ⓘ​  This page has been translated using artificial intelligence.

14 minutes

Cybersecurity: Protect yourself and your data

Cybersecurity is not a luxury, but a basic digital requirement. Phishing emails, insecure passwords and unprotected Wi-Fi networks – there are many ways for cybercriminals to attack. But with the right cybersecurity measures, you can make it really difficult for hackers. Here we show you how to recognise phishing traps, create secure passwords and protect your data from ransomware attacks. 

Go directly to topic

Digital footprint: How can I protect my identity?

Phishing & social engineering: How to recognise phishing traps

Surfing the net: How to stay safe

What are secure passwords?

Is my network and Wi-Fi secure?

What should I look out for when shopping online?

How can I protect my device and system?

How can I store my data securely?

Further content

Other interesting topics

Share this page

You will find these topics on this page:

  • Why are your digital footprints interesting to cybercriminals?
  • What are passkeys and why are they even more secure than passwords and 2FA?
  • What is shoulder surfing and why is it dangerous?
  • How can you recognise fake online shops and what are secure payment methods?
  • How can you protect your device and data from hackers?

10 tips for greater online security - Swisscom Help

Topic

Digital footprint: How can I protect my identity?

When you use the internet, you automatically leave traces behind. Your digital footprint consists of personal data such as your name, IP address or photos that you leave behind in emails, on websites or on social networks. This seemingly insignificant data is more valuable to hackers than you might think.

Cybercriminals are interested in your identity so they can use it as a cover for their criminal activities. If hackers get hold of your login details for email accounts, for example, they can send phishing emails or malware to your contacts in your name. This quickly and unwittingly turns you into a digital super-spreader. Your personal data also enables cybercriminals to create profiles, allowing them to target you more specifically with phishing traps tailored to you.

So keep an eye on your digital footprint and your data. For your own sake and for the sake of others. Because the less data about you is on the internet, the less you have to offer cybercriminals.

How to reduce your digital footprint:

Only state what is absolutely necessary.

Many online services request more data from you than is actually necessary. They do this to optimise their offering to you and thus retain your loyalty. However, every piece of additional information you disclose increases your risk in the event of cyber incidents.

Here's what you can do
  • Only enter information that is absolutely necessary in a form or profile.
  • Mandatory fields are usually marked. It is best to leave all optional fields blank.
  • For one-time registrations, you can also use temporary email addresses.
  • Be careful with competitions: the aim here is almost always to collect potential customer data – i.e. information about you. Check who is behind the competition and what information is absolutely necessary to participate.

Less is more on social media

On social networks, you want to connect with friends and share experiences. We understand that. But keep in mind that your posts, photos and comments reveal a lot about you. A holiday photo with your current location, for example, can attract burglars to your home – because thanks to social media, they know you are miles away.

Here's what you can do
  • Regularly check your privacy settings to see who can view your posts.
  • Turn off your automatic location tracking.
  • Post with care and consider what cybercriminals could learn about you from your planned posts.
  • It is best to use a private profile and only accept requests from people you know.
  • Delete old posts – this not only reduces your digital footprint, but is also more environmentally friendly. The less data that needs to be stored, the fewer servers are required for storage. This saves electricity.

Use email addresses strategically

If your primary email address suddenly appears in a data leak, you will soon be inundated with spam and phishing attacks. It is therefore worth protecting your primary email address well and only sharing it with a few trusted companies.

Here's what you can do
  • Use different email addresses for different purposes (e.g. one for official bodies such as government agencies, banks, etc., one for online shopping, one for newsletters).
  • Find out whether your email provider offers alias addresses and, if so, use them.
  • If your email address receives a lot of spam, switch to a different one.
  • Check whether your email address has appeared in a data leak(opens in new tab).

Clears accounts and passwords

Old, unused accounts are security risks: you forget about them, don't change the passwords and probably won't notice if they've been hacked. That's why such forgotten accounts are very popular with hackers.

Here's what you can do
  • Take stock of your accounts and list all your online accounts. (A password manager can help.)
  • Delete any accounts you no longer need.
  • Update your passwords regularly.
  • Enable two-factor authentication for important accounts.

Technical aids

Even if you are careful and conscious when using the internet, you still leave traces behind. These take the form of cookies, trackers or analysis tools that follow you as you surf the web in order to create detailed profiles of your habits (and often also to present you with personalised advertising and search results).

