Do you take time for safety?
On Linkedin, we regularly write about everything within IT, and we would like to share our knowledge with you. Norwegian companies are already good at IT, but many struggle with not having enough time. Then digital security comes second. This despite the fact that cyber attacks and other digital threats are the biggest challenge we face. That's why we share what we can so that you can make decisions that prevent and prevent the hackers from being left with your share of the pie.
This year's Christmas calendar
December 1: Your password
It is 1 December today!🤶
Every day until Christmas, we will share a tip about IT with you.
First up are the pesky passwords. The ones that have to be that long. Full of numbers, capital and small letters, there are also these special characters.
Do you really have to create long and weird passwords that you forget every time you land in to your email or Netflix?🫣
The answer is YES!
The number of characters you use in your password immediately affects how quickly a hacker can find it.
When you enter the PIN code on the bank card or in your mobile bank, four numbers are used. If a hacker wants to, they can find the four numbers immediately.
Up to 11 numbers, they can get hold of the combination you have used in two seconds.
So what is needed then? How long passwords do you really have to have?🤯
The answer is: 18 characters.
18 characters that combine numbers, special characters, upper and lower case letters. Then a hacker will spend 26 trillion years finding your password.
Conclusion? Create long and weird passwords. Preferably 18 characters, but 14 characters also works.
December 2: Enable two-factor authentication
Happy Saturday🌟 Every day until Christmas we will share a tip about IT with you, and now it's time for slot 2. Are you ready?
Two-factor authentication is hated and loved in our sprawling country.
Hated because it "steals" time, and it is a full process to land in to mail and Facebook.
Loved because it gives your digital security an extra layer.
So do you really have to stress about using it?😮💨
The answer is simple: You MUST!
Two-factor authentication is one of the simplest security measures you can take, but it has a very good effect.
We understand that it is frustrating to have to remember passwords AND enter the code from SMS or use an app. But trust us: It helps💪
Do you want a why too?
Many passwords go astray every minute of every day. What the two-factor function ensures is that even if your password is discovered, people from the blacklist will still not gain access to your user account.
Activate two-factor as soon as you can!🎅
December 3: The value of updates
Today is the 1st Sunday in Advent!🕯️
Most people might ask if you've turned on the lights on a day like this, but we want to ask something completely different: When did you last update your PC and mobile phone?🤔
Updates do come in once in a while. Not that often, but often enough that you would like to think it's a bit stressful to carry out 😅
You may not have time for the PC to restart or for the mobile phone to be connected to a charger to carry out the task right then and there.
Because even if some people update immediately to get the latest emojis (🫨🫎🪼🪻🫛), there are many other reasons to update as well.
Here are three of them:
1. Security: Updating is preventative. Everyone has weaknesses, including equipment and software. Errors are detected on an ongoing basis, and then these are fixed through updates. Then it is your job to carry out the update to be able to work safely!
2. Stability: Updating ensures better stability in your system. Then everything is in order, and there is less chance of everything freezing or getting messed up while you are sitting with a task.
3. Features: Everyone wants the latest features, right? Having the latest can streamline work processes and make more of your systems talk to each other.
Is it a bit more tempting to update now? If yes, drive on! If no, read point 1 one more time💪
December 4: Encryption
It's Monday!💪 Today is a perfect day to talk about today's topic: encryption.
🔐 What is encryption?
It is when you write a top secret document and lock that document so that no one but you or those you choose will be able to unlock it and see its contents.
Very simplistically explained, of course.
🤔 Do you have to use it?
It is not a must if you are not working with sensitive data or company secrets.
If, on the other hand, you are going to share Nissemor's Christmas cookie recipe by email, it must of course be encrypted first🍪🤶
In general, we recommend encrypting where you can, so that both top-secret Christmas cookie ingredients and your sensitive data arrive safely without you forgetting it.
December 5: Backup
Backup is neither exciting nor a fun activity to do, but is it worth it?😮💨
Say you take a ride in the sleigh with Rudolf on a regular Tuesday evening. Your mobile phone falls out of your pocket and you can't find it again. All your photos? Gone.
