5 cyber security questions not to be ashamed of
What should and should not be done to keep your money safe, to steer clear from blackmail, to repel account hackers
As skinheads got replaced with cyber attackers everyone has learnt some rules — mind your phone if the Internet’s on.
4 main mistakes that lead to cybersecurity issues and 5 FAQs with answers
The digital era brought many threats — from simple theft to bullying and blackmail. It seems that there are too many cybersecurity rules to even care. But there are only 4 main mistakes which can be avoided.
1) Weak passwords — hacked in a second
2) Same login/password combination for various accounts — one breached account leads to the breach of others
3) Disregard for two factor authentication
4) Excessive reliance on website and app security capabilities
Here are the answers.
1) Everyone on the Internet advises you on changing your password to a stronger one. Which password is actually safe, how often do we need to change it, and should we let browsers remember it?
It is said that a password is to be changed once a month. This requirement is good if a user changes a password for a high security one. But human brains start to think up a way out from codes they have to keep in mind. Cyber experts have revealed that each new password gets weaker. The right way to manage your passwords is to keep them strong, change them every month, but to use a special application to store them, and turn on two factor authentication wherever it is possible. Although you could have 3 passwords: one — for a banking service, for example, a unique password which would be entered only there; second — for a few common but important services, such as mail; and third — for accounts on social media.
Password phrases are considered the strongest. This is an easy to remember sentence, with no specific meaning, which is typed in a different keyboard layout (different language). The adding of numbers, symbols, capital and small letters will increase the strength of a phrase.
As for browsers, it isn’t safe to let them remember your passwords. When people press a button which allows browsers remember them, they forget their own login details. But the most important thing is that in case a browser gets compromised, a violator receives not only the password you type personally (two factor authentication mitigates the risk), but also all those passwords which have ever been remembered by this browser.
2) How not to make problems when installing an app on your phone? What things an app shouldn’t get an access to?
Download applications only from official web stores — this is the main security requirement. AppStore and GooglePlay don’t guarantee complete safety, but at least they examine a developer and an app. Ransomware or sham apps are more likely to be found in unverified sources.
When installing an app, pay attention to permissions which it wants to get. They should be substantiated through an app’s set of functions. It is clear that Instagram needs an access to your photos, whereas a flashlight app doesn’t. If you can refuse to give permissions, and it doesn’t affect an app’s functionality, you should do so. If you can’t, then an app requires too much — it’s better to uninstall it. It is advisable to read the new rights (terms and conditions) an app gets with every new update.
Turn automatic synchronisation with cloud services off, except when it is necessary.
Install antivirus and apply system tools to increase a security level. They come as standalone software, and as exclusive content for particular phone brands and models (such as DTEK for Blackberry). Opting for paid applications is a good measure to take if you want to boost your security level. Developers of such services are motivated to protect them, and are less prone to monetise on your data selling it to a third party.
3) If you don’t install a banking app on your phone, scammers will unlikely get to the account, won’t they?
They will have more obstacles to do that. The fewer hooks and cues they have the better it is. The opportunity to control your money from your phone is definitely useful, but if a phone gets compromised, a violator gets an access to the app and to the SMS which are sent as a two factor authentication tool to confirm payment. That is why making operations in online banking on PC is safer: even if your browser gets compromised, there is still a second channel left — SMS.
As for the security of a banking app, this is a bank’s responsibility. Often banks are highly serious about security of their services, as soon as it’s their risks as well they perfect safeguard measures all the time. Applications’ codes get analysed thoroughly, and often some eminent experts are invited to supervise the process. A bank can close an access to an app if you change a SIM card or even if you just put it in another slot of your smartphone. Some most guarded smartphones won’t launch until security requirements are met, for example, or if a phone isn’t password-protected.
It doesn’t mean that applications are 100% secured. Even the best apps contain vulnerabilities, that’s why they demand that you update them and cover appearing vulnerabilities. The most notorious are published in media.
4) Is it safe to connect to open Wi-Fi locations in trade centers, airports, and cafes?
Free WI-FI hotspots are precarious. There are many risks we could indicate here, but a MITM attack is what should be highlighted. The risk can be minimised if simple security requirements are respected:
1) make sure that the location belongs to the café/airport/trade centre, but not to a hacker. A legal one asks for your phone number and sends a SMS to authorise you;
2) use a VPN connection to access the Internet. VPN was actually created to allow secure connection via unsafe locations;
3) if you don’t know how to make Step 1) and 2), you’d better avoid data transfer and access the Internet to “read only” — to visit websites and services where you don’t communicate any information.
5) To register in a game or a survey we are required to give our personal data. Who collects it and what is it used for?
The developers of the test “Who are you in Disney world?” doesn’t want to know whether you’re Belle or Jasmine. They want your social media account to which you give them an access: personal data, friends, etc. Data is your payment for using this app/service.
The biggest market players are the biggest data hoarders. And these are not game and survey developers, these are corporations, such as Apple and Google. They accumulate data about all your movements on the Internet. It is unpleasant, but not that bad. It is much worse when data goes to unknown recipients. In this case your information can be used for any purpose. Often it gets analysed to serve marketing objectives: which advertisement to project, how to make you purchase more than you need, etc. Although, personal data disclosure can affect you. Remember: everything which goes to the Internet stays there. Even messengers synchronise data between them and cloud storages. That is why it is recommendable to not put information which can discredit you, cause issues when breached and spur blackmail.
