I have seen numerous posts/questions in the last couple of days about Cyber Security concerns. I know this is an Internet Marketing forum, but you gotta realize that Cyber Security is an essential part of your life even though you don't admit it.
Therefore, I have compiled this post for you so all your basic cyber security questions can be answered under one roof.
Table of Contents
- Security Online: Downloading
- Downloading "No-No" 101
- Online Security: Settings
- Online Security: Emails
- General Online Security Tips
- Security Tips for Your Computer/Laptop
- Online Security: Passwords
- Online Security: Portable Devices and Public Wi-Fi
Having said that, is your device safe?
The majority of you will probably say yes, because you have an antivirus software installed and know that your firewall is enabled, so all is good.
Unfortunately, these two security measures alone are just not going to cut it these days, far from it.
Simple. All you have to do is take a look at the news nowadays. Not a day goes by where some form of online security breach does not make the headlines. When such cyber security breaches happen on a governmental level every day, it is easy to think that security online does not concern us. Just because you have an antivirus software installed on your computer, it does not mean that you are entirely safe. In fact, online security is such a multi-faceted problem nowadays that it is more crucial than ever to take every precaution possible.
Just look around the Web.
There are increasingly regular reports of cyber security breaches everywhere: celebrities, public officials, large corporations and even social platforms like LinkedIn.
What do all these establishments have in common?
They all underestimated the threats these cyber criminals pose to our personal data and security. Now, how the heck would the average public citizen face cybercriminals alone when even the largest corporations (with immense budgets and top-of-the-line IT departments, I might add) can do very little to protect their sensitive data.
Unfortunately, the problem is that too many companies and individuals fail to realize that online security is an umbrella term that includes a wide range of device (Smartphone, tablet, computer) vulnerabilities that must be addressed before we can proudly say: "Wohoo! My personal data is safe."
To address these vulnerabilities, it was high time to compile a more extensive thread on this forum to address some of the common issues individuals face when browsing, downloading and just generally interacting online.
Security Online: Downloading
The main rule of thumb when downloading stuff online is to make sure that what you intend to download is actually what you end up downloading.
This may sounds silly to point out, but this is where potential criminals tend to do a lot of business.
Downloading "No-No" 101:
- Only download from sources that you 100% trust.
- Watch out for fake download buttons: Fortunately, Google now warns us of websites that use fake download buttons on their webpage.
- If a Download button looks like an Ad, avoid it: Let's say you have been looking for something to download, and you finally find it only to realize that what you clicked on was NOT a download button but a disguised ad that took you someplace totally unrelated.
Why NOT click them?
They usually lead to malware and forced toolbars that could do a lot of damage in the background once installed/activated/clicked on.
- Never ever download executable files, especially if they are something that should cost you money in the first place ( E.g. Fallout 4 Downloader.exe).
Security Online: Settings
Luckily for you, you actually have some control over what's happening on your computer without you knowing about it. There are certain settings that you should implement as soon as possible.
1.Turn OFF Java in your browser. Why?
- You seldom need it nowadays. No need to keep it around.
- Extremely vulnerable to cyber attacks
- Java is usually needed for payroll processing, personal tax or online banking systems, BUT for these procedures you can just use another designated browser. Usually, these facilities let you know on which browsers their online platform operates most efficiently
2.Enable Click-to-Play Plug-ins in Web Browser. Why?
- Most browsers load Flash and other plug-ins at the time of loading a website's content that potentially slows down the time of loading all elements as well (text, videos, images, you name it).
- You can save laptop/phone battery life as well as internet bandwidth by loading only what you need (Bonus: Pages will load quicker).
- As governments tend to spy on you on a regular basis, with CTP plug-ins you can protect yourself from the many potential security exploits.
- Even Chrome will drop Flash entirely by the end of the year that is mainly due to performance (page load, battery life, responsiveness) and security considerations. However, other browsers will retain Flash for the time being.