It hurts a little, doesn't it?🫣
Imagine if that had happened to your customer lists, supplier orders, your archive or all the sensitive data you work with? Then there is a crisis.
Backup is worth it. Always!
Since it's so boring, we don't do it manually. We have systems that do it for us. They are trygge, secure and can recover lost data in no time if the PC were to fall off the sled as well. Recommended!
Maybe you should take a backup tonight?👏
December 6: Firewall
It's December 6, and today we're going to talk about firewall👩🚒🔥
If you had asked Santa what a firewall was, he would probably have said that it is the inside of the fireplace. He knows it very well, and he is absolutely right.🎅
We don't make that many fireplaces, but a quick google search shows that firewall plates go inside/outside the fireplace at home.
So which firewall are we talking about?🤔
Our firewall is not something you can physically touch, but it is as raw as the flames.
A digital firewall is a security mechanism that controls and limits traffic between one or more computer networks to protect against unauthorized access. Fancy, right?
The firewall therefore does the same job as the security cameras outside a building and the security personnel who monitor these cameras.
This means that you decide who will be able to land on to your network💪
Unfortunately, you have to handle the pipe yourself. Good luck with that!
December 7: Email Security
Humans trying to hack you are working significantly harder than the elves at the North Pole right now🥵
That's because stealing information is very lucrative. They sell your passwords, ask the CEO to transfer some money, ask for some gift vouchers and many other strange things that many people unfortunately fail.
Businesses and private individuals lose money every day because they are deceived.
Should we try to prevent the scam? Follow along now!⚠️
Here's email security you can do on a daily basis:
💰 Always double-check people's email addresses if they ask you to take an action related to money and finances, important company information, your personal information or the like.
📱 Always confirm your account number, social security number and other important numbers over the phone or in person rather than email and SMS.
💪 Always have the spam filter on.
👀 Always wear encryption. Nice to have!
🤔 Always be (a little) skeptical of new mail, unknown mail, mail with new names and mail that comes outside a context you know.
Not everyone has built up the knowledge to get a bad feeling if something happens in the inbox yet. Therefore, we recommend having a dose of skepticism with you at all times.
December 8: How to spot fakes websites
Have you fixed any Christmas presents online lately?🎅💸
Unfortunately, many people are being tricked by fake online stores these days.
It's incredibly hard to lose money during these holidays, so you should remember some simple online safety when you surf:
- If it's too good to be true, then it probably is. By that we mean both the price, the product and the delivery time.
- Is the online store real? Quick checkpoints you can take are to check the website address, the language on the page, contact information and address, org.no and whether they have a contact form.
- Google experiences others have had before you go to checkout. Many people are good at telling exactly how the experience has been before you, so you don't fall into the same trap.
- Never use your personal card online where the entire salary is ready. Instead, use other payment solutions or credit cards so that you can easily undo the transaction or get help with it via your card provider.
We hope these tips take you a long way 💪
December 9: Your emergency plan
What would Santa have done if all the presents were suddenly stolen just 13 days before Christmas?🤯
Does he have a backup of gifts? Can he get them back in a kind way? Can he produce a whole year's worth of presents in time for Christmas Eve?
Yes, this is fictional, but what if we swapped the words "Santa" and "gifts" with you and all the data you've ever produced?
In minutes, everything you've worked for can be encrypted. And the only person who has the password is a guy on the bad list.
Then you have to take out your emergency plan!💪 Is it in place?
A contingency plan should at least contain the following:
- Checklist with concrete tasks that must be initiated when an attack is detected.
- List of responsibilities and organization of the people to be involved.
- Notification and communication to employees, customers, suppliers and the media.
- A plan for handling and isolating the attack.
- A plan for the aftermath, the consequences that may occur, loss of trust and brand, response from external parties and the media.
