Hi, when we’re out and about, it’s common to look for a Wi-Fi network so we can connect quickly…

But not all connections are equally secure.

Let’s take a look at what we need to keep in mind to connect securely.

In places like airports, train stations, and coffee shops, the use of public Wi-Fi networks is very common.

However, these networks may be insecure and allow third parties to intercept information or access our data.

That is why it is important to pay attention to:

– The type of network you’re connecting to.

– The information you transmit while you’re online.

– And the security of the device itself.

Because in these situations, cybercriminals can exploit insecure connections to gain access to sensitive data.

To avoid this:

– Avoid connecting to open or unsecured Wi-Fi networks.

– Use a VPN if you need to connect to public networks.

– Do not make any payments or access sensitive information.

– And it automatically disconnects when you’re not using it.

And you know… disconnect from work, not from security.

IMPORTANT NOTE:

If, despite complying with all these measures, you encounter situations that do not conform to the level of security required or established in internal policies, do not hesitate to inform your line manager, the Security Manager, security personnel and/or the IT department, depending on the type of suspicion.

If it happens to you on a personal level, report it directly to the police authorities, so that they can give you appropriate advice and conduct an investigation.

La entrada SECURE&TIP: WIFI NETWORKS se publicó primero en Secure & Academy.

Hello, now that we’re already thinking about taking a break, there’s something we shouldn’t lose sight of…

Our cell phone has become an essential tool for everything: running errands, accessing information, and staying in touch.

Let’s take a look at what we need to keep in mind to use it safely.

These days, cell phone use has increased significantly: we use them to make reservations, pay bills, look up information, and stay in constant contact.

This intensive use also increases risks, such as unauthorized access to the device, the installation of malicious apps, or the exposure of personal and professional information.

That’s why it’s important to pay attention to how you protect your device on a daily basis:

– Access to the cell phone and who can use it

– The protection of the information it contains

– And situations in which you may be exposed or have no control over

To avoid this:

– Secure access to your device with a PIN, pattern, or biometric authentication, and enable two-factor authentication whenever possible.

– Also, lock down your apps and use recommended security solutions.

– Keep your system and apps up to date, and review the permissions you grant.

– Always use secure and reliable Wi-Fi networks, and avoid public or unsecured connections.

Remember, log out safely.

IMPORTANT NOTE:

If, despite complying with all these measures, you encounter situations that do not conform to the level of security required or established in internal policies, do not hesitate to inform your line manager, the Security Manager, security personnel and/or the IT department, depending on the type of suspicion.

If it happens to you on a personal level, report it directly to the police authorities, so that they can give you appropriate advice and conduct an investigation.

La entrada SECURE&TIP: MOBILE DEVICES se publicó primero en Secure & Academy.

Hello, thinking about vacation?

As we have been seeing, before disconnecting, there are some important aspects that should be taken into account…

Whether you already have your vacation planned or you are in the process of planning it, here are some key aspects related to planning your vacation.

During this period, it is common for more changes and activity to occur, both at the corporate and personal level.

In addition, the use of applications, social networks and online services is increasing considerably, which also increases the risks of social engineering – such as CEO fraud, supplier fraud or Man in the Middle attacks – as well as information theft or improper access.

That is why it is important to pay attention to:

• – Online reservations and payments
• – Use of public networks and unusual applications
• – And the exposure of personal information

At this time of year, cybercriminals know that we let our guard down… and they take advantage of it. They don’t take vacations.

To avoid this:

• – Use only official websites and applications for reservations.
• – Be wary of offers that are too attractive or payment methods that are not secure.
• – Avoid connecting to public WiFi networks if you don’t have to; and if you need to, use a VPN.
• – And limit the information you share on social networks, such as location or your real-time plans.

Remember that at this time of the year, risks such as theft of devices, especially cell phones, increase.

You know… Disconnect from work, not security.

IMPORTANT NOTE:

If, despite complying with all these measures, you encounter situations that do not conform to the level of security required or established in internal policies, do not hesitate to inform your line manager, the Security Manager, security personnel and/or the IT department, depending on the type of suspicion.

If it happens to you on a personal level, report it directly to the police authorities, so that they can give you appropriate advice and conduct an investigation.

La entrada SECURE&TIP: VACATION PLANNING se publicó primero en Secure & Academy.

Hello, thinking about vacation?

Before disconnecting, there are some important aspects to take into account…

In the previous tip we saw aspects related to physical security.

On this occasion, we will look at some key aspects associated with a clean and uncluttered stall.

How do they do it?

As we have already seen, on a day-to-day basis, and especially in periods with more absences or changes in routine, such as vacations, it is easier for situations that compromise security to arise.

Therefore, it is important not to leave information visible, documents or devices unattended, computers or sessions open, or passwords in sight.

What can we do to avoid it?

• Keep your booth clean and sensitive information out of sight.
• Save documents and lock your computer when you are not using it.

• And avoid leaving open sessions or devices unattended

Before leaving or at the end of the day, check that no information is accessible and that everything is properly protected.

IMPORTANT NOTE:

• If, despite complying with all these measures, you encounter situations that do not conform to the level of security required or established in internal policies, do not hesitate to inform your line manager, the Security Manager, security personnel and/or the IT department, depending on the type of suspicion.
• If it happens to you on a personal level, report it directly to the police authorities, so that they can give you appropriate advice and conduct an investigation.

