Cybersecurity Awareness
Keep up with our posts about all things security on the Bankinter blog
See FAQs FAQs
What is digital security?
It is the set of measures and practices aimed at protecting information and the systems that support it against potential cyber attacks, ensuring its confidentiality, integrity, and availability.
Confidentiality: It is the protection of information against unauthorized access; ensuring that only authorized persons can access it.
Integrity: It ensures that the information is complete and accurate and is only processed in the established form and manner.
Availability: It ensures that the information, as well as the systems that support it, are accessible when required.
What are the main digital threats?
The digital environment is constantly evolving, and with it, the digital threats to which we are exposed. Some of the main or most common cyber threats are:
• Social engineering attacks: Use of psychological manipulation techniques to obtain sensitive information, such as personal information, passwords, or banking information through different channels such as email (phishing), SMS (smishing), calls (vishing), QR codes (QRishing), etc.
• Malware: Malicious programs designed to cause damage, steal, or compromise data and computer systems. There are different types such as viruses, Trojans, ransomware, computer worms, spyware, etc.
• Identity spoofing: It is the use of personal data or online accounts of a person without their authorization, in order to act on their behalf.
• Software vulnerabilities: These are security breaches in computer programs that can be exploited by attackers to obtain unauthorized access to information or the systems that support it.
• Data theft: Unauthorized access to confidential or sensitive information such as personal, financial, or commercial data, in order to use it fraudulently.
• Denial of Service (DoS) attack: It is a type of cyber attack whose objective is to achieve the unavailability of an online service, such as a website, by overloading the service with a large volume of requests.
Why are passwords important?
Passwords are essential for protecting your online accounts, devices, and personal data. They act as the first line of defense against unauthorized access.
Recommendations to follow:
• Set strong passwords, easy to remember and difficult to guess.
• Never reuse them; set unique passwords for each service or application.
• Change them regularly and whenever you suspect they may have been compromised.
• Do not share them with anyone or leave them visible to other people (post-it notes, notebooks, etc.).
How can you create a robust password?
There's no such thing as a foolproof formula for creating a password that guarantees protection against unauthorised access to our information, online accounts, and devices. However, there are some recommendations we can follow to build a strong password:
• Length: Use at least 10 characters. The longer, the better.
• Complexity: Use a mix of upper and lowercase letters, numbers, and symbols (such as “#”, “@”, “$”, “%”, etc.).
• Avoid using personal information: Do not use names, birthdays, or any easily identifiable information, because attackers could try to guess this information.
• Avoid using common words or patterns: This includes predictable sequences such as "123456", "abc123", and "qwerty". These passwords are easy to guess and will be some of the first options tested by cyber criminals when attempting to crack your password.
• Create custom sequences: Take a phrase that means something to you and turn it into a password by taking the first letter of each word and adding numbers and symbols.
If you prefer, you can use a password manager to help you create complex passwords and store them securely. In this case, you'll only have to remember the master password.
What is malware and how can I avoid it?
Malware (or malicious software) is a type of software designed to purposefully infiltrate or cause damage to digital systems without the consent of the user. This threat has the potential to affect all operating systems currently in use.
To avoid malware infection:
• Always use a trusted antivirus solution.
• Keep your software, operating system, and antivirus solution up to date.
• Avoid clicking on links or downloading suspicious attachments or attachments from unknown sources.
• Never download or use pirated software.
What are the most common types of malware?
While there are many different types of malware, the most noteworthy today are:
• Viruses: Malicious program or code attached to an existing file or program that can damage files, programs, and systems.
• Computer worms: Type of malware capable of replicating itself and spreading from one network to another without user interaction, as well as exploiting vulnerabilities on operating systems and applications.
• Trojans: Malicious program disguised as legitimate software in order to steal information or damage systems and files.
• Ransomware: Type of malware that encrypts the victim's files and demands the payment of a ransom in return for restoring access to the encrypted information.
• Keyloggers: Type of malware that logs the keystrokes on a victim's keyboard in order to obtain sensitive data, such as their credentials.
• Spyware: Designed to gather information about the victim's online activity without their knowledge or consent (e.g., by leveraging web browsers).
• Adware: Designed to spam the user with unwanted adverts that slow down their device's performance or redirect them to a malicious website.
• Botnet: Network of infected devices that can be controlled remotely by an attacker and used to carry out malicious activity (e.g., Denial of Service attacks).
How will I know if my device has been infected with malware?
