computer to become slow or sluggish. There are also privacy implications:

  • What information is being gathered?
  • Who is receiving it?
  • How is it being used?

How do you know if there is spyware on your computer?

The following symptoms may indicate that spyware is installed on your computer:

  • you are subjected to endless pop-up windows
  • you are redirected to web sites other than the one you typed into your browser
  • new, unexpected toolbars appear in your web browser
  • new, unexpected icons appear in the task tray at the bottom of your screen
  • your browser’s home page suddenly changed
  • the search engine your browser opens when you click “search” has been changed
  • certain keys fail to work in your browser (e.g., the tab key doesn’t work when you are moving to the next field within a form)
  • random Windows error messages begin to appear
  • your computer suddenly seems very slow when opening programs or processing tasks (saving files, etc.)

How can you prevent spyware from installing on your computer?

To avoid unintentionally installing it yourself, follow these good security practices:

  • Don’t click on links within pop-up windows – Because pop-up windows are often a product of spyware, clicking on the window may install spyware software on your computer. To close the pop-up window, click on the “X” icon in the titlebar instead of a “close” link within the window.
  • Choose “no” when asked unexpected questions – Be wary of unexpected dialog boxes asking whether you want to run a particular program or perform another type of task. Always select “no” or “cancel,” or close the dialog box by clicking the “X” icon in the titlebar.
  • Be wary of free downloadable software – There are many sites that offer customized toolbars or other features that appeal to users. Don’t download programs from sites you don’t trust, and realize that you may be exposing your computer to spyware by downloading some of these programs.
  • Don’t follow email links claiming to offer anti-spyware software – Like email viruses, the links may serve the opposite purpose and actually install the spyware it claims to be eliminating.

As an additional good security practice, especially if you are concerned that you might have spyware on your machine and want to minimize the impact, consider taking the following action:

  • Adjust your browser preferences to limit pop-up windows and cookies – Pop-up windows are often generated by some kind of scripting or active content. Adjusting the settings within your browser to reduce or prevent scripting or active content may reduce the number of pop-up windows that appear. Some browsers offer a specific option to block or limit pop-up windows. Certain types of cookies are sometimes considered spyware because they reveal what web pages you have visited.

How do you remove spyware?

  • Run a full scan on your computer with your anti-virus software – Some anti-virus software will find and remove spyware, but it may not find the spyware when it is monitoring your computer in real time. Set your anti-virus software to prompt you to run a full scan periodically
  • Run a legitimate product specifically designed to remove spyware – Many vendors offer products that will scan your computer for spyware and remove any spyware software. Popular products include Lavasoft’s Ad-Aware, Microsoft’s Window Defender, Webroot’s SpySweeper, and Spybot Search and Destroy.
  • Make sure that your anti-virus and anti-spyware software are compatible – Take a phased approach to installing the software to ensure that you don’t unintentionally introduce problems

Avoiding Social Engineering and Phishing Attacks

Author US-CERT Publications

Do not give sensitive information to others unless you are sure that they are indeed who they claim to be and that they should have access to the information.

What is a social engineering attack?

In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization’s network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.

What is a phishing attack?

Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. For example, an attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.

Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as

  • natural disasters (e.g., Hurricane Katrina, Indonesian tsunami)
  • epidemics and health scares (e.g., H1N1)
  • economic concerns (e.g., IRS scams)
  • major political elections
  • holidays

How do you avoid being a victim?

  • Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
  • Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
  • Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
  • Don’t send sensitive information over the Internet before checking a website’s security.
  • Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
  • If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group.
  • Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic.
  • Take advantage of any anti-phishing features offered by your email client and web browser.

What do you do if you think you are a victim?

  • If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
  • If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
  • Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
  • Watch for other signs of identity theft.
  • Consider reporting the attack to the police, and file a report with the Federal Trade Commission.