La entrada SECURE&TIP: CLEAN STAND se publicó primero en Secure & Academy.

When we talk about cyber-attacks, we always associate them with risks in the use of new technologies and especially the Internet. However, on some occasions, when a cyberattack is directed at a specific company, entity or individual, the cybercriminal may want to physically damage its activity or integrity. For example, by dropping an infected USB stick and waiting for a user to plug it in, connecting to an accessible computer or even manipulating security systems (cameras, alarms, etc.).

Especially cyberattacks targeting critical infrastructures, industrial companies and OT systems in general, such as a water treatment plant or a food production plant, are often hybrid attacks. This means that cybercriminals who attempt to carry out sabotage, shutdowns, or misconfiguration of control systems not only do so remotely and behind a computer, but also by physically entering the premises and facilities of the target company. In addition, they often take advantage of anomalous situations, especially periods of increased absences or changes in routine, such as vacations.

How do they do it?

Mainly by impersonating fake visitors, job candidates, maintenance, cleaning, courier, transportation, inspection or similar technicians.

What can we do to avoid it?

• No unauthorized access to the facilities and offices during working hours. Especially if we are accompanied by people who are not part of it.
• Accompany or supervise at all times visitors (customers, auditors, inspectors, etc.) and outsiders (including couriers, carriers, maintenance technicians, etc.) who come to the company on time. Regardless of the level of periodicity with which they do so.
• Do not leave devices (computers, tablets, cell phones and machines) or confidential documents unattended , nor provide them to unauthorized third parties (including colleagues from other areas or departments).
• Do not connect USB devices found on the floor or parts of the premises or offices to any machine, computer or equipment (including production machines in industry and printers and photocopiers in offices).
• Last but not least, if you have keys, access cards and/or codes for entry systems or alarm systems, do not make copies or give them to unauthorized third parties.

IMPORTANT NOTE:

• If, despite complying with all these measures, you encounter situations that do not conform to the level of security required or established in internal policies, do not hesitate to inform your line manager, the Security Manager, security personnel and/or the IT department, depending on the type of suspicion.
• If it happens to you on a personal level, report it directly to the police authorities, so that they can give you appropriate advice and conduct an investigation.

La entrada SECURE&TIP: PHYSICAL SECURITY se publicó primero en Secure & Academy.

Cybercriminals do not always use the Internet to get hold of our personal data and especially our card information (card number, expiration dates, security numbers and user PINs). Of all the methods used by cybercriminals to get easy money, we want to explain today the physical cloning of credit and debit cards.

What are the most frequent techniques that we can suffer physically?

• Fake ATMs: The cybercriminal manipulates an ATM at a bank branch or vending point of sale , installing hidden cameras to obtain the PIN number or bank account information.
• Fraudulent payment devices: Beware of paying through POS terminals outside official establishments or in unusual places (streets, markets, etc.). Cybercriminals can get hold of one of these devices and use them for what appears to be a normal sale or payment.
• Electronic cloning devices: The Proxmark or Flipper are electronic devices widely used by cybercriminals and fraudsters, given that by simply bringing them close to our credit card, they allow us to clone all the data in a matter of seconds.

How can we detect and avoid it?

• Cover the keypad when entering the PIN.
• Outside official establishments, you can pay in cash orcash or through the contactless contactless cell phone.
• When we are in places where there are many people (events, fairs, congresses, tourist visits, stores, transportation, etc.) we must keep an eye on our belongings at all times.

La entrada SECURE&TIP: CARD CLONING se publicó primero en Secure & Academy.

When we say that new technologies surround us in our day to day, it really is. We can become the target of the “bad guys” both in professional and personal life, whether they are hackers (with computer skills) or scammers (with personal deception techniques).

For this reason, we steered today’s advice towards the warning signs to take into account when using ATMs. Especially if we are traveling: Especially if we are traveling:

• Only use ATMs where there is a bank security camera installed: If we see one unprotected by cameras, we must suspect that it is not being surveilled and, therefore, it could have been tampered with.
• Physically check the ATM, especially if it is at street level: criminals can replace the part where we put the card or even the keyboard, to later duplicate that card and use it with our PIN.
• Cancel the operation if you see that the screen does not look like that of a regular ATM or “does strange things”: both cybercriminals can manipulate the ATM’s computer program, as well as scammers replace the screen with a similar tablet that records the information entered.
• Cover the keyboard with your hand when entering your PIN: As currently online purchases are also confirmed with the card’s PIN through an SMS link from the bank, knowing these four numbers is very important for criminals.
• Maintain a safe distance between people: This way we avoid that the people around can see, over the shoulder (shoulder surfing), the information that we enter.

La entrada SECURE&TIP: ATMS se publicó primero en Secure & Academy.

La entrada SECURE&TIP: RESPONSE TO CYBER-ATTACKS se publicó primero en Secure & Academy.

La entrada SECURE&TIP: VIDEO CALLS se publicó primero en Secure & Academy.

La entrada SECURE&TIP: SPRING CLEANING se publicó primero en Secure & Academy.