Basics of cybersecurity for everyone (not just in IT)

Cybersecurity is no longer just for a small group of “IT guys” in dark server rooms. Today, it concerns absolutely everyone who uses a mobile phone, an email inbox, or shops online. From the perspective of someone who solves user problems on a Service Desk daily, I see how often security breaches occur due to simple mistakes.

In this article, we’ll look at the absolute basics that everyone should know and follow.

1. A password manager is your best friend

I bet you have dozens, maybe even hundreds of online accounts. Do you use one or two passwords for them, which you only slightly modify? That is one of the biggest (and most common) security mistakes.

Why not to do it: As soon as there is a data breach from one service (which happens daily), attackers automatically try the same password on other popular services. Your amazingly long and complex password is useless if it has already leaked during the hacking of a small e-shop.

The solution: Start using a password manager (e.g., Bitwarden, 1Password, Keeper). The manager remembers passwords for you and generates a random, strong password for each service. You only need to remember one “master” password.

2. Multi-Factor Authentication (MFA) is not an option, it is a necessity

If you should take away only one thing from this article, it is this: Turn on two-factor (or multi-factor) authentication wherever possible.

On the Service Desk, we constantly set up MFA for new employees because in a corporate environment, it is the standard and protects what is most valuable – identity and access to data. Even if someone steals your password, they cannot get into your account without the second factor.

Tip: Where possible, use an authenticator app (Google Authenticator, Microsoft Authenticator, Authy) instead of SMS messages, which are more susceptible to interception (so-called SIM swapping).

3. Phishing is getting smarter

Everyone can see through the classic emails about a million-dollar inheritance from an unknown African prince today. Today’s phishing campaigns are much more sophisticated. They target your emotions (fear of execution, winning, urgency) and pretend to be, for example, emails from your bank, the post office, or even from your manager.

How to defend yourself:

• Check the actual email address of the sender (not just the name that is displayed at first glance).
• Do not click on links in emails blindly; always look at the URL where the link leads.
• If an email prompts you to take urgent action (e.g., blocking an account), do not panic. Log into the service directly (type the address, for example, of the bank in the browser and log in as always). Not via the link in the email!

4. Software updates are not an annoyance; they are “patches”

We often tend to postpone pop-ups warning about system or browser updates “for tomorrow,” “for the weekend,” “for never.” The reality is that most updates do not bring new features in terms of the user interface but fix security vulnerabilities. When you postpone an update, you leave the door to your device voluntarily open to hackers. Set up automatic updates wherever possible.

Security in the digital world is fortunately often about following a few basic rules rather than deep technical knowledge. It’s about a way of thinking – the so-called “security mindset.” Start with a password manager and MFA, and tomorrow you will be much better protected than you were today.