Your Guide to Online Safety while Working Remotely
Highlights from our third Whatsapp chat discussion
The COVID-19 pandemic has reaffirmed the need for individuals, activists, and organizations to integrate digital technologies into their work. Mostly because the pandemic calls for social distancing, which in turn calls for digitizing work. As such, numerous organisations and individuals have embraced “remote working” to sustain or continue running their activities. All this makes now the most opportune moment to re-emphasize the need to be alert and cautious of our online safety. Cybercriminals too are WFH and capitalizing on the pandemic to attack users online.
In the spirit of embracing virtual events at Pollicy, we held another WhatsApp chat discussion on June 2, 2020, which was focused on introducing participants to digital security and how one can ensure their safety online as they embrace digital work, social distancing and working remotely. We had on guest experts Andrew Gole from Encrypt Uganda and Daniel Odongo from Digital Human Rights Lab.
Here’s what we discussed:
What is Digital Security?
Digital Security is the protection of one’s identity online. It entails tools and measures to secure your identity and assets in the online and mobile world.
Working from home has increased digital dependency which has increased vulnerability to cyber attacks because we lack some of the protective measures or systems that our respective offices may offer such as firewalls. Additionally, reports already indicate an increase in cybercrime during the lockdown and it has been estimated that “one cyber attack takes place every 39 seconds”.
So, what cyber attacks or online vulnerabilities is one at a risk of facing?
This refers to a fraudulent attempt to obtain sensitive information like credit card details, passwords, and usernames by disguising as a trustworthy entity in electronic communications like emails. These emails normally have poor grammar and spellings, poor email design and quality includes a false sense of urgency and directly solicits personal or financial information. This is sometimes called “Spoofing”.
This occurs when internet users get directed to a fake website that mimics the appearance of a legitimate one with an intention of capturing sensitive information like passwords, usernames, credit card information and other PII. Pharming is sometimes referred to as “Phishing without a lure”
This is a form of malware attached to internet pop-ups or downloadable files once installed, they can monitor your keystrokes, read and delete your files, reformat your hard drive and access your personal details without your knowledge. Although most cyber attacks target specific individuals or organisations, spyware attacks cast a wide net to collect as many victims as possible which makes everyone vulnerable to spyware.
Another popular cyber attack on the rise is “Zoom bombing”. This attack happens when unknown or unauthorised individuals intrude on others’ meetings. It is characterized by unwanted intrusions into a video conference showing obscene or lewd things by an uninvited individual causing disruption. Similar situations have happened with online conferencing tools like WebEx and Skype.
To avoid being zoom bombed avoid using your personal meeting ID, always use a meeting password, take advantage of zoom’s waiting room, mute audio and disable video for meeting attendees and lastly ensure to turn off screen sharing for everyone apart from meetings hosts.
So how can one protect themselves from cyber attacks?
To avoid suffering consequences of cyber attacks like data theft and financial losses, the following measures will protect the security of your devices, your identity, data, and internet traffic.
- Install an antivirus and keep it updated. An Antivirus protects your device from all kinds of malicious software.
- Use unique passwords for every time you log in. Almost all pages we visit require us to create user accounts but we can’t keep track of all these passwords, in that case, a password manager is important, some free managers include Last pass, Dashlane, and Keeper
- Use a VPN. Ensure to use a Virtual Private Network (VPN) everytime you are using public WI-FI. VPNs encrypt your internet connection making it private. Some free VPNs include Hotspot Shield, TunnelBear, ProtonVPN, etc.
- Use two-factor authentication. Two-Factor Authentication, adds another layer of authentication on top of your username and password. Platforms like Facebook, Gmail and even WhatsApp have it, be sure to enable it.
- Use passcodes even when they are optional. Most smartphones offer passcode options and should be used alongside biometric authentications like fingerprints to ensure stronger security.
- Clear your cache. Your browser’s cache knows a lot about you, saved searches, cookies all which could trace back to your personal data and needs to be cleared at least daily.
- Turn off your “Save password” feature in all browsers. Browsers have an inbuilt password management system, turn that off and use password managers.
- Avoid click baits. Be smart about what you click to avoid being a victim of phishing. Look out for suspicious websites or emails typically requesting for personal information.
- Protect your social media privacy. Limit the amount of private information you share on social media like home address, phone numbers, and bank details
- Ensure you update your devices regularly. This enables you use latest software versions that are updated with better security patches which helps to reduce security vulnerabilities
In situations where you need to have private or sensitive conversations, there’s a need to use platforms that are encrypted, End to End.
End to End Encryption
End to End Encryption simply means encrypting communications to make them unavailable to third parties. By using encrypted platforms, the data we send is encrypted in such a way that only cryptographic keys stored on a recipients system or device can decrypt it. Rather than having the information in plain text that exposes it to third parties, end to end encryption ensures that the data is not read or secretly modified by anyone but the true sender before it reaches the recipient.
Some of the encrypted messaging platforms you can use for communication include but are not limited to Signal, Whatsapp, Line, and Telegram.
All the above techniques discussed cover securing information that might be taken from you unwillingly. But sometimes we give out our information willingly through the apps and tools we use. For example google collects a lot of personal information from users in form of location preferences, and behavior to make google services more useful to users. Although usage of google services like the popular google search engine seems free, it isn’t. Instead of cash, user data is sold to advertisers and this is the case with many other platforms out there including social media platforms like Facebook. Always remember that if you’re not paying for the product, you are probably the product!
Whereas some of us may never be able to do away with google services like cloud storage, search engine, and email because of how simple they have made our lives, It is always important to reduce the amount of personal information that you have out there. Here are a few ways to do that;
- Consider using other secure search engines like DuckDuckGo
- Consider using a different browser like Firefox and Brave
- Embrace your browser’s incognito mode
- Install privacy badger and crumble the cookies
- Use Google-anon to remove cookies that Google uses to track you
Tight encryption and online security measures seem to be the next best alternatives for individuals and businesses concerned about their data privacy. Data Detox provides a more detailed guide on how to take control of your digital privacy, security, and well-being in ways that feel right to you.
However, the key to protecting your privacy starts with your behaviour. One should never open emails from unknown senders, avoid downloading software from non-trusted sources, and always move the mouse over your links before clicking them to confirm the site you are getting directed to. Although digital dependency increases vulnerability to cyber attacks, these basic precautions alongside technical measures like end to end encryption and others explored above should be able to keep your device safe from cyber attacks.