Here's what you can do

Search for and delete digital traces

We often have no idea what data about us is circulating on the internet. Search engines, data brokers and old accounts store information that you have long forgotten. If you want to track them down, you can:

  • Google yourself: Search for your name and email address to find out what others can find about you online.
  • Contact data brokers: Request that your data be deleted (e.g. Moneyhouse, Creditreform, etc.).
  • The archive is not a waste bin: email archives, cloud waste bins, archived social media posts or old smartphone backups – data that you may have long forgotten accumulates everywhere. Regularly comb through your digital archives and irrevocably delete data that you no longer need.
  • Get professional help: If you come across compromising content about yourself on the internet, contact data protection specialists (e.g. digital detectives or data protection law firms).

Norton tells you how else you can delete your digital footprint.(opens in new tab)
(opens in new tab)

Topic

Phishing & social engineering:
How to recognise phishing traps 

Many cyber attacks start with phishing. In most cases, this happens via email – but not exclusively. Recognising phishing is becoming increasingly difficult, especially because attackers use AI or social engineering techniques to perfect their traps. This makes it all the more important that you know how to spot phishing. 

Even though cybercriminals invest heavily in developing increasingly sophisticated methods of fraud, there are still clear warning signs for you to look out for. Here are a few to help you stay alert and keep yourself safe: 

How to recognise phishing traps:

Urgency and exaggerations

Cybercriminals know that security systems are more difficult to crack than we humans are. That's why they deliberately use your human emotions against you.

For example:

  • ‘Your account will be blocked in 24 hours if you don't...’
    (artificial urgency & unrealistic deadlines)
  • ‘We are from the police/IT support and need to verify your password.’
    (false authorities)
  • ‘You have received a message from [name of contact person].’
    (arousing curiosity)
  • ‘You've won billions in the lottery.’ / ‘I want to leave you my fortune.’
    (Exaggeration)
  • ‘Protect your family and act now.’
    (Emotional manipulation)
  • ‘Your computer has been hacked – install our antivirus programme immediately,’ which will then give it full access to your computer.
    (Fearmongering)
How to protect yourself

Never let yourself be pressured. Reputable companies always give you enough time to make important decisions or take important actions and contact you through official channels, such as by letter. If you are unsure, seek help from friends or experts and ask for their opinion and outside perspective.

Unusual phrasing and spelling mistakes

In the past, spelling mistakes were a fairly good indication of phishing emails. Today, this is no longer necessarily the case, as cybercriminals use intelligent tools to optimise their texts linguistically. And yet, mistakes or inconsistencies still slip through sometimes:

  • These could be unusual or exaggerated phrases.
  • A missing or incorrect salutation should also make you suspicious.
  • Sometimes, informal and formal forms of address are mixed.
  • Or grammatical errors creep in.
How to protect yourself

Even if an email is flawlessly worded, that doesn't necessarily mean it's harmless. So if you feel irritated by the content, check the sender's address and the details of the content before clicking on any links.

Links on social media

A friend or unknown follower sends you a link without comment on social networks such as Instagram, WhatsApp or Facebook. Perhaps they also ask you for your telephone number – but it feels somehow unnatural? Trust your gut feeling: perhaps the account has been hacked or it is a fake profile. Here's how to recognise it:

  • If your friend's writing style suddenly changes dramatically.
  • Links without comments are rather suspicious. You can ask what they are about or take a closer look at the URL.
  • Links that don't fit the topic, e.g. if your training partner sends you financial advice without warning, should make you sit up and take notice.
  • The time the message was sent (e.g. in the middle of the night) can also be an indication that the message did not come from your friend, but from someone else, perhaps on the other side of the world.
How to protect yourself

If something seems strange to you, ask your friend about it – but on a different channel. Call them or write to them using a different messaging service. And never click on links that you don't recognise. It's better to be cautious, and others will understand.

Unknown URLs

What should you look out for when checking a URL? Warning signs include:

  • A strange domain name usually contains more words than necessary (e.g. swisscom-sicherheit.info instead of swisscom.ch) or does not fit the topic (bluewin-finance.net).
  • A lack of encryption is also cause for concern if the URL only begins with ‘http://’ instead of the encrypted certificate ‘https://’.
  • Sometimes fake sites also contain familiar words, but with additional or different letters that are often overlooked in a hurry (e.g. arnazon.com instead of amazon.com).
  • The ending of a URL can also be suspicious, for example if exotic country endings such as ‘.tk’ or ‘.ml’ are listed instead of ‘.ch’ or ‘.com’.
  • And sometimes fake URLs are very long: many parameters in a URL can indicate dubious activities.
How to protect yourself

It is better not to open banking or shopping sites from an email. Instead, type the address directly into your browser, use Google Search to access official sites, or access them via your saved bookmarks. Check the URL for the above warning signs before logging in anywhere. As a general rule, it is always advisable to access the login area via the official website.