Security Online: Emails
Email security is one of the most important aspect of online security measures even though many people pay little to no attention to it these days. Sometimes, the most obvious things end up neglected the most, so here are some security tips for a more secure email account:
Don't click on links from unknown/suspicious senders: If you ever receive an email pretending to be your bank, PayPal or other financial organization you are associated with, claiming that you need to verify your account data or your account will be suspended, DO NOT fall for it!
The best way to filter scam emails is by:
1) checking the sender's email address (e.g. email@example.com is the email you should see from your PayPal account, but scammers usually change one or more letters that you would end up mistaking for the real deal. (case in point, firstname.lastname@example.org)
2) knowing the fact that financial institutions will suspend your account FIRST and THEN send you an email to log on and enter your details, if necessary. Sometimes, a simple phone call will suffice, so do not be so hasty giving out your financial details. The best way to avoid all these problems is by MANUALLY logging on.
- When NOT 100% sure, always use URL Redirect checking tools: The Redirect Detective is a free redirect checker tool that analyses links and shows you the path those shady links lead to. Avoid risks well before they arise.
- Don't open email attachments from unknown senders: Just think about this a little bit. Why would you open a RAR,ZIP,EXE, SCR or PIF file from someone you do not even know, better yet, why would you open an attachment when you did not even ask for it? More often than not, these attachments are harmful may have an important sounding name, such as Financial report.exe or Money refund.exe that may sound very enticing but that is exactly their point: to give you the urge to click!
- Watch out for "Congratulations! You have won!" emails: Wow.I won, or have I? If you are someone checking emails on a daily basis, you have probably received several of such email messages claiming you have won loads of money through online promotions or a sizable inheritance from a rich and distant relative you have never heard of. Plus, all you had to do to claim the money was to send your contact info, bank account details, phone number, etc..
Sounds about right?
Well, these scams are as old as the Internet itself, so DO NOT fall for them either!
- Always check for viruses before downloading stuff: If you have to download attachments, always check if they are safe to use with virustotal.com or other similar services available online.
- Have different emails for work, social media and other online activities you partake in: This practice alone will significantly decrease the number of spam emails ending up in your primary inbox. Plus, it also helps if you do not share your main email address publicly anywhere.
General Online Security Tips
- Run your VoIP calls over a VPN for enhanced security: Whether you are using VOIP (Voice over IP) for interoffice telecommunications or telecommuter connectivity, VPN is a sure-fire way of encrypting voice traffic and eliminating certain network vulnerabilities that someone, using a network analyzer to capture and replay data that way, could exploit. VPNs are usually very easy to setup and use, but we will talk about VPN for VOIP more in future articles.
- Limit the amount of personal information you post on Social Media channels: Social media has become an integral part of our lives, which is a great thing because we can stay connected even when on the go, but it can also backfire if we give out too much information with no regards to how it might be used by people of shady intentions. Or, we could briefly mention social engineering here that is again an umbrella term for a wide range of "lows" these cyber criminals descend to. Basically, social engineering relies heavily on human interaction and tricking people into breaking normal security procedures, but it also uses certain techniques, such as appealing to vanity, authority or greed to compel you to breach your own security. Fortunately, there are guidelines that can help protect us on the Web. We will talk about these further in our future articles.
- Use VPN for Torrenting: Are you an unofficial pirate charting the international waters of downloadable movies, music and PC games? Then you need to make sure you have the right boat that allows you to manoeuvre the stormy and unreliable waters of cyberspace in a safe and secure manner. Just in case you were wondering, if you download content from a torrent site without any encryption tool enabled, then you CAN get caught by the law and may be forced to pay a substantial fine. There are various VPN providers but not all of them are the same. We will talk more about how we can make sure we choose the right VPN Provider.
Security Tips for Your Computer/Laptop:
- Always keep your Operating System up-to-date with the latest security updates BUT make sure that you only install what is "highly recommended" and manually go in there and see if you need something that is only "Optional." If not, just leave unchecked when choosing updates.
- Keep your Drivers up-to-date: Why? Well, first, to ensure smooth operation of your computer and, second, to keep your computer secure from outside attacks exploiting out-of-date driver files.
