Cyber Security Awareness
Núna ehf. (“Núna”) created this Cyber Security Awareness to share some simple ways to help you protect yourself online. Any examples provided are purely for educational purposes only, should not be interpreted as an endorsement or warning of any type, and might not even exist. The key is to know with whom you are dealing to avoid being scammed.
NO ONE FROM NÚNA WILL EVER ASK YOU FOR YOUR PASSWORD INTO ANY OF OUR SYSTEMS OR WEBSITES. Should you receive a telephone call, email, fax, text message, or any other form of communication, NEVER PROVIDE YOUR PASSWORD TO ANYONE YOU DO NOT IMPLICITLY TRUST!
The passwords you choose should be unique for each site, long and complex (utilize a combination of upper- and lower-case letters, numbers, and symbols), hard to guess (do not use your network name, simple passwords like “password” or “user”, or passwords based on information that might not be as confidential as you might expect, such as birth date, national ID number, phone numbers, names of relatives or pets, etc.). Refer to Section 5 below.
For security reasons, there is no way for Núna to provide you with any of your passwords. As noted in Section 5 of Núna’s Terms of Service (TOS), Núna cannot recover any of your passwords from our systems. Ever. It is not possible.
2. FTP/SFTP Access
It is difficult to believe given all the security breaches we hear about these days, yet far too many providers still allow users to access their website files via the insecure File Transfer Protocol (FTP) method. All of the data sent between the user and the remote computer, including username and password, ARE SENT IN CLEARTEXT OR WITHOUT ENCRYPTION OF ANY KIND.
Núna utilizes SSH File Transfer Protocol, also known as Secure File Transfer Protocol, (SFTP). This encrypts ALL communications between the user and server.
Phishing is a type of scam where someone attempts to obtain sensitive information from you, usually under false pretenses. The most common phishing attempts arrive via email and almost always contain an urgent message directing the user to take some action now, e.g., log into your account and check or change some information, enter your credit card details, etc. Many also include a colorful logo in an attempt to reassure users the request is legitimate. It is almost not certainly a legitimate request.
Some scammers go as far as recreating the look of a legitimate company’s website. Unless you are 100% SURE you are on the correct website, NEVER enter any information. If you are ever unsure, contact the company requesting information using a method you are familiar with and trust.
4. How does one spell "PayPal"?
You are correct that it is p-a-y-p-a-l. Some folks might try to fool you with paaypal.com, paypall.com, etc. If you ever receive a request to click a link or enter an unknown site into your web browser, be very careful. You can always type the website info you know into your web browser and ignore what someone else might try to have you do. If you are unsure, at least pause a moment and ask someone you trust. One thing common to almost every scammer is a sense of urgency. They want you to do something now. IMMEDIATELY. If you don’t, then their scam is likely going to be discovered.
5. Use a Password Manager
An excellent way to completely avoid the situations described above is to utilize a password manager. A password manager is an app that allows users to store, generate and manage their passwords for both local applications and online services.
A password manager remembers your passwords for you and quickly generates new, strong passwords so you’ll never have to reuse any. The only password you’ll need to remember is the “master” password to the password manager itself. Password managers are one of the quickest and easiest ways to help defend yourself against hackers.
Many people will choose a random, complex password for each site or email account they use. For example, the random password just generated for this purpose is “etScehSgTN0R$3T*[email protected]$OK9P3U0qNTJasa”. Not many people can remember complex passwords like this, yet password managers do it with ease. Users need only remember a long, easy-to-remember (for them; virtually impossible for others) master password.
Master passwords should be something easy to remember, like “in2002IrememberIwenttothehospitalforthebirthofmychildandnurseRhondawasverynice”. This password, which is 100% fictional, is virtually impossible for someone to guess, yet is something so familiar to you that you should not forget it.
Password managers are available in a variety of offerings, some free and some paid. The paid versions typically offer more features and convenience. One of the biggest advantages of a paid version is the ability to use the app across all your devices, i.e., desktop, tablet, and phone.
Regardless of whether you use a free or paid password manager, the primary takeaway is to use one. The learning curve is small and there is the potential for a substantial increase in security if best practices are followed.