Sun Tzu, the Chinese general and philosopher who long ago wrote the famous treatise on military strategy known as The Art of War, explained some of the most important aspects of knowing how to confront a hostile enemy. Some of his most famous quotations include: “The supreme art of war is to subdue the enemy without fighting”; “He who excels at resolving difficulties does so before they arise”; and one of my personal favorites, “If you know the enemy and know yourself, you need not fear the result of a hundred battles”. What is most remarkable is that although these words were written between 400 and 320 B.C., they can still be applied today, and in many different areas. In fact, they can even be applied to cybersecurity. Yes, that’s right, because if you think about it, the best way to protect ourselves against the cybercriminals who want to steal our passwords, gain access to our databases, or empty our bank accounts, is to know how they operate, what they are looking for, and how they do what they do. If you can understand their methods while also analyzing your own weaknesses, you can avoid an attack before it occurs, thereby defeating your enemies without ever having to confront them directly.

Here we will give you some simple but very useful tips that anyone can apply, on the subject of protecting yourself against cyberattacks.

To begin, it is important to be aware that cybercriminals have a variety of means and approaches, which they can use to get hold of our vital and confidential information in order to use it for their own purposes.

1. Social networks

Any photo, video, or other post you upload to a social networking site could contain the type of information that can be used against you in a cyberattack. This is why we need to be careful when deciding what to upload to our social media profiles, because anything made available there could reveal confidential information. For example, if you take a selfie at your office with your coworkers, or sitting at your desk, you should make sure that there are no passwords visible, or names of your clients, or details that reveal which software you are using. This is because cybercriminals could use that information to access your devices, or to impersonate someone you trust as a way to get more information from you. Other types of details that these criminals tend to look for include itineraries that reveal your future travel plans, or information they could use to convince other people that they are actually you.

2. Passwords

Stolen passwords are the easiest way to gain access to your devices. This is why it’s so essential to keep your passwords private, and to never provide them to anyone who could use them for their own purposes. If anyone asks you for your password by saying that they belong to your organization or work for your company, be sure to verify their request through another channel, or look for some other way to deal with the situation without giving them your login information. Also, remember that the legitimate entities you do business with will never ask for your password.

3. Phishing

Phishing is a way for cybercriminals to send you malware, by tricking you into downloading it onto your computer by clicking on a link in their email, or by finding some other way to convince you to share your confidential information or passwords. They may also try to do this through SMShing or Vishing, which consists of sending text messages (SMS) or making phone calls while impersonating someone else. The best way to protect yourself is by being extra careful with any email, phone call, or message that seems suspicious. If you have any doubts about something an email is asking you to do or provide, always get confirmation first from a reliable source. Cybercriminals will often use a sense of urgency to achieve their aims, by making you feel pressured to click on something. Again, you should always verify the origin of such requests, and be wary of any communications that seem suspicious in any way.

4. Malware

The term malware refers to any type of malicious software designed to be installed on a device without our knowledge. Malware can be used to steal passwords or confidential documents, or to spy on what you’re doing on your devices, or even to steal your money. One type of malware is known as ransomware. With this approach, cybercriminals gain access to your devices and then freeze or encrypt your information, before demanding money in exchange for restoring your access. As in the previous example, the best advice is to always keep your passwords confidential, avoid clicking on any suspicious links, documents, or videos, and never give out information to anyone unless you can confirm that they represent a reliable source.

It’s also important to remember that cybercriminals have various ways of getting us to do what they want, such as by creating a sense of urgency, or by taking advantage of our natural desire to be helpful, our willingness to trust others, or our fear of getting into trouble. Anyone may become a target, so the most important advice is to always remain on guard.

Many potential problems can be avoided just by applying these simple tips, and as Sun Tzu told us, “The best defense is a good attack”. When it comes to cybercrime, the best way to attack is by protecting ourselves with knowledge, and by sharing that knowledge with others. At GMV, we have already started giving all of our personnel training on this subject, and we also encourage them to share what they have learned with the people around them. Because the more we know, the more prepared we will be when an email from a cybercriminal arrives in our inbox.

Authors: Paula González Muñoz and Ana Larraga Bautista