‘After all, humans remain the weakest link when it comes to targeted attacks on IT systems.’

Claudio Pilotti
Security Analyst at Swisscom CSIRT(opens in new tab) 

Source(opens in new tab)

Topic

Surfing the net: How to stay safe

Strong passwords, regular updates and up-to-date antivirus software are the basic technical requirements for safe surfing. But even the best firewall is useless if you carelessly click on suspicious links or pass on your data to the wrong recipients. Safe behaviour on the internet therefore always starts with a healthy dose of scepticism and adherence to a few basic rules.

The most important rules of conduct when surfing are:

Stay alert

Our brain uses habits to save energy. While this is great and makes sense from our brain's perspective, it also leads to careless automatisms in our digital everyday lives, which cybercriminals ruthlessly exploit.   

So make sure you develop safe habits: take a break from surfing the internet every now and then, and question unusual requests or links. Do not let yourself be pressured, think about the consequences that a click could have, and trust your gut feeling: if something seems suspicious, it is best to close the page or delete the email.

Beware of unencrypted connections

You should always avoid unsecure connections that begin with ‘http://’ in the URL. Secure connections begin with ‘https://’. Some browsers also display a padlock symbol next to the URL.

Use technical security aids where available

Most devices and browsers have built-in technical tools to protect you from cyber attacks. Use them.

  • Choose your browser: Do your research and use secure browsers such as Brave, which offer a lot in terms of data protection.
  • Configure your browser: Configure your chosen browser optimally. For example, enable automatic updates to always receive the latest security patches. Turn on pop-up blockers and enable tracking protection. Some browsers can also automatically scan your downloads for suspicious files.

Optimise your privacy on social media

Social networks are designed to collect and share large amounts of data. But you are the one who should decide with whom you want to share this data. And you can do just that: in your privacy settings. 

  • Ideally, set your profiles to private so that only your confirmed friends can see your content.
  • Use pseudonyms instead of your full name.
  • Deactivate your current location.
  • Decide who can tag you in photos and whether you want to approve tags before they are published.
  • Check the permissions for third-party providers: what information do they have access to and do they really need it?
  • And here too: delete old posts that might embarrass you today to reduce your digital footprint and your vulnerability.

Choose the right channel for communication

Be sure to use end-to-end encryption for sensitive messages. This means that only you and the recipient(s) can read the content. Your message is encrypted and transmitted in an unreadable form on its way from A to B. 

Use secure and encrypted messengers to communicate sensitive data. Insurance companies and banks now usually offer secure communication channels on their online portals. And for business communication, it is generally recommended to use the company's official channels anyway.

Be aware of who can read your messages: a profile picture is usually more widely visible (and therefore less protected) than your shared content. And comments on social media are usually public (even if no one else is participating in a discussion), which is why personal data should never be shared in them. 

Avoid shoulder surfing in public spaces

Cybercrime doesn't just happen online. Sometimes it starts on the bus, in a café or in a queue: strangers can glance over your shoulder at your smartphone or laptop screen and spy on sensitive information. Many people are unaware of this danger in public spaces, but it does exist.   

Does this mean that I should never use my smartphone on public transport again? No, of course not. But you can take the following precautions to reduce the security risk:

  • Position yourself so that no one can read your screen (e.g. with your back to an opaque wall).
  • Privacy filters for laptops can prevent prying eyes.
  • Cover the keyboard when entering PIN codes or passwords (yes, even if you type them in very quickly).
  • Avoid carrying out e-banking transactions or other activities involving confidential information in public places.
  • Darken your display to make it harder to read from a distance.
  • Put your device in your bag if you notice someone trying to read your screen.

Recognise fake QR codes

QR codes are extremely practical and widely used in our everyday lives. However, there are dangers lurking here too, as they are increasingly being forged – especially in public spaces, where they may have been covered with phishing codes. How can you recognise these?

