When you are aware of good information security practices, you can manage your privacy and protect yourself against online scams both at home and at work. In addition, a basic understanding of key information security phenomena helps you keep up with the possibilities and dangers of the internet. It is also important to know which steps to take and who to contact in case of an information security incident.When you are aware of good information security practices, you can manage your privacy and protect yourself against online scams both at home and at work. In addition, a basic understanding of key information security phenomena helps you keep up with the possibilities and dangers of the internet. It is also important to know which steps to take and who to contact in case of an information security incident.
Unnecessary fuss or serious business? - Why is it important to protect yourself?
Using the internet makes you a potential victim for a cybercriminal. Criminals seek to steal money, information, your identity, or access to valuable information. Other possible motives include harassment and attention.
Criminals are not necessarily interested in you or your business specifically but they can still use your inadequately protected devices for criminal purposes.
Therefore, it is important to protect devices connected to the internet against use by malicious parties. Internet modems, televisions and printers are just some examples of devices that can be taken over by criminals. In the worst-case scenario, if a criminal uses your internet connection for malicious purposes, your service provider may have to disconnect it.
Personal data and banking credentials can also be stolen using malicious software, or malware. Email accounts captured through phishing can be used both to read messages and send new phishing emails to other victims. Having perpetrated a security breach, the attacker may either destroy or encrypt all files including backup copies, which makes the device in question unusable.
But what do I have to lose?
- Money, your identity, and other sensitive information
Criminals are after your valuable property.
- Internet connection
Criminals could use your internet connection for malicious purposes.
Crimes committed and damage inflicted in your name are embarrassing and harmful.
Undoing the damage caused by a cybercriminal is both difficult and expensive, and there is no guarantee that all stolen information can be recovered. In addition, losing sensitive information can be frustrating.
Information security at home
Almost everybody has accounts on online services and social media platforms. We are often more concerned with the user-friendliness of these services and accounts than their security. Losing the information on an account can, however, cause significant harm, embarrassment, or expenses. Protecting yourself and your information is not difficult, and it only takes a few simple steps to make your life online more secure.
A good password is sufficiently long and complex. Create a unique password for each service. As memorizing strong passwords for every service is impossible, you can use a password management tool.
Files attached to emails can contain malicious software or links. In addition, harmful links circulate on social media and other websites, and can also spread via text messages. Various pop-up windows designed to attract clicks from internet users can also expose their computers or mobile devices to malware.
If you are unsure of the sender or content of a message, verify it by contacting the sender by phone, for example. If you encounter a suspicious link, do not click on it.
If an offer sounds too good to be true, it is most likely a scam. No responsible person, business, or authority asks for your passwords or banking credentials by phone or email. There is nothing wrong with being reasonably cautious.
You can make stealing your accounts significantly more difficult by using two-factor or multi-factor authentication with your email and social media accounts. Make sure that you know how to regain access to your accounts in case they are stolen despite your precautions.
Make backups of your most important information and cherished photos on a USB stick or other storage device and keep it in a safe place. This ensures that your information is not irretrievably erased even in the event of damage to the originals.
If your device starts behaving in an unusual way, contact your internet service provider immediately. Also notify them in case you accidentally click on a suspicious link or enter your username and password into a service whose trustworthiness you doubt. The faster the notification, the more likely it is that the extent of possible damage can be limited.
Also bear in mind that you can always contact the NCSC-FI, the police, and consumer protection authorities for help and additional information. Authorities treat all of your information with strict confidentiality.
Information security at work
Virtually all workplaces require employees to process and transmit information electronically. Information networks enable processing large amounts of data in an efficient and flexible way irrespective of physical location. However, cybercriminals can also take advantage of these features.
The motives and backgrounds of these criminals range from transnational criminal organizations to young computer enthusiasts.
The consequences of cybercrime include damage to your or your business’ reputation, loss of information, and service disruptions. Moreover, criminals can take control of inadequately protected network equipment, modify information, or disseminate falsified information about a business.
If your business does not have the necessary technical expertise, we recommend outsourcing maintenance to an external specialist.
Use sufficiently long and complex passwords. Keep shared passwords as well protected as personal passwords.
In addition to your employer’s information security policies, you can find instructions and guidance regarding secure use of the internet and email on our website.
Use two-factor or multi-factor authentication.
Updates protect your systems in case vulnerabilities have been identified. If such vulnerabilities are left unpatched, they can allow criminals access to the network and information of your workplace.
Make sure that confidential information such as customer information and business secrets are carefully protected and that unauthorized persons do not have access to your business’ information systems.
Learn your employer's policy regarding the steps to take in case of incidents. Make sure that you know who is responsible for information security.
Remember to make backup copies of your files regularly. Backup copies allow you to recover your information if your computer is damaged, or if your files are locked or corrupted by malicious software.
Shared resources and systems
Vulnerabilities are often found in website publishing platforms, which makes them common targets for data breaches.
We recommend enabling automatic updates on all of your organization's devices and information systems.
All services connected to the internet are of potential interest to criminals, and almost all businesses have such connected services. If necessary, use the services of an information security expert to identify vulnerabilities.
Enable two-factor or multi-factor authentication. Have the confirmation code required to complete authentication sent to a phone number or email address to which all relevant personnel have access. Usually only one contact can be added.
The passwords of shared accounts must be kept secure with the same care as personal login information. And while writing the shared password down on a note on the wall makes it easy to remember, it is also there for anyone to read.
Risks are caused by inadequately secured devices and systems as well as the actions of employees. Make sure you are aware of responsible practices.
Discuss the following questions at your workplace:
- Is it necessary for all personnel to have access to all the information being processed?
- What kind of information are personnel allowed to communicate using a specific application?
- What are the policies and good practices for using computers, mobile phones, applications, and software?
Make sure that your laptop and mobile devices are not lost while travelling. Do not leave your devices unattended. Unfamiliar USB sticks and other storage devices can install malware onto your device or copy files from them.
Wireless internet connections (WLAN networks) in hotels and public places can also constitute an information security risk. Open wireless networks are easy targets for eavesdroppers, with man-in-the-middle attacks revealing the user’s internet browsing to the attacker.
Cyber espionage is the act of attempting to gain access to secret information held by businesses or organizations. Espionage usually begins with a phishing email that contains malware designed to steal login or other information. The target of the attack possesses information of interest to the attacker regarding political decision-making, the economy, technology, or other sensitive topic.
It is possible to stop a targeted attack even if the first phase of the intrusion, i.e. the contamination of the user’s workstation, is difficult to prevent. In order to ensure that attacks are detected, it is important that information systems’ log data is comprehensive and actively monitored.
Taking the necessary steps to ensure a high degree of information security reduces the risk of cyber espionage.
If you receive a suspicious message
Do not open the message or any attached links or files.
If you accidentally open an attached file, do not give permission to activate add-ons or install software.
If you accidentally click on a link that takes you to a website asking you to enter your username and password, do not do so.
I was a victim of a cyber attack. What should I do?
If the attack in question was a data breach into your organization’s systems or a denial-of-service attack on your website, contact the system administrator first and then alert the police.
By contrast, if the attack targeted your personal email or social media account, it is a criminal matter and should be reported to the police.
In both cases, we recommend filing a police report.
Reporting an offence online (External link)
Contact request, Victim Support Finland (External link)
In urgent situations, the person in charge of information security can request help from our duty officer at
- https://www.kyberturvallisuuskeskus.fi/en/report (External link)
- or by email at email@example.com.
Include the following information in as much detail as possible:
- nature of the incident
- technical details
- time at which the incident began (and ended, if applicable)
- contact information of the administrator and/or service provider.