Source

Nine Ways to Prevent Cyber Security Breaches

In a world where the majority of our transactions and interactions happen online, individuals and companies alike are in a constant struggle to safeguard their information and maintain security. it’s time to fine tune those privacy settings and up your protection levels to prevent fraud and information hacks. Here’s some of the top ways to secure your online presence:

  • Create a Strong Password

This may seem like a no-brainer, but the first step to creating a secure account is to choose a unique password with strong characters. Your pet’s name followed by a birthday or address number probably is not your best bet. Websites usually require a password between eight and 20 characters and while not all require a special symbol; it’s always a good idea to include one or two. Craft an impenetrable “code” so complex that people even close to you are unable to easily log into your accounts. Make sure you keep the passwords you choose written down in a safe place and don’t chose the same password for every one of your accounts. Want to take things one step further? Plan to change your passwords every few months.

  • Be aware of what you’re posting

In the growing world of social media, people are more open to posting anything and everything about themselves for the world to see. It’s important to learn about the privacy setting options available for each channel. As a general rule of thumb, content should only be visible to immediate friends and family and not open to the public. It’s best to keep your profiles private to add an extra wall of security to your information and personal life.

  • When it comes to finances, go directly to the company

While this may seem like common sense, you should never provide confidential financial information over the phone. A common trend we’re seeing is hackers calling people and requesting verification on an account with private information. No company will ever call you from an unknown number saying your information has been on non-reputable websites. It’s important to contact your financial institution directly if something like that happens, so you can confirm legitimacy before divulging private information to what would be a complete stranger or hacker.

  • Be careful where you share your social security number

Even the last four digits of your SSN with your name and birthday attached will easily allow someone to take your identity. Make sure if you’re sharing this information, it’s absolutely necessary and it is with a company you can trust. Don’t share this information over the phone with someone you have not yet verified to be an actual employee to whatever company your account is associated with. Never use any part of you SSN in a password or for authentication unless it’s required.

  • Back up your information to a secure network or drive

If something were to happen resulting in your personal information being compromised, it’s important to have it copied over into a completely separate place. Recent hackers have been able to lock users out of their computers and threaten to get rid of all their information unless they were to pay the hackers. Having your information backed up will ensure that you have everything protected and you won’t need to feed into the hackers’ games.

  • Always update your software
    Privacy software and antivirus protection will always have updates that include new ways to protect your computer and information. Make sure to keep updated with the newest versions of any software as a way to protect your files. Your system will normally install new security patches that the company has created to keep out the newest and best generations of hackers.
  • Don’t join Wi-Fi networks you don’t know

To put it simply, unlocked networks are not usually the best idea. It’s critical to know who runs the network and what they have access to when you connect to their Wi-Fi. Random networks will often pop up as an option and it can be very tempting to just tap into a free network, but that can be an instant threat considering you have no idea who is on the other side or what they’re capable of. Anyone can be on that network and with free software online, it’s no trouble to log in as you and see all your information; contacts, documents, what you’re sending, pictures – anything.

  • Don’t open that strange link

Malware is all over the internet and we’ve likely all been made aware of phishing email schemes, which are the key culprit in spreading malware. Never open a link or attachment unless you know who sent it to you and what it is supposed to contain. Opening a random link that may look legitimate could immediately download malware onto your device bring you to a scam website. It can be a quick tell if you suddenly start getting pop-up ads or if your device starts slowing down or shutting down unexpectedly. If you have a suspicion that your computer may have been hacked, remember to stop all use of internet accounts and private information. Contact tech support for the company you have purchased your device through and see what they suggest for your specific case.

  • Dispose of your information safely

When getting rid of your device, make sure to do a backup and then a factory reset. This eliminates the information and settings once saved to your device. It’s always smart to check it over to make sure the information is really gone after performing a factory reset. Be sure to also recycle your device in a safe manner, taking it to a company or person you trust to completely wipe the device free of your information. Remove any SIM or SD cards and erase any contents or transfer them to the new device. After getting information through the mail, make sure to shred any sensitive information and dispose of the papers or cards in a safe place.