  • Take a closer look: Is the quality of the QR code poor (e.g. blurry or pixelated)? Is the QR code placed in an unusual location? Is the QR code seamlessly integrated (usually the original) or does it look like it has been added (faked)?
  • Use the URL preview: Smartphones usually display a URL preview before redirecting you to the linked page. Check the URL.
  • Be careful with payments: Be particularly careful when making payments (Twint, parking meters, parking tickets, etc.) and, if in doubt, ask whether the QR code is correct.

Topic

What are secure passwords?

Passwords are the keys to your digital identity. A weak password is like leaving your house key under the doormat or flower pot – everyone knows where to find it. So use strong passwords, passphrases and two-factor authentication to protect your digital identity.

DeepDive: Online security – passkeys and MFA

Options for secure login:

Create secure passwords

Although it is considered the least secure password in the world, many people still use 123456. You might as well step outside your house and leave a crowbar next to the front door for burglars to use. 

Seriously, secure passwords are essential for your digital security. And they actually require relatively little effort. You just need to know how to do it:

  • Minimum length: At least 12 characters, preferably 20 or more
  • Colourful mix: Upper and lower case letters, numbers and special characters
  • Randomness: Choose random combinations. Words from the dictionary, names and certain preferences of yours or logical number sequences are easy to crack because they may already exist in hackers' lists.
  • Unique: Only use each password once
  • Initial passwords: Replace initial passwords immediately upon first login

Recommendations from the National Cyber Security Centre (NCSC)(opens in new tab)

Passphrases as memory aids

Agreed, passwords with 12 characters or more are difficult to remember. But have you ever tried passphrases? If you're wondering what those are, passphrases are complex passwords consisting of random combinations of words (or parts of words) and numbers that you can remember using a mnemonic device. An example?

Passphrase: MyfanaisAlheha3bran1si.

Mnemonic device:My father's name is Albert, he has 3 brothers and 1 sister.’

Update passwords regularly

In the past, especially in larger companies, it was recommended to change passwords approximately every 90 days. However, this often led to weaker passwords being chosen or patterns being used. Change your password:

  • If you suspect theft.
  • If a service you use has been hacked.
  • Once a year – as a good compromise between security and convenience.

Two-factor authentication (2FA) or multi-factor authentication (MFA)

Even with strong passwords, an account can still be hacked. Two-factor or multi-factor authentication provides an additional layer of security. This is recommended by the National Cyber Security Centre (NCSC)(opens in new tab).

During the login process, you must provide two things: your login details (username and password) and verification via another channel:  

  • Authenticator apps: There are numerous apps of this kind, e.g. Google Authenticator or Microsoft Authenticator. As you often have a choice, it is safest to use apps from well-known providers when configuring them.
  • Code or link via text message or email: Additional authentication can also be performed using a one-time link or code that is only valid for a short period of time and is sent to your registered phone number or email address. (Sometimes providers even replace the password with such a one-time login link or code that is only valid for a short period of time.) This additional verification method is considered the least secure because emails and SMS messages can be intercepted.
  • Biometrics: Biometric data such as your fingerprint, Face ID or, in some cases, voice recognition can also be used for 2FA or MFA.

Passkeys as innovative authentication

Passkeys are the latest generation of authentication and are set to replace passwords and 2FA in the future. But what exactly are passkeys? Passkeys work thanks to modern cryptography and use asymmetric encryption with public-private keys for your login process. – Too technical for you?  

To explain it more simply: passkeys are virtual and consist of a digital key pair – think of them as digital twin keys that are automatically created when you register with a passkey. One of the two keys is public and is sent to the provider's website (e.g. your bank, Google, etc.). The other digital twin key is private and always remains locally on your device.  

When you visit the website where you want to log in (e.g. your bank), the bank automatically asks you to verify your identity. Your device responds with the matching private cryptographic twin key. You unlock your access with your biometric data (e.g. fingerprint or Face ID) – and you're in.  

Passkeys are practical because they only work on the real bank website (the key is not recognised on a phishing site and the login fails). They are created uniquely for each website and your key never leaves your device. This makes them extremely secure, significantly more secure (and user-friendly) than even the most secure password, even if you combine it with 2FA. 

More about passkeys(opens in new tab)

Use password managers

Do you have trouble remembering all your passwords? They don't belong on Post-it notes or in a document in the cloud. Instead, a password manager is often a good solution. Here, too, look for providers with a good reputation and strong encryption.  