It's important to look out for certain signs that could indicate your device has been infected with malware:
• Erratic system behaviour: Slow device performance, errors, blocking, unexpected reboots, sudden error messages, etc.
• Issues accessing system files: If you are unable to access files because they have been deleted or encrypted, this could be a sign of malware on your system.
• Unauthorised activities: Examples include emails being automatically sent to your contacts, the appearance of unsolicited adverts, or being redirected to unrequested websites.
What should I do if I suspect my device has been infected?
If you suspect or have evidence that your device has been compromised:
• Immediately disconnect it from the Internet. This will help to prevent the malware from communicating with a remote server or downloading additional malware.
• Scan the device using an up-to-date antivirus solution that can detect and eliminate malware or place it in quarantine.
• Reset your log-in credentials for both your device and any online services or accounts accessed while using it.
• Create backups of your data in case you need to restore it.
• Make sure that your operating system and any applications and programs in use are up to date.
How can I verify the authenticity of a website?
There are several tips we can apply to help us assess the authenticity and trustworthiness of a website. Some of these recommendations include:
• Checking the URL: Make sure that the web address is accurate and doesn't contain any mistakes.
• Searching for "https" and a digital certificate: If you can spot these elements, it means that the connection and any data transmitted is secure.
• Searching for legal information and contact details: Make sure that the website has clear information about the company and that contact details are available.
• Paying attention to the website's appearance: Unprofessional designs, spelling mistakes, or off-brand marketing are all reasons to be wary of a website.
• Searching for a privacy and terms of use policy: These documents must be easily understandable and accessible on the website.
• Checking payment terms and conditions: E-commerce sites should clearly specify which secure payment methods can be used on their website and outline payment, returns, and shipping policies.
• Reading customer reviews: Reviews left by other users can provide valuable information about the trustworthiness of a website.
What precautions should I take when using public Wi-Fi networks?
Cyber criminals are capable of configuring Wi-Fi access points to look like legitimate networks, such as those found in hotels, airports, and coffee shops, so they can obtain sensitive information from users or redirect them to fraudulent websites once they've connected their devices to the illegitimate Wi-Fi network.
To protect yourself against this type of attack:
• Verify the authenticity of a Wi-Fi network before connecting to it and avoid passwordless networks or networks with generic or suspicious names.
• Avoid performing financial transactions or accessing sensitive or confidential information while connected to a Wi-Fi network.
• Disable automatic connections to Wi-Fi networks to prevent your device from being automatically connected to an insecure network.
• Consider using a VPN (Virtual Private Network) to encrypt your connection and protect your data against potential attacks.
What precautions should I take when using social networking sites?
The appropriate use of social networking sites is paramount to prevent our information and digital identity from being exposed to cyber threats and risks.
To protect yourself in these situations:
• Be careful with what you post online and avoid sharing sensitive information, such as personal and financial data, locations, trip itineraries, etc.
• Configure the security and privacy settings on all platforms you use.
• Use robust, unique passwords for each of your social media accounts and regularly update them.
• Be cautious when interacting with strangers; don't accept friend requests or follow them.
• Keep all your applications up to date.
• Use secure connections and avoid using public Wi-Fi networks.
• Oversee and limit the time that children spend on social networking sites.
How can I prevent my identity from being stolen?
To protect our digital identities, it is key to adopt a mix of habits and measures that allow us to uphold the security of our personal data, log-in credentials, and any elements we use to authorise banking transactions, such as coordinates cards or our mobile if we have SMS-OTP(*) enabled as a second factor of authentication.
To achieve this:
• Use robust, unique passwords for each of the services to which you're signed up.
• Keep your data private by refraining from sharing sensitive information online or with untrustworthy third parties.
• Pay attention to suspicious emails or emails sent from unknown sources and never click on links or download unrequested or suspicious attachments.
• Close applications once you have finished using them, especially on shared devices.
• Enable two-step verification on your accounts to add an extra layer of security.
• Use secure connections and avoid using public Wi-Fi networks.
• Do not accept friend requests from strangers on social networking sites.
If you have suspicions that your identity has been stolen or evidence to confirm it, it is important to act quickly and report the incident to the relevant authority.
(*) One-time Password sent via SMS.
Why is it important to create backups?
Backups prevent your data from being lost in the event of human errors, hardware failures, or malware attacks (e.g., ransomware).
By regularly creating backups, you can make sure that your information remains available even in the event of data loss.
Have you fallen victim to fraud or a scam?
To do so, send us a WhatsApp by messaging 666 44 33 33 or visit https://wa.me/34666443333.