Source

Google penalizes sites with pop-up ads

Google is cracking down on mobile pop-up ads by knocking down the search-result position of websites that use them.
The National Labor Relations Board decided a social media policy that Chipotle had in place for its employees violates federal labor law.
A group of lawmakers plans to introduce legislation that would criminalize revenge porn—explicit images posted to the web without the consent of the subject—at the federal level.
The Truth in Advertising organization sent the Kardashians a letter threatening to report them for violating the FTC’s endorsement guides. This isn’t the first time the legality of the famous family’s social media posts has been called into question. If only Kim would read our influencer marketing blog posts.
According to one study, 68% percent of publishers use editorial staff to create native ads.
Twitter launched a button that a company can place on its website to allow users to send a direct message to the company’s Twitter inbox.
UK lawmakers issued a report calling on the big social media companies to do more to purge their platforms of hate speech and material that incites violence.
Social media is playing bigger role in jury selection, Arkansas prosecutors and criminal defense lawyers say.

Source

What’s affiliate marketing? Should I care?

by Rosario Méndez

Many of the ads you see online are created by marketers who are paid each time you click on their ad. And if that click takes you to a website where you sign up to try a product or you make a purchase, the marketer may get paid even more. These are affiliate marketers. They are hired by the owner of the product to promote it on social media, on websites, and through email. Sometimes networks of affiliate marketers negotiate the rate marketers will get paid per click, per sign-up to try the product, and per purchase. Everyone from the merchant to the affiliate marketers gets a cut. And all these people may be tracking you, too, just from that one first click.

Affiliate marketing is a good way to promote a product or service as long as the ad is truthful. The problem is that some dishonest affiliate marketers put out ads with exaggerated claims or misleading information to get people to click. They may say anything to get you to click on their ad because they have an incentive – getting paid. Check out the infographic we created to explain this.

Sometimes deceptive ads could be bait for a scam. Take, for example, a low-cost trial scam that the FTC stopped recently. People who clicked on ads placed by affiliate marketers for a “free” trial ended up on a website that offered the product trial for $1.03. That amount is not much, but it’s not free. In fact, people who bought the trial for $1.03 ended up being charged almost $200 monthly for a second product they didn’t even want. We explained what happened in this infographic.

So, the next time you see an online ad, pause before clicking. Ask yourself:

  • How do I know who’s truly behind the ad?
  • Do I know if they’re being truthful? Is someone being paid to get me to click?
  • Who is tracking me when I click on the ad? And who is getting that information about me?

And if the ad says one price, but when you click on it you land on a website that says something else, you may have landed on a scam. No matter what, check your bills to be sure you’re not being scammed.

Source

Internet Safety for Kids in 10 Steps

These 10 actionable tips will improve the Internet safety for your kids and we recommend that you follow them now.

1. Make sure to always have access to your child’s computer.

It doesn’t mean that you need to verify every day what happens on the computer. But once in a few weeks, you can take a look on what websites have been accessed or what kind of content has been downloaded on the system. If you have the possibility, monitor the chat rooms, the IM applications and the received e-mails.

2. Teach your children about online dangers.

Learning is not a destination, it is a process. In a changing environment we need to establish fast the limits of our liberty to access unfiltered content and the potential dangerous phishing attempts that could pose a threat to our families.

3. Let them teach you. Or simply listen to them.

Staying online is a risky business and we cannot really predict where a discussion or comment will take us or what type of people we may encounter on a social media platform.

4. Online actions have real consequences.

It is difficult to understand for a child that Internet is a dangerous location. How could anyone explain a child what a sexual offender is, when they didn’t even start their sexual education?

5. Install a good antivirus product on the computer.

Are your children using a separate computer from you? Are you using the same computer? It doesn’t really matter. Security is security and each computer should be protected from online threats and malicious software.

6. Use parental control software to monitor your child’s online behavior.

Software companies have already considered the possible issues that could appear from kids’ unrestricted access to online content. For this reason, we find many parental control solutions that address and try to limit this problem.

7. Keep your child’s software up-to-date.

Make sure the Windows operating system used by your child has all the latest security patches installed. These updates are important because they contain stability and security fixes that shield the system against cyber-criminals attempts.

8. Don’t let them go online without anti-spyware protection.

Spyware is a software program that monitors your private Internet connections. But, as everybody knows there are many signs of alarm that could indicate such an infection on the system.

9. Secure your Home Wireless network.

The home Wi-Fi network is usually accessed only by members of the same household, but that doesn’t mean that dangers don’t exist and additional steps should not be followed to increase the home network security level.

10. Pay attention to WiFi networks outside your home.

Your children may be safe at home, but with so many Wi-Fi public networks they connect to, how can we be sure they will remain safe?