These are the advantages and disadvantages of a password manager:  

Benefits
  • You only need to remember one strong master password that protects your passwords with encryption.
  • It generates passwords for each account according to your specifications.
  • The login details are only filled in automatically on secure sites.
  • You have access to your passwords across different devices.
  • It warns you about weak or reused passwords, thus performing a kind of security audit on an ongoing basis.
  • No more handwritten notes are necessary.
Disadvantages
  • As a digital service, password managers usually come with a cost.
  • You are dependent on the provider in the event of price increases or network problems, for example.
  • Usually requires prior installation on all devices.
  • Offline access is sometimes limited, if available at all.
  • If you forget your master password, you will have to go through a more or less complicated process to reset it.
  • Some apps or operating systems do not support automatic filling of login details.

Our recommendation: Password manager from blue Security & Service(opens in new tab)

Topic

Is my network and Wi-Fi secure?

Every day, we connect to different networks: to Wi-Fi (Wireless Local Area Network) at home, at work, at school or in a café. But not all connections are equally secure. We'll tell you which networks you can surf safely on.

As a general rule, only use secure networks. Open Wi-Fi networks such as ‘Free WiFi’ or similar services that are not password-protected can be dangerous from a cyber security perspective. With unsecured networks, basically anyone can read what you are doing online.

And beware of false security: even networks with passwords can be insecure if they are poorly configured.

How to secure your network connection:

Check your connection regularly

People often connect to available Wi-Fi networks without checking whether they are secure. However, sometimes they are unsecured or the security standards are easy to crack. Be aware of:

  • Router encryption: WPA3 is currently the best standard, WPA2 is still okay, WEP is insecure.
  • Default passwords: Are you still using the default router password? Change it or inform the person responsible.
  • Updates: Regularly update your own router to close security gaps.
  • Guest network: A separate network can be set up for visitors on your own Wi-Fi.
  • Connected devices: Feel free to check your Wi-Fi settings to see which devices are currently connected and which are still necessary.

Wi-Fi abroad and on holiday

Many people rely on Wi-Fi, especially when holidaying abroad, because roaming can be expensive. Some cybercriminals take advantage of this and set up fraudulent hotspots in tourist locations. Here's how to stay safe:

  • Hotel Wi-Fi: Ask at reception for the correct network name and password.
  • Mobile data: For important transactions, we recommend using your mobile data instead of Wi-Fi.
  • Downloads: Unless absolutely necessary, avoid downloads. This way, nothing unwanted can be downloaded.
  • VPN: Use a VPN to protect yourself from prying eyes on public Wi-Fi networks. In our video, we check whether the VPN delivers what it promises.

Use mobile data for sensitive transactions

Mobile networks are generally more difficult to hack than Wi-Fi networks (due to differences in infrastructure, security standards and available control points between mobile networks and Wi-Fi networks). We therefore recommend that you use your own mobile network for important transactions when abroad. Please note the following:

  • Tariffs: It is best to find out which tariffs apply(opens in new tab) before you travel.
  • Roaming packages: To avoid breaking out in a cold sweat when your phone bill arrives after your holiday, use a roaming package. This will keep your costs manageable – and your digital security high when you are on the move.
  • Cost limits: Set a cost limit with your network provider (e.g. Swisscom Cockpit(opens in new tab)) to limit the costs for text messages or calls that may be incurred in addition to any roaming package you have booked.

Use a personal hotspot (mobile network)

You can also make your mobile network available to others by sharing your hotspot. Please note the following:

  • Password: Use at least 12 characters, including numbers and special characters, for your hotspot password. What are secure passwords?
  • WPA3 encryption: If you have the option, use WPA3 encryption.
  • Switch off after use: A hotspot uses a lot of battery power. It is therefore best to switch off the hotspot immediately after use.
  • Data usage: If your mobile data is limited, keep an eye on your data usage. You may want to check your current status after sharing your hotspot.

Only use public networks with VPN

Sometimes there is no alternative but to use the public Wi-Fi network. In such cases, a VPN is recommended:

  • Choose a provider: Choose a trustworthy provider for your VPN. A no-log policy is particularly important from a data protection perspective: this means that the provider promises not to store any data about your activities.
  • Activate VPN: Switch on the VPN before connecting to the Wi-Fi.
  • Activate kill switch: This ensures that your internet connection is interrupted if your VPN connection is lost.
  • Prevent DNS leaks: You can do this by quickly checking whether your IP address is still visible despite the VPN. Your IP address should not be visible to others.