Everyone should have an emergency plan. On our BLOG you can find 7 reasons why you should write one before the end of the year: Contingency plan for IT: What it is and why you should have it
10.-12. December: Safety training
Safety training... Just the word makes us yawn🥱 Is that something you do?
We learn that several companies' "training" is a sheet with some points that all employees must sign that they have read.
Such a routine is boring, it's awkward and unfortunately it doesn't work. Not when we know that over 90% of successful cyber attacks happen due to human error🥵
Human error happens because we don't know better.
We don't know what to look for, and we have no idea how to handle it if we first make a mistake.
That's why you have to raise the level of safety training💪
The more knowledge your people have, the better they can be part of your defense against cyber attacks.
Do you want tips for safety training? Read more here: Get to know our new partner: CYBR
December 13: Risk assessments
Happy Santa Lucia!🕯️ Today we will address the word "risk assessment". Do you have to carry out risk assessments in your company?👩💼🧑💼👨💼
A risk assessment is made based on many things. When we carry out a risk assessment, we look at, among other things:
- Digital systems in use. Suddenly, completely unknown systems may appear that a department or two would like to use😅
- Active access among permanent employees, temps, externals, the board, etc. Does Anton still have access even though he quit 4 months ago?
- Data storage and handling from day to day. Is everything stored on the desktop or in the cloud?
- Knowledge of security within the company. Does everyone know what phishing is and how not to get scammed?
- Knowledge of suppliers' security. Suddenly they can become the front door to your systems🤯
Have you ever done such a risk assessment?
We recommend that. That's because what you don't know about, you can't do anything about. So, you can be hacked already without knowing it.
Get an overview so you know where your security holes are and where the risk lies. Have fun with the fluffy cats!🧑🍳
December 14: Phishing and smishing
Have you been scammed by email or SMS? Then you should read on.
Being exposed to email scams is called phishing in the technical language. On SMS it is called smishing. Far too many people have experienced this, and it's so crazy!
These tricks cost Norwegians large sums of money every year. And a survey shows that 90% of all successful cyber attacks start with a phishing attempt (cloudflare.com).
So how to prevent it from happening to you?😩
👉 We have collected our best tips for you on our BLOG. Read more here: How to protect yourself from phishing
Read the tips, and be critical of things that end up in your inbox, and this should go well.
15.-18. December: Fraud methods explained
We Norwegians are known for being a bit naive, and it's cute every now and then, but not when it has big consequences for us😩
Therefore, we will strike a blow for the opposite of naivety, namely skepticism.
Skepticism may not be immediately triggered, but knowledge is indeed power, and it can also make you more skeptical when you learn how you can be deceived.
Let's look at some fraud methods that there is a high chance of happening to you🫢👇
👂Spoofing/phone fraud: Is when someone pretends to be someone else to build trust and get information from you. Financial gain is most often the fraudsters' goal.
👮 Fraud with authorities: Fraudsters often make use of a trick that should give them automatic "trust" when dealing with you. Therefore, they may appear to be the police, the municipality, the tax authority or another actor who of course needs your social security number, your telephone number and your bank ID. Many are more willing to give up information when faced with organizations with natural authority.
🧑💻 Director fraud (CEO fraud): A fraud method that is frequently used among small and medium-sized companies. The fraudsters masquerade as an employee on e-mail, often a manager, and ask an employee responsible for money to fix a bank transfer, buy some gift cards or pay an invoice.
💸 Invoice fraud or account number fraud: When the fraudsters get to know subcontractors or partners who naturally send an invoice, they can change the account number for where the money is going or send additional invoices that are not genuine. In this way, companies incur direct losses, but believe that everything is as it should be.
Build up a skeptical gut, folks! And trust it. Block emails, double-check with people you trust and hang up if you're skeptical.
PS: We've had a technical problem here at Linkedin, ironically enough. So we have therefore combined 15.-18. December in one 🎅
December 19: Data leaks
Now there are only a few days left until Christmas! Anyone ready for vacation?🎅🌟 So are we, but we have five tips left to share with you before we sign off.