Safety Tips for Your Mobile Devices

That smartphone in your pocket – or your tablet or laptop – contains significant information about you and your friends and family – contact numbers, photos, location and more. Your mobile devices need to be protected. Take the following security precautions and enjoy the conveniences of technology with peace of mind while you are on the go.

Keep a Clean Machine
  • Keep security software current on all devices that connect to the Internet: Having the most up-to-date mobile security software, web browser, operating system and apps is the best defense against viruses, malware and other online threats.
  • Delete when done: Many of us download apps for specific purposes, such as planning a vacation, and no longer need them afterwards, or we may have previously downloaded apps that are longer useful or interesting to us. It’s a good security practice to delete all apps you no longer use.
Protect Your Personal Information
  • Secure your devices: Use strong passwords, passcodes or other features such as touch identification to lock your devices. Securing your device can help protect your information if your device is lost or stolen and keep prying eyes out.
  • Personal information is like money – Value it. Protect it.: Information about you, such as the games you like to play, what you search for online and where you shop and live, has value ‒ just like money. Be thoughtful about who gets that information and how it’s collected through apps and websites.
  • Own your online presence: Use security and privacy settings on websites and apps to manage what is shared about you and who sees it.
  • Now you see me, now you don’t: Some stores and other locations look for devices with WiFi or Bluetooth turned on to track your movements while you are within range. Disable WiFi and Bluetooth when not in use.

Connect with Care

  • Get savvy about WiFi hotspots: Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your laptop or smartphone while you are connected to them. Limit what you do on public WiFi, and avoid logging in to key accounts like email and financial services. Consider using a virtual private network (VPN) or a personal/mobile hotspot if you need a more secure connection.
  • When in doubt, don’t respond: Fraudulent text messages, calls and voicemails are on the rise. Just as with email, mobile requests for personal data or immediate action are almost always scams.

Source

Cyberbully Protection | Psychology Today

WHAT’S ON YOUR MIND?

R U there?  Can U hear me?  Will U plz make it stop?  My life is ruined.  I can’t show my face in public again…  No 1 listens, who can I turn 2?  R U there?  Plz make it go away:(

Cyberbullying words can cut and oftentimes the victim feels alone, scared, anxious, depressed and like there’s no one who understands them.  Although cyberbullying doesn’t directly inflict physical harm it does cut psychologically.  Sometimes it leaves scars that don’t heal.  Teens can quickly spiral to the dark side and have depressed thoughts that parents couldn’t even begin to fathom.

Do you worry about your teen being involved with cyberbulling?  According to a study released recently by the American Osteopathic Association, parents are concerned about the well being of their child in cyberspace.  The survey polled more than 1,000 parents of teenagers aged 13 to 17 and found that 85 percent of parents reported that their children had social media accounts and about 52 percent of parents admitted to being concerned about cyberbullying.  The study also revealed that one in six parents knew their child had been the victim of a cyberbully.  Additionally, most of the cyberbully reports were not a onetime occurrence but were repetitive.

Approximately 91 percent of parents believe they, not teachers, are responsible for preventing the long term effects of cyberbullying.   More than 75 percent of parents reported that they discussed cyberbullying with their children, while 86 percent said they joined their child’s online social network to help monitor their teens’ interactions online. Also more parents (2 out of 3) reported monitoring the security settings on their teen’s social media accounts.  And just who are the worst offenders?  This study found that girls are more likely to be the cyberbully.  About two-thirds of cyberbullying was done by girls, making it twice as common among girls as boys.

So what can parents do to protect their teen from cyberbullying?  For starters, review the tips below with your teen.

Top Sixteen Cyberbullying Protection Tips for Teens:

1. If you’ve become a victim of cyberbullying, take down your page(s)!  No exceptions!

2. Don’t fill out those online surveys.  If you do, be very selective about what kind of information you post.  No personal information!

3.  Give your parents access to your accounts.  This is for your protection.

4.  Only accept close and “real friends” to your social media sites.

5.  Don’t talk to strangers.  If you don’t know them, block them from your site.

6.  Don’t reply to any degrading, rude or vulgar posts.

7.  Block all people from your site who post those things in tip 6.

8. Report inappropriate posts, pics, videos, etc., to site operators.

9. Don’t delete inappropriate material.  Take a screen shot; print it out, or save it.  This is your evidence should you need it in the future.

