Cyber Security

Do Your Part
#BeCyberSmart
Hatem SALHI
cert.social.gov.tn
Mail: [email protected]
FB: www.facebook.com/socialtn.cert
Linkedin: www.linkedin.com/company/socialtn-cert/
Get Familiar with the Cyber Basics

• At a time when we are more connected than ever, being

“cyber smart” is of the utmost importance.
• There are several steps that we can take on a daily basis
to mitigate risks and stay one step ahead of
malefactors. Here are a few quick tips:
• Enable MFA
• Use strong passphrases/password manager
• Perform software updates
• Do your research
• Check your settings
Multi-Factor Authentication

• Multi-factor authentication (MFA) adds

that necessary second check to verify your
identity when logging in to one of your
accounts.
• By requiring multiple methods of
authentication, your account is further
protected from being compromised, even
if a bad actor hijacks your password.
• In this way, MFAs make it more difficult
for password cracking tools to enable
attackers to break into accounts.
Use strong passphrases

• This may seem obvious, but all too often

securing strong passphrases/password
managers is overlooked.
• People spending more time online during the
pandemic has certainly contributed to more
bad actors prowling for accounts to attack.
• Using long, complex, and unique passwords is
a good way to stop your account from being
hacked, and an easy way of keeping track and
remembering your passwords is by using a
password manager.
Perform software updates

• When a device prompts that it’s time

to update the software, it may be
tempting to simply click postpone,
and ignore the message.
• However, having the latest security
software, web browser, and operating
system on devices is one of the best
defenses against online threats.
• So, don’t wait - update.
Do your research

• Common sense is a crucial part of

maintaining good online hygiene, and an
intuitive step to stay safe online is to do
some research before downloading
anything new you are downloading to your
device, such as apps.
• Before downloading any new learning app
on your device, make sure that it’s a by
checking who created the app, what the
user reviews say, and if there are any
articles published online about the app’s
privacy and security features.
Check your settings

• Be diligent to double check your privacy

and security settings, and be aware who
can access your documents.
• This extends from Google docs, to Zoom
calls, and beyond.
• For meetings on Zoom, for example,
create passwords so only those invited to
the session can attend, and restrict who
can share their screen or files with the
rest of the attendees.
Be Cyber Smart

• Being cyber smart and maintaining stellar

online hygiene is the best way to protect
yourself and others from cyber attacks.
• No single tip is foolproof, but taken
together they can make a real difference
for taking control of your online presence.
• Following these tips is also easy, and free.
By taking preventive measures and
making a habit of practicing online safety,
you can decrease your odds of being
hacked exponentially - and prevent lost
time and money, as well as annoyance.
FIGHT THE FISH
IF IT LOOKS PHISHY,
IT PROBABLY IS.
REPORT IT
Shoring Up Phishing Defenses

• From ransomware to SolarWinds, the cybersecurity space

has been as hectic as it has ever been over the last 12-24
months.
• However, for all of the emerging threats and news that are
cropping up on the horizon, phishing -- one of the oldest
pain points in cybersecurity -- is continuing to quietly
wreak havoc, and is as big of a threat as it has ever been.
• Despite often being overlooked in terms of hype, phishing
has been a mainstay in the cybersecurity threat landscape
for decades.
Shoring Up Phishing Defenses

• In fact, 43 percent of cyberattacks in 2020 featured phishing

or pre-texting, while 74 percent of US organizations
experienced a successful phishing attack last year alone.
• That means that phishing is one of the most dangerous “action
varieties” to an organization’s cybersecurity health.
• As a result, the need for proper anti-phishing hygiene and best
practices is an absolute must.
• With that in mind, here are a few quick best practices and tips
for dealing with phishing threats.
Know the Red Flags

• Phishes are masters of making their content and interactions

appealing.
• From content design to language, it can be difficult to discern
whether content is genuine or a potential threat, which is why
it is so important to know the red flags.
• Awkward and unusual formatting, overly explicit call outs to
click a hyperlink or open an attachment, and subject lines that
create a sense of urgency are all hallmarks that the content
you received could be potentially from phish and indicate that
it should be handled with caution.
Verify the Source

