Keeping your information secure both at home and at work

A good password is sufficiently long and complex. Create a unique password for each service. As memorizing strong passwords for every service is impossible, you can use a password management tool.

Files attached to emails can contain malicious software or links. In addition, harmful links circulate on social media and other websites, and can also spread via text messages. Various pop-up windows designed to attract clicks from internet users can also expose their computers or mobile devices to malware.

If you are unsure of the sender or content of a message, verify it by contacting the sender by phone, for example. If you encounter a suspicious link, do not click on it.

If an offer sounds too good to be true, it is most likely a scam. No responsible person, business, or authority asks for your passwords or banking credentials by phone or email. There is nothing wrong with being reasonably cautious.

You can make stealing your accounts significantly more difficult by using two-factor or multi-factor authentication with your email and social media accounts. Make sure that you know how to regain access to your accounts in case they are stolen despite your precautions.

Make backups of your most important information and cherished photos on a USB stick or other storage device and keep it in a safe place. This ensures that your information is not irretrievably erased even in the event of damage to the originals.

If your device starts behaving in an unusual way, contact your internet service provider immediately. Also notify them in case you accidentally click on a suspicious link or enter your username and password into a service whose trustworthiness you doubt. The faster the notification, the more likely it is that the extent of possible damage can be limited.

Also bear in mind that you can always contact the NCSC-FI, the police, and consumer protection authorities for help and additional information. Authorities treat all of your information with strict confidentiality.

Use sufficiently long and complex passwords. Keep shared passwords as well protected as personal passwords.

In addition to your employer’s information security policies, you can find instructions and guidance regarding secure use of the internet and email on our website.

Use two-factor or multi-factor authentication.

Updates protect your systems in case vulnerabilities have been identified. If such vulnerabilities are left unpatched, they can allow criminals access to the network and information of your workplace.

Make sure that confidential information such as customer information and business secrets are carefully protected and that unauthorized persons do not have access to your business’ information systems.

Learn your employer's policy regarding the steps to take in case of incidents. Make sure that you know who is responsible for information security.

Remember to make backup copies of your files regularly. Backup copies allow you to recover your information if your computer is damaged, or if your files are locked or corrupted by malicious software.

Vulnerabilities are often found in website publishing platforms, which makes them common targets for data breaches.

We recommend enabling automatic updates on all of your organization's devices and information systems.

All services connected to the internet are of potential interest to criminals, and almost all businesses have such connected services. If necessary, use the services of an information security expert to identify vulnerabilities.

Enable two-factor or multi-factor authentication. Have the confirmation code required to complete authentication sent to a phone number or email address to which all relevant personnel have access. Usually only one contact can be added.

The passwords of shared accounts must be kept secure with the same care as personal login information. And while writing the shared password down on a note on the wall makes it easy to remember, it is also there for anyone to read.

Risks are caused by inadequately secured devices and systems as well as the actions of employees. Make sure you are aware of responsible practices.

Discuss the following questions at your workplace:

• Is it necessary for all personnel to have access to all the information being processed?
• What kind of information are personnel allowed to communicate using a specific application?
• What are the policies and good practices for using computers, mobile phones, applications, and software?

Make sure that your laptop and mobile devices are not lost while travelling. Do not leave your devices unattended. Unfamiliar USB sticks and other storage devices can install malware onto your device or copy files from them.

Wireless internet connections (WLAN networks) in hotels and public places can also constitute an information security risk. Open wireless networks are easy targets for eavesdroppers, with man-in-the-middle attacks revealing the user’s internet browsing to the attacker.

Cyber espionage is the act of attempting to gain access to secret information held by businesses or organizations. Espionage usually begins with a phishing email that contains malware designed to steal login or other information. The target of the attack possesses information of interest to the attacker regarding political decision-making, the economy, technology, or other sensitive topic.

It is possible to stop a targeted attack even if the first phase of the intrusion, i.e. the contamination of the user’s workstation, is difficult to prevent. In order to ensure that attacks are detected, it is important that information systems’ log data is comprehensive and actively monitored.

Taking the necessary steps to ensure a high degree of information security reduces the risk of cyber espionage.

Do not open the message or any attached links or files.

If you accidentally open an attached file, do not give permission to activate add-ons or install software.

If you accidentally click on a link that takes you to a website asking you to enter your username and password, do not do so.