10.  If a friend tells you that they see something bad about you online, ask him to print it out or save it for you.

11.  Tell a parent or a trusted adult if you are a victim of cyberbullying.  Don’t keep silent.

12. Never, ever, share personal information with others online that can come back to bite you.  If you want to share something big with a friend, do it face to face.  Don’t do it online where the world is your audience.

13. Never, ever, share your username and password with anyone except a parent.

14.  Make your username and password unique so that no one can figure them out.

15.  Don’t ever provide an itinerary of your day on your social media site(s).  It is not safe for others to know every step that you’re going to be making during the day.

16. Take a stand against cyberbullying.  Don’t only stand up for yourself but get others involved as well.  For example, start a school wide campaign.  If you are a victim of cyberbullying you are not alone.  Help break the silence and let’s put an end to bullying!

Source

The Hackable Human – 6 Psychological Biases that Make Us Vulnerable

INTERMEDIATE READ

There’s a red thread that you can follow in each story about cyber attacks. If you pay attention, you’ll see how human nature is deeply rooted in the mechanics of successful cyber compromise.

Technology is only half of the story. When cyber crooks launch their assault on your devices and data, they don’t target just the security holes on your system. They also aim to prey on your weaknesses.

But how do attackers know which buttons to push to make users click on infected links, even when all the signs spell “danger”?

Today’s article focuses on just that: some of the cognitive traits that make us, humans, hackable (myself included, of course) and how to fight them.

Social engineering and its many tentacles

When you think about cyber criminals, you might be tempted to reduce them to the “hoodie-clad, lone wolf who does nothing but code” stereotype.

However, nowadays, cyber crooks are highly skilled in the art of digital illusion. They have a strong portfolio of tactics and knowledge, including:

  • what Internet users like to do online and which brands they trust
  • which wants and desires make these users act towards achieving them
  • which technology products have the most vulnerabilities that can be exploited
  • where they can purchase malware that can get them what they want (money, data or both)
  • how they can build a business by recruiting more cyber criminals to spread their malicious software.

When all the elements I’ve just mentioned come together, you get a rough definition of what social engineering is. Its mission is clear: to persuade the victim to give up confidential information or perform actions that cause a security breach.

Anything you can think of, cyber criminals use on a daily basis: instilling fear, creating confusion, impersonating trusted people or entities, sabotage and a plethora of other mind games.

To bring down the bigger targets, social engineers spend time thoroughly documenting their attacks. They have to make sure that their plan can be executed to perfection. If you’ve watched Mr. Robot, you know how it works. (If you haven’t watched it, please do.)

The further you move from clear thinking and rational decision-making, the stronger the grip that cyber criminals have on you.

Our imperfect human nature turns us into liabilities for our own online safety. Add carelessness and distractions to the equation and you have the perfect scenario for an attacker to take advantage of.

The sooner we accept our faults, the faster we can learn to become stronger when confronted with cyber threats.

6 Psychological biases that favor bad decisions

Certain thinking patterns breed poor decision-making. Just like hanging out with the “cool” gang in high school gets to many teenagers to start smoking.

The 6 preconceptions below are traps we set up for ourselves and which Internet crooks exploit. It’s time to be honest with ourselves and admit that we can do better.

1. Anchoring bias

When you first bought a computer, you were probably told or found out that you need antivirus. Ten or twenty years later, you probably still believe that antivirus is the only solution you need to keep your computer safe.

This is the anchoring bias in action! Relying too much on the first piece of information you received (the “anchor”) will affect how you act going forward.

If your job and your personal life have changed in the past 10 years, then so has Internet security. It’s time to let go of the past and make decisions based on what’s going on at the moment.

anchoring bias

2. Availability heuristic

“I don’t need antivirus or other security products. My brother doesn’t have antivirus and he never got hacked!”

The availability heuristic makes people overestimate how important the information that’s available to them really is.

Knowing someone who somehow got by without AV doesn’t mean that roaming around the web without any kind of protection guarantees your safety. That person may have a ton of malware on his PC without even knowing it.