• Phishing content comes in a variety of ways, however,

many phishes will try to impersonate someone you may
already know -- such as a colleague, service provider or
friend -- as a way to trick you into believing their
malicious content is actually trustworthy.
• Don’t fall for it. If you sense any red flags that something
may be out of place or unusual, reach out directly to the
individual to confirm whether the content is authentic
and safe. If not, break-off communication immediately
and flag the incident through the proper channels.
Be Aware of Vishing and Other Phishing
Offshoots
• As more digital natives have come online and greater
awareness has been spread about phishing, bad actors have
begun to diversify their phishing efforts beyond traditional
email.
• For example, voice phishing -- or vishing -- has become a
primary alternative for bad actors looking to gain sensitive
information from unsuspecting individuals.
• Similar to conventional phishing, vishing is typically executed
by individuals posing as a legitimate organization -- such as a
healthcare provider or insurer -- and asking for sensitive
information.
Be Aware of Vishing and Other Phishing
Offshoots
• Simply put, it is imperative that individuals be wary of any
sort of communication that asks for personal information
whether it be via email, phone or chat -- especially if the
communication is unexpected.
• If anything seems suspicious, again, break-off the
interaction immediately and contact the company directly
to confirm the veracity of the communications.
Be Aware of Vishing and Other Phishing
Offshoots
• Phishing may be “one of the oldest tricks in the book,” but
it is still incredibly effective.
• And although it may be hard to spot when you may be in
the midst of a phishing attempt, by exercising caution and
deploying these few fundamentals, individuals and
organizations more broadly can drastically mitigate the
chances of falling victim to a phishing attack.
Fight the Phish

• Phishing is the number gateway to cyber

attacks, including ransomware.

• Don’t hesitate to report phishing!

• Common red flags of a phishing attempt:

• Misspellings or grammar mistakes
• Awkward or unusual formatting
• Language that creates a sense of urgency or
pressure to click a link or download an
attachment
 CYBERSECURITY
FIRST
Make Cyber Security
a priority in your
organization
Prioritizing Cybersecurity in a Hybrid
Workplace
• In this day and age, employees are more connected than
ever. The hybrid workplace is here to stay, and for
employees, this means relying on connected devices from
their home office setups.
• According to recent data, smart home systems are set to
rise to a market value of $157 billion by 2023, and the
number of installed connected devices in the home is
expected to rise by a staggering 70% by 2025. In this new
normal where smart devices and consequently online
safety are a must, here are some tips for securing those
devices.
Remember smart devices need smart
security
• Make cybersecurity a priority when purchasing a
connected device.
• When setting up a new device, be sure to set up the
privacy and security settings on web services and devices
bearing in mind that you can limit who you are sharing
information with.
• Once your device is set up, remember to keep tabs on how
secure the information is that you store on it, and to
actively manage location services so as not to unwittingly
expose your location.
Put cybersecurity first in your job

• Make cybersecurity a priority when you are brought into a

new role.
• Good online hygiene should be part of any organization’s
onboarding process, but if it is not, then take it upon
yourself to exercise best practices to keep your company
safe.
• Some precautions include performing regular software
updates, and enabling MFAs.
Make passwords and passphrases long and
strong
• Whether or not the website you are on requires it, be sure
to combine capital and lowercase letters with numbers
and symbols to create the most secure password.
• Generic passwords are easy to hack.
• If you need help remembering and storing your
passwords, don’t hesitate to turn to a password manager
for assistance.
Never use public computers to log in to any
accounts
• While working from home, you may be tempted to change
scenery and work from a coffee shop or another type of
public space.
• While this is a great way to keep the day from becoming
monotonous, caution must be exercised to protect
yourself and your company from harm’s way.
• Make sure that security is top of mind always, and
especially while working in a public setting, by keeping
activities as generic and anonymous as possible.
Turn off WiFi and Bluetooth when idle

• The uncomfortable truth is, when WiFi and Bluetooth are

on, they can connect and track your whereabouts.
• To stay as safe as possible, if you do not need them, switch
them off.
• It’s a simple step that can help alleviate tracking concerns
and incidents.
Staying safe online

• These are just a few simple steps towards achieving the

best online safety possible.
• Staying safe online is an active process that requires
constant overseeing at every stage - from purchasing and
setting up a device, to making sure that your day-to-day
activities are not putting anyone at risk.
• By following these steps, you are doing your part to keep
yourself and your company safe from malicious online
activity.
CYBERSECURITY FIRST

Make cybersecurity a priority no matter where you are:

AT WORK AT HOME
● Build security into your products ● Consider security when
and processes purchasing internet-connected
devices
● Train employees on security
during onboarding and equip ● Update security/privacy settings
them with the tools they need to and change default passwords as
keep the organization safe soon as you turn on a new
connected device
KEEP IN TOUCH

cert.social.gov.tn

Email: [email protected]
Facebook: www.facebook.com/socialtn.cert
Linkedin: www.linkedin.com/company/socialtn-cert/