- Stay clear of PUA / PUP (potentially unwanted application / potentially unwanted program) software: They often come bundled with a free application that you intend to install. They sometimes ask you to activate them when trying to install your target file, and thus it is important to stay alert during the installation process. Checking software notes beforehand can also save you a lot of trouble.
- Always read what Windows UAC (User Access Control) has to say about an application you intend to open: DO NOT just click on "Yes"! Most people are looking for ways to uninstall/remove this feature from the their computer, but it can truly be a great help in identifying potentially harmful programs and malware that want to implement system-wide changes. Do not give them the chance to do so!
- Make sure that you have an Antivirus software activated, a Firewall enabled, and that you connect with VPN as much as possible.
- Enable 2-factor authentication: 2-factor authentication is probably the most secure way of making sure you are the only one logging into your account. It can usually be set-up with email or cell phone, properties that belong to you and you only. Normally, you would get a code in the mail or via a text message that you would then have to enter before logging in. In most cases, you can also choose an option for a platform to remember your computer after the first successful authentication.
- Use/Create Standard Windows accounts for logging in, if possible: Only Admin accounts can make significant system-wide changes to your computer, so if you have a standard windows account, and you are using it for your daily activities, you can stay rest assured that no harmful software will be able to make changes without the Admin's say-so.
- If you have something important and sensitive to store, use an Encrypted USB stick to do that. It is way more secure.
- Just in case, always keep backups of your system files stored on one of your shared drives. This will restore your computer to its original condition if something goes wrong and ends up messing with your system.
Security Online: Passwords
This section deserves a category of its own as this is one of the most overlooked aspect of online security. Almost every single person online has at least one account that requires a password to access.
Rule #1: Do NOT ever use the same password (this is only relevant if you have multiple accounts all over the web).
Rule#2: You probably know by now that the password 12345678 is not the way to go. BUT, what do you think about 39#2]]$%11!? It is way more complicated, right? Well, from a human standpoint that may easily be the case. However, computers can easily crack the code with the right help! Brute-force attacks are more likely to crack 39#2]]$%11! than they are to gain access to passwords like "Tall cowboy rides a black horse," for example.
Because a computer has the capacity of trying to crack all possible combinations, and for 12 characters(39#2]]$%11!) that would be around a week or so. BUT for the cowboy example, it would be impossible to determine how long it would take. BUT it would take a LOOONG time, that is certain.
Security Online: Portable Devices and Public Wi-Fi
Although we are going to cover the basics of how we can stay safe on Public WIFI networks in more detail later on, we still wanted to inform you about some of the most important things you can do right now to protect yourself from becoming a victim of the next heist.
If you are browsing with a portable device (e.g. laptop/tablet/smart phone) you need to heed a few easy-to-follow BUT vital online security tips:
Rule #1: Keep your devices up to date: You might be saying now: "Well, thank you Captain Obvious! You already mentioned that!" Evidence supports that it can never be said enough!
Rule #2: Be careful with Free apps: No brainer here! If you do not know the origin of something, think twice before hitting the "Install" button.
Rule #3: If you need to Install, always pay attention to what permissions that app requests from you.( E.g. It is highly unlikely that a game will need access to your photos or contacts).
Rule #4: When using Public Wi-Fi, always connect through your VPN Provider, BUT making sure that you are in fact using a legitimate network wouldn't hurt either.
Rule #5: Always check with the staff that you are in fact using the right network for accessing the Internet. Ask about the name of the network, password, etc.. Make sure you are using the right one!
The main point I wanted to convey is that your security online lies primarily in your own hands. You don't need to be a programmer to stay on top of your sensitive information getting into the wrong hands.
Make a habit of being wary with your data and taking precautions when necessary. When something looks suspicious, it usually is, and with a good reason.
Security does come at a price of some convenience but various services such as VPNs can help minimise them. It is better to have a sense of security than having your identity or money stolen while leaving you to deal with the repercussions on your own.
Now, go ahead and Secure Your Devices!
Thanks for reading!