At iBarry, you can find out everything else you need to know about VPNs(opens in new tab).

Deactivate automatic connection

On Apple and Google operating systems, you can disable ‘connect automatically’ in the Wi-Fi settings. This ensures that you will be asked every time your device wants to connect to a Wi-Fi network, or you will even have to initiate it yourself.  

It may also be worthwhile to regularly check your saved Wi-Fi networks and delete old workplace or hotel Wi-Fi networks.  

Switch off Bluetooth when you don't need it

When Bluetooth is active, your device constantly sends out signals to find other devices, even if you are not actively using Bluetooth. These signals can be misused (tracking, hackers attempting to connect to your device, data being intercepted).  

So it's best to get into the habit of turning off Bluetooth in crowded public places, in foreign countries or at night when you don't need it. This reduces the risk of a cyber incident – and saves battery power at the same time. 

The same applies to AirDrop on iOS: AirDrop allows photos or files to be transferred from device to device via Bluetooth (device detection) and Wi-Fi Direct (connection). It is best to set your AirDrop mode in your device settings so that you are not publicly visible (‘Receiving off’) in order to avoid providing an unnecessary target for attack.

Does the VPN deliver what it promises?

Most people are familiar with VPNs, at least from the numerous advertisements on the internet. The advertising is often the same: anonymity on the net, protection from hackers or access to streaming content that is not available in your own country. In this video, we take a look at VPNs and examine what lies behind the advertising promises and why they are often compared to tunnels.

Do I need a VPN service?

Topic

What should I look out for when shopping online?

Online shopping is convenient and saves time. However, among the reputable providers, there are also some bad apples who are after your data and your money. A few simple checks will help you navigate safely through the shops.

How to stay safe when shopping online:

Is the shop genuine? How to spot fake shops

Even fraudulent online shops can appear genuine. However, like phishing emails, they have their weaknesses. Watch out for these warning signs:

  • Suspiciously cheap: Are the prices almost too good to be true? Then they probably are. If a brand-new iPhone costs only half the market price, be cautious instead of jumping at the chance: cybercriminals like to lure people in with unbeatable bargains.
  • Suspicious language: As with phishing, clumsy wording or poor translations can be an indication of fraudulent intentions (but not necessarily). Be aware that reputable companies usually invest heavily in a flawless appearance and professional texts and translations.
  • Missing contact details: If the contact details are missing from the imprint or, on closer inspection, do not exist at all, this is a strong warning sign. A complete legal notice always includes the company name, address and usually a telephone number. If only an email address is provided, you should be sceptical.
  • Reviews from other customers: What others say about the shop can be helpful. Don't just check the reviews for the items you want, but also take a look at Trustpilot or Google reviews. But be careful: reviews can also be fake. You should be suspicious if all the reviews are 5-star and the comments contain little to no detail. Or if there are lots of 5-star reviews (fake) and 1-star reviews (from disappointed customers), but hardly any in between.
  • Check the VAT register: You can also check the VAT number in the VAT register, where all reputable Swiss companies are listed. If you cannot find a VAT number in the imprint or if it is not listed in the VAT register, this is a warning sign. 

Always use official stores to be on the safe side: for software, it's best to go to the manufacturer, and for apps, go to Google Play(opens in new tab) or the App Store(opens in new tab).

And feel free to check out the NCSC recommendations on ‘Buying and selling online’(opens in new tab).

Payment methods: What is secure?

Not all payment methods are equally secure online. What should you look out for?

  • Invoice: This is the safest payment method, as you only pay once your order has arrived. Unfortunately, not all online shops offer invoice as a payment method.
  • Prepayment and direct transfer: This is rather risky, as your money cannot be tracked and you send it before you have the product in your hands.
  • PayPal: If you do not receive your item after payment, PayPal buyer protection(opens in new tab) protects you from losses. However, it is important to note which transactions are eligible and what limits and conditions apply.
  • Credit card: With credit cards, you can also report fraudulent activity and complain about and reclaim any unjustified charges. The terms of use of your credit card provider or bank apply.
  • Twint: As a Swiss payment solution, it is generally suitable for smaller amounts. Technically speaking, Twint is closest to e-banking, which means that money transfers cannot usually be reversed. However, transactions that are still open can sometimes be withdrawn.
  • Western Union or Bitcoin: Both allow anonymous transactions, which makes it impossible to revoke them. So it's best to steer clear of them when paying in an online shop.

