CYBERSECURITY
FAQs
General Cybersecurity
Q: What is cybersecurity?
A: Cybersecurity is the practice of protecting computer systems, networks, devices, and data from digital attacks, unauthorised access, damage, or theft. It encompasses technologies, processes, and practices designed to safeguard information assets from cyber threats.
Q: Why is cybersecurity important?
A: Cybersecurity is crucial because our personal, financial, and professional lives increasingly depend on digital systems. Breaches can lead to identity theft, financial loss, business disruption, privacy violations, and damage to reputation. Organisations face regulatory penalties, lawsuits, and loss of customer trust when security fails.
Q: What are the most common types of cyber threats?
A: The most common threats include malware (viruses, trojans, ransomware), phishing attacks, password attacks, denial-of-service (DoS) attacks, man-in-the-middle attacks, SQL injection, zero-day exploits, and insider threats. Social engineering attacks that manipulate people into revealing sensitive information are also widespread.Passwords & Authentication
Q: What makes a strong password?
A: A strong password should be at least 12-16 characters long, include a mix of uppercase and lowercase letters, numbers, and special symbols, avoid dictionary words or personal information, and be unique for each account. Passphrases (random words strung together) can be both strong and memorable.
Q: What is multi-factor authentication (MFA)?
A: MFA is a security method that requires two or more verification factors to access an account. This typically combines something you know (password), something you have (phone or security key), and something you are (fingerprint or face recognition). MFA significantly reduces the risk of unauthorised access.
Q: Should I use a password manager?
A: Yes, password managers are highly recommended. They generate strong, unique passwords for each account, store them securely with encryption, and autofill credentials to protect against phishing. This eliminates the need to remember multiple complex passwords while improving overall security.Phishing & Social Engineering
Q: How can I identify a phishing email?
A: Look for suspicious sender addresses, urgent or threatening language, requests for sensitive information, unexpected attachments or links, poor grammar or spelling, generic greetings, and mismatched URLs (hover over links before clicking). Always verify requests through official channels before responding.
Q: What should I do if I clicked on a phishing link?
A: Immediately disconnect from the internet if possible, run antivirus software, change passwords for potentially compromised accounts (from a different device), enable MFA, monitor accounts for suspicious activity, and report the incident to your IT department or the organisation being impersonated.Malware & Ransomware
Q: What is ransomware?
A: Ransomware is malicious software that encrypts your files or locks your system, then demands payment (usually in cryptocurrency) to restore access. It spreads through phishing emails, compromised websites, or vulnerabilities. Prevention through backups and security measures is critical, as paying the ransom doesn't guarantee recovery.
Q: How do I protect against malware?
A: Keep software and operating systems updated, use reputable antivirus software, avoid downloading files from untrusted sources, don't click suspicious links or open unexpected attachments, use caution with USB drives, enable firewall protection, and maintain regular backups of important data.Network Security
Q: Is public Wi-Fi safe to use?
A: Public Wi-Fi networks are generally not secure and can expose your data to attackers. If you must use public Wi-Fi, avoid accessing sensitive accounts, use a VPN to encrypt your connection, ensure websites use HTTPS, disable file sharing, and turn off automatic connectivity to unknown networks.
Mobile & IoT Security
Q: Are smartphones vulnerable to cyberattacks?
A: Yes, smartphones face threats including malicious apps, phishing, network attacks, and physical theft. Protect your device by keeping the OS updated, downloading apps only from official stores, using strong authentication, enabling device encryption, avoiding jailbreaking/rooting, and installing security software.
Q: What security risks do IoT devices pose?
A: Internet of Things devices often have weak default security, infrequent updates, and can serve as entry points to your network. Secure IoT devices by changing default passwords, keeping firmware updated, isolating them on a separate network, disabling unnecessary features, and researching security before purchase.
Incident Response
Q: What should I do if I suspect my account has been compromised?
A: Immediately change your password from a secure device, enable MFA if not already active, review recent account activity for unauthorised actions, check for forwarding rules or configuration changes, revoke access to suspicious third-party apps, notify the service provider, and monitor for identity theft.
Q: Should organisations pay ransom demands?
A: Security experts and law enforcement generally advise against paying ransoms because it encourages attackers, doesn't guarantee data recovery, may lead to repeat targeting, and could violate sanctions if paying certain groups. Organisations should concentrate on prevention, backups, and incident response planning instead.
Q: How often should I back up my data?
A: Follow the 3-2-1 backup rule: maintain three copies of your data, on two different types of media, with one copy stored offsite or in the cloud. The frequency depends on how often data changes—critical business data may need daily backups, while personal data might be backed up weekly or monthly.
Network Security
Q: Is public Wi-Fi safe to use?
A: Public Wi-Fi networks are generally not secure and can expose your data to attackers. If you must use public Wi-Fi, avoid accessing sensitive accounts, use a VPN to encrypt your connection, ensure websites use HTTPS, disable file sharing, and turn off automatic connectivity to unknown networks.
Q: What is a VPN, and should I use one?
A: A Virtual Private Network (VPN) encrypts your internet connection and routes it through a secure server, hiding your IP address and protecting your data from interception. VPNs are valuable for public Wi-Fi use, protecting privacy, and accessing region-restricted content. Choose reputable VPN providers with strong privacy policies.