Cyber Security Learnings & 2018 Resolutions
In the past, new year resolutions have been a miss-hit for me. I have had my run-ins with the usual suspects:
- Physical fitness ambitions that were, simply put, over-expectations.
- Financial goals that simply ruined my everyday happy living.
- Commitment to family life that was easily hijacked by my techno addictions.
- Blogging pledges that soon turned into woeful unread posts.
Unmistakably, in all those occasions, my resolve was immature, unoriginal and just unwritten decisions that were made up in one corner of my brain; fast written and soon forgotten! This time I am going a step ahead and even penning this publicly. Talk about bold moves! 😊
Some bitter run-ins with the nasty side of the internet has bought on this necessity and what better way than to turn those experiences into something useful. They say some harsh lessons are needed to make the learnings stick to memory. I say no more!
Here are some most common issues that I came across (through friends and myself) in 2017.
- Scammers are getting Smarter: If you read my previous post, you will probably have realized that scammers are like the dreaded hydra; kill one scam off completely and they find another way to come back into our lives! I’ve had quite a few run-ins with phishing attacks and seen someone close falling to one such attack because of a silly gaffe!
- Trust is under-rated: One of my colleagues bet big on a fledgling spin-off of a Chinese trading site and ended up losing all of her well earned gains from last year. In short, if you are dealing with any third party (even trusted site) over the internet do not expect them to stay clean forever. They are human too!
- It is easy to let your guard down: Around an year ago, I received a text from the tax authority confirming details about my tax filing. In order to get my tax returns I needed to input some info in their website. I felt awkward that they were asking for all sorts of info - from my passport details to my card numbers. I realised that the URL characters used on this website I was in was very close to the income tax site URL. Even more worrisome was the fact that they knew I had filed my tax a few weeks ago. In short, I almost fell for a well timed scam.
- The Web is not running away anywhere: As an extension of the above point, if you get an email or text with very important link that needs a login or filling card details, stop browsing on your phone and complete whatever it is you want to do on a real computer. It is impossible to overstate how mature website spoofing has become. Your lenders and billers can wait for half a day more - the world won’t end!
Now, I am not a cyber security expert. That’s good in a way, because this post will stay layman friendly 😉. Please treat this post as a continually developing lesson.
Below are some items that I plan to practice throughout this year. I am publishing these with a two way intent.
I hope that someone who is new to this topic can learn from my post. My points should be easy to adhere to for the everyday Joe. But more importantly, I am hoping to see further useful suggestions come in through the comments.
Alas! We tend to stay within our comfort zone. So I will humbly request that this article is not treated as a kind of recipe by any measure. In fact, I have tried practising few of the below points and failed a few times already.
As long as you’re talking about making Cyber Privacy 101 as your new year resolution too, here are what I consider as essentials to achieve it to a good extent:
- Turn Google off: This would be a kicker if achieved even 50% of the time; because they are the best when it comes to search. But do try some alternate search engines like DuckDuckGo - they work!
- Avoid the TOP 4 browsers: Don’t you hate it when you visit some random site and you see ads based on the site you visited a week ago 😉 I am presently giving Brave browser a spin.
VPN on: There’s a disclaimer that goes with this point. You need to find a trust worthy VPN service (& this is easier said than done)! OpenVPN works good for starters but I think you should research more before making a decision.
- Use a Good Password Manager: I have seen a few advocates against this. But I honestly do NOT understand how you’re supposed to set complex passwords for each site you login to without coming up with some obvious pattern or guessable password. IMHO this is better than turning that “Remember my password” checkbox on 😛. 1Password and LastPass are very popular choices.
- Private browsing on: In extreme cases of going under the hood this is very much needed; even with the browser of your choice! It is definitely not very comfortable UX, but knowing that the browser won’t cache your passwords or site list somewhere should make you more comfortable.
- Find a better e-mail service: Agreed this won’t be on the to-do list of many people. But it is essential we start to learn to hide private life from online profile. Start by stepping out of the comfort of using the routine mail services like Gmail, Outlook etc. ProtonMail is a worthy recommendation. If not, at least consider using Gmail and utilize its feature of appending random characters with a “+” after user name or modifying the username itself by displacing the “.”. This technique won’t help you if you use the same Gmail id everywhere! Ultimately some evil genius will work it out and get to you.
- Use a Two-Way Firewall: This is a new learning for myself. If you feel that the inbound firewall on a Mac/ PC should do good for the common man, think again. I would like to reiterate the very first point of this post.
- Anti-Virus is an essential evil: They say that most anti-virus out there are just a crooked way the scammers make money and most Anti-Virus simply slow your laptops. But sometimes you need to bribe the right people to stay safe out there 👹. In a way this point is more for computer security, but I believe this goes hand-in-hand with cyber security as well.
- Two-Factor Everywhere: Begin using 2-factor authentication; not the SMS one, but using your phone itself (or an Authenticator app) as a second factor. Warning: The situation can quickly get out of control, should you lose your device or uninstall the app without a backup!
Pull the Plug: I would be a fool if I consider my list as complete without stating the obvious 10th commandment! As part of this ill documented sport called browsing online, I know that I will (at some point) allow myself to be tracked and gamed online; there is no better YouTube yet! But at least, have counter measures in place and to state the obvious don’t live entire life online!
It is important that you know that the above measures won’t earn you new bunch of friends on social media or get you to your dream job; in a way these could be detrimental to both! But that was not the intent of my post. Neither is the above list meant to be an exhaustive way of ensuring safety/ privacy online.
It is also important that a resolve starts in a meaningful and simple way. So I have kept this post simple.
Hopefully by practising some of these and turning them in to a habit I will be able to stay ahead of scams and phishing attacks this year. Happy 2018 everyone!