Take a close look: Does this payment make sense?

Before you click ‘Buy’, take a moment to check:

  • Is the amount correct? Compare the price to be paid with the price in your shopping basket. Sometimes hidden costs creep in.
  • Who is the payment going to? Are the names of the invoice sender and the shop the same? If not, is it a reputable billing partner? If the invoice sender is unknown or different, it is better to err on the side of caution and cancel the payment.

Unsure? Better to take the long way round

If something seems strange to you, trust your gut feeling. It is better to check once too often than once too little:

  • Have you already made this payment? Especially with bookings (hotels, flights), there have been cases where hackers have resent paid invoices with fake payment links. So before making another payment, it's best to quickly check your payment confirmations in your emails or your bank statements.
  • Research the shop: You can search for the shop on Google or other search engines in combination with words such as ‘fraud’, “fake” or ‘experiences’. You will usually find fake shops quickly.
  • Ask around: Perhaps someone you know is already familiar with the shop (or payment partner) you want to order from? Maybe they have already ordered from them themselves or have read about a case of fraud.

Topic

How can I protect my device and system?

In addition to being mindful of your digital security, it is also important to operate your devices and systems securely. This may take a little effort initially, but it is worth it. Fortunately, many protective measures run automatically in the background once you have set them up.

How to protect your device and system:

Close security gaps with regular updates

Updates are important. Always carry them out promptly, even if the new features might disrupt your digital habits. Why are they so important? Because they plug the loopholes that hackers have exploited. Device and software manufacturers strive to close such security gaps quickly before other cybercriminals know they exist. They do this by providing you with updates. 

It is particularly important to install system updates promptly, as they often close several security gaps at once. After all, there is no point in developers creating and releasing a security patch as quickly as possible to close risky security gaps if you simply do not install it, right? Browser updates are also essential because you are always on the Internet when browsing.

Automatic updates update your device overnight

In the settings of your smartphone and tablet, you can activate automatic updates for the operating system and your apps. This ensures that your devices are always up to date without you having to interrupt any activities on the device. 

Only in the case of important work devices may it be advisable to delay comprehensive updates for a few days after they are made available. This is because updates can sometimes cause new problems, such as software incompatibilities or workflow disruptions, which are usually resolved within a few days. However, it is important that you do not forget to install the update.

Keep BIOS, firmware and drivers up to date

If you're wondering what these are: BIOS and firmware are your device's basic programmes. The former is, in a sense, your device's caretaker, checking that everything is working when you switch it on. The firmware is the device's basic equipment. Both start up before your operating system loads. When it comes to BIOS and firmware, follow the principle of ‘never change a running system’ and contact a technical specialist if you encounter specific problems or security warnings.  

Drivers, on the other hand, are small programmes that tell your device how to handle specific hardware (e.g. printers). Outdated drivers can also be a security risk. However, in most cases, the (integrated) drivers are automatically updated with the system update.  

When is an antivirus programme useful?

Not all devices require the same level of protection, as their basic specifications vary. As a general rule (with some exceptions), it can be said that:

  • Windows PC: Basic protection is already built in with Windows Defender. For additional protection, antivirus programmes such as those from Norton can be useful.
  • MacBooks or iMacs: The built-in basic protection is solid, so the system is not particularly at risk. However, even Mac computers are not immune. Apple has it a little easier than Windows because they have fewer components and devices to protect.
  • Smartphones & tablets: These do not usually need antivirus software as long as you stick to the official app stores for installing apps.

When installing an antivirus programme, choose a paid programme with a good reputation. Free antivirus programmes usually either collect your data, constantly display advertisements, or are even fraudulent software. Check here to see if your preferred antivirus software is secure(opens in new tab).

When the manufacturer is no longer involved

Before using old devices, check whether their operating system is still supported. If not, and the old operating system is no longer receiving updates, it should no longer be connected to the internet. Otherwise, it will become a security risk.

But what if you have such old devices? Either use them offline only or replace them. You can also recycle old smartphones (e.g. Swisscom Mobile Aid(opens in new tab)) and thus promote the circular economy. 

Only install necessary apps and programmes

Every app and every programme can potentially become a security vulnerability. Therefore, only install and keep on your device what you really need.

Go through your apps and programmes every few months. And delete what you no longer use. Fewer installed programmes offer less opportunity for attack. The same applies to browser extensions: use them sparingly and regularly check what you still need.