Misplaced passwords are troublesome things. Not only is it troublesome to invent new ones all the time, but if you use the same password in several places it can become a big job to clean up.
Lost passwords don't happen by themselves. Often it happens because of a data leak.
Why does a data leak affect you and your life then?🫣
Data leaks occur when hackers get hold of data from an actor many people use. Such as a social medium or a streaming service.
If their data is stolen, many hackers choose to leak it. Then your information can suddenly become available to the entire internet.
It makes you a tempting victim🤯
Hackers can then have both your email and a password that you may use in several places. Their next step may then be to deceive you for money, information and much more⚠️
Are you aware that passwords may be misplaced? Change immediately!
December 20: DDos attack
What do DDos attacks and the tax settlement have in common?😅 We'll tell you!
When the Swedish Tax Agency can reveal that your tax settlement is ready, it is a short time from when you are notified until you check. Everyone wants to see if there will be an extra nice holiday or overtime this year🫢
If the Swedish Tax Agency sends this message to too many people at once, their page will crash. Their website is simply flooded with us citizens.
DDos attacks can be compared to what happens on skateetaten.no. Only that this is an attack that happens on purpose!
DDos stands for “Distributed Denial of Service”, and can be translated into a denial of service attack. Then attackers do everything they can to overload your website.
The aim of such an attack is that precisely _you_ should not gain access.
This has been experienced by several large players in Norway. Among other things, the National Security Authority and Statistics Norway. Read more here: New DDos attacks against Norway
Do you need to worry about this? Well, if you deal with information that is of interest to a large target group, then the answer is yes.
December 21: Zero day vulnerability
The naughty list is probably far too long for Santa this year. There are endless hackers out there. And they are especially ready for something called Zero day vulnerabilities...🥵
A zero day vulnerability is when a software or computer system has a weakness that the developers are not aware of.
The term "zero day" refers to the fact that there is no time to correct the problem before hackers can take advantage of the weakness that is there.
This means that the hackers can do all the more damage, and it becomes a race between the developers who have to create protective measures and the hackers🫣
Preventing this from happening requires both a good system at the bottom, a rock-solid contingency plan and experts who can contribute to good choices in a short time.
Want to read an example? Norway experienced a very extensive vulnerability back in 2021. You can read about it here: Critical vulnerability was announced on Friday: This is how it can affect you
December 22: Brute Force attack
Brute force is an expression we rarely talk about, but why not before Christmas?🎅
This is an attack method that is widespread and known. That's why we want to teach you what it is!
Brute Force attacks occur when attackers systematically try to guess passwords or authentication information, often by testing thousands of combinations per second. It's like trying all the keys on a giant digital lock with you🔑
Preventing such an attack is not easy, but it is possible:
- Use two-factor authentication or multi-factor authentication
- Limit the number of logins where possible
- Choose passwords that are difficult to guess (remember the first slot in the Christmas calendar?)
Good luck!
December 23: Ransom virus
There are many consequences that companies can experience from a digital attack. One of the worst? Ransom virus👀
Ransom virus or ransomware is when hackers demand money to get all your data back.
Norwegian companies experience this every day, but it is unknown how many actually end up paying.
Seeing your life's work crumble because someone has stolen everything you own can do a lot of damage. We understand that!
So how to prevent it from happening to you?
Then you must be careful and follow the safety advice that exists. Many of them mentioned earlier in our Christmas calendar. So scroll down and enjoy reading!
December 24: Merry Christmas and Happy New Year!
The day is finally here! A very merry Christmas🎅🥳
We end the calendar with a very simple piece of advice this Christmas: Enjoy yourself and relax!
When your head gets a break, good ideas can emerge, new thoughts arise and perhaps exciting goals for the new year come to you? We hope that, through this year's Christmas calendar, you have received good input on what to spend your time on in 2024. In any case, we are here for you if you want tips and advice for the way forward.
Have a very Merry Christmas and a Happy New Year!🌟🎉