So remember: the related situations you know are not the industry average. A tiny bit of research using trustworthy sources will give you a better impression of what’s objectively recommended.

3. Information bias

More information isn’t always better. This is what the information bias is all about.

You’ll find this to be especially true in cyber security. It’s easy to get caught up in all kinds of details, but you don’t need all those details to strengthen your online safety. You just need the right ones.

That’s why you may find it difficult to make a decision after reading tens of articles on the subject. The deeper you dig, the more complex it becomes.

I’m not saying you should fall into the anchoring bias I mentioned earlier. But you should choose the details that suit your purpose and acton them.

Internet security advice is abundant, but applying it is what makes a real impact.

4. Ostrich effect

“Look at all this news about cyber hacks! There’s nothing I can do about it, so I’ll just ignore it.”

As you can imagine, this bias comes in when we stick our heads in the “sand” and decide to just ignore negative information.

But we both know that ignoring an issue doesn’t make it go away. As humans, we may be hardwired to avoid psychological discomfort, but acting on this feeling is when change happens.

If you’re uncomfortable with negative cyber security news (which is torrential nowadays), it’s because you know that even you could become a victim. But sitting idly by is not going to stop that.

Ostrich effect

5. Placebo effect

You already know this one and you probably stumble upon it more often than you realize.

“I don’t go on any strange website, so there’s no chance I’ll get infected.”

Or: “Antivirus is all I need to keep my data and devices safe.”

The placebo effect might make you feel safe, but it doesn’t mean that you are safe. Cyber criminals don’t get scared because you strongly believe in your cyber security habits.

So don’t mistake your perspective for reality. They rarely overlap in Internet security matters.

6. Overconfidence

“If I got infected with malware, I would know.”

This well-established bias is all about people who are too confident of their abilities. It can happen to anyone, but overconfidence can trick you into making bad decisions.

Remember that this is a subjective perspective, so you should check the facts to see if you’re not building a false sense of security.

Oh, and if you did get infected with malware, you most likely won’t notice. Second-generation malware, which roams the Internet today, is incredibly stealthy and damaging. It can infect your computer in a matter of seconds and trigger the attack at specific moments (for example, when you do online banking transactions).

It’s important that you train yourself to spot threats and avoid them, but your intuition, skills and experience can’t replace cyber security technology.

Developing cognitive humility

These 6 cognitive biases are a gold mine for cyber crooks of all ranges. They know that people tend to neglect cyber security because of these preconceptions or because they lack the time or skills to do better.

By becoming aware and accepting that we have our limitations and weaknesses, we can help us develop better strategies to protect us from ourselves. Not just in cyber security, but in life as well. This is what it takes to build cognitive humility.

So try to take a few minutes now to go over the biases listed above and see if they got in your way lately. Making a conscious effort to “override your default settings” can help you gain clarity and make better choices for your cyber safety.

The one key habit to cultivate your Internet safety

How you perceive things, your outlook basically, determines your actions. A perspective distorted by biases cannot lead to sound decision-making.

If you think that you don’t need anything else than antivirus on your system, you may continue to be exposed to nasty financial malware or ransomware.

In the malicious hacker’s playbook, mental weakness = vulnerability. Attackers don’t exploit this with technology, but, as you now know, social engineering comes with a large toolkit.

cyber criminal

Counteracting inevitable missteps is certainly possible. All it takes is sticking to one key habit that I’ve found helped me a lot. But before I share it, let me ask you:

Have you noticed how we think more clearly after something bad has already happened?

In hindsight, we make better decisions because we’re not limited by fear or scared of the unknown. At that stage, we’re not overwhelmed by emotion. Instead, we rely on logic and see things for what they are.

In real-life, however, I noticed that we’re more inclined to learn from our own mistakes rather than others’. It’s natural, and I’ve done the same many times over. But in cyber security (and some other fields), personal mistakes are usually costly experiences.

So the right moment to decide which cyber security products you should use and which advice is worth applying is now! Not tomorrow, not the next weekend.

“Now” is a great time. A time that’s not troubled, when your computer is malware-free and there are no constraints to rush you into poor decisions.

Source