Topic

How can I store my data securely?

Cybercriminals are not only after your login details, but also target your data in ransomware attacks. They want to destroy or steal your data and use it to put pressure on you. The best protection against such cyber attacks is therefore strategic data backup.

How to back up your data:

Are cloud solutions secure and what should you look out for?

A cloud is convenient because you can access your data from anywhere. Reputable providers such as Google Drive, OneDrive and Dropbox also work hard to keep your data secure: specialised security teams monitor for threats around the clock. And they have to: because cloud providers manage so much data, they are an attractive target for hackers.

When choosing your cloud solution, pay attention to: 

  • End-to-end encryption: Your data should be stored in such a way that even the provider cannot read it.
  • Zero-knowledge architecture: This means that when you upload a file, your data is already encrypted on your computer. This ensures that only encrypted data is stored in the cloud. If there is a data leak in the cloud, your data will be unreadable to hackers because the key is stored on your device.
  • Two-factor authentication: Choose a cloud service that allows you to protect your cloud access with two-factor authentication to protect it from hackers.
  • Regular security audits: The provider should have its systems regularly challenged by experts.
  • Incident response: Perhaps you can find information about the provider's response speed in the event of previous cyber incidents? The faster they respond, the better.
  • Storing particularly sensitive data: If you upload identity documents, financial records or similar, it is best to encrypt them yourself beforehand and protect them with an additional password.

Cloud vs. local data storage

What can a cloud do that local data storage cannot – and vice versa? These are the advantages and disadvantages of cloud and local data storage:

  Benefits Disadvantages
Cloud The data is available anytime, anywhere. An internet connection is required to access your data.
Backups run automatically in the background.  There are monthly or annual fees for using the service.
Hardly any downtime, because if one server fails, another one seamlessly takes over.  You relinquish responsibility for protecting your data to others.
After a device change, the data is immediately restored.  You are dependent on the provider and their service. 
Local data storage (e.g. external hard drive, USB stick) You have full control over your data.   The hardware can break down or become obsolete. 
Thanks to local storage, no network is required to access your data.  Your hardware can also be stolen. 
There is only a one-time cost when purchasing the hardware.  Your data is only available locally in one place.
Quick access, you don't need to upload or download anything.   You must perform backups manually and on your own responsibility.

Set up automatic backups

You usually only realise how important backups are when you need them. Automatic backups are worthwhile because they require little effort and offer maximum benefit.  

You can activate automatic backups in your smartphone settings. On your MacBook or iMac, you can activate automatic backups with Time Machine. For Windows backups, you can also use tools such as Acronis True Image, which create a complete system image.  

Check regularly (approximately every 3-6 months) whether your backup is still working: as a test, try to restore a current file from the backup.

Use a multi-level backup concept

Professionals swear by the 3-2-1 rule: 3 copies of your important data (original + 2 copies), 2 different media (e.g. cloud + external hard drive), 1 backup in a different location (e.g. not in the same house).  

Sounds excessive? That depends on the value of your data. If you want to store data that you definitely don't want to lose because it is unique and irreplaceable (e.g. childhood photos), this multiple backup is worthwhile.

Back up your emails regularly

Emails and chat histories are often forgotten when backing up data. If you have stored important information, contracts or invoices there, it is best to export your emails or data about once a year and save them to an external hard drive.

Protect your backups from ransomware

Infected backups are useless because if you restore a backup containing viruses, not only will your data be back in the system, but so will the viruses. So what can you do to keep your backups virus-free?

  • Air gap strategy: The most important backup must be completely disconnected from the network so that it cannot be attacked by ransomware.
  • Immutable backups: Use cloud services with ‘object lock’ or ‘legal hold’ functions. These backups cannot be deleted or modified for a specified period of time – not even by you.
  • Separate backup accounts: Use a separate cloud account with completely different login details for backups. Use a different browser or even a different device for this.
  • Take advantage of versioning: Cloud services often store file versions that are 30-90 days old. Even if ransomware encrypts your current files, you may be able to fall back on clean versions.

This is important

Useful links

Further content

We have compiled further information and content on the topic of cybersecurity here.

Other interesting topics

Ask Marcel

Marcel is a trainer at Swisscom. He is available to answer any questions you may have about cybersecurity.

Portrait des Leiters Jugendmedienschutz Michael In Albon
Marcel

Trainer at Swisscom