Practical Cybersecurity. Better Than Being Gullible
Did you know that every time you upload your photo on social media, you are giving away valuable information to hackers? No seriously, your phone gives away details of the device that took the photo, the date and time the picture was taken, and the geolocation.
Recently I completed a mandatory cybersecurity training at my organization. It was an eye-opener. Not just in terms of the realization of the presence of dozens of easy-to-avoid loopholes, but also how far have we come in terms of all the ways information can be taken from us.
I was not able to access any online service of my city’s library for 5 months! It was attacked by a group of ransomware criminals who got their hands on the employees’ personal details such as social security. It’s not just organizations like banks that get attacked, these low lives don’t even leave individuals like you and me.
So what can we do to be safe and sane in this wild world of the interwebs crawling with masked cyber thieves? Here are some practical tips that are easy to follow, and don’t require you to be a tech-savvy nerd or spend a lot of resources.
Treat sensitive and confidential data with care
Sending an email is like sending a postcard. It eventually reaches the destination (most of the time), but everyone on the way can read it. So if you are sending confidential information, at least encrypt the file. Here is Google on how to encrypt Gmail.
Do not reveal your personal information to strangers, including your address. For example, if you have to give directions to someone in public, maybe text them instead of trying to talk loud to be clear. Some people even scratch out their receiving label from a package from Amazon before putting the cardboard for recycling.
Avoid surfing your banking app while in public or transit. Avoid putting your credit card information on all merchant websites. Avoid telling anyone your one-time password, even if the person is authentic. Raise red flags especially if it is someone claiming to give you a discount on your service and that person doesn’t even know your email ID or location.
Avoid uploading your photo to multiple places
Apart from the metadata mentioned at the beginning of this article, your photo can also reveal your location, your family, and anything that an identity thief is on the lookout for. With the advent of AI (Artificial intelligence), your photo is also being used to train machines for various things such as facial recognition.
Use 2-factor authentication wherever possible
The idea behind multi-factor authentication is that it is practically impossible for a hacker to hack everything (your laptop, your phone, your email) at the same time. If your phone is not sim-swapped, the hacker won’t get your text messages like one-time passwords. I use Microsoft Authenticator and Google Authenticator for all important accounts such as banking and brokerage accounts, they are both so easy to use.
A couple of years ago someone was trying to login to my Gmail from a computer located thousands of kilometers from my current location. Thankfully I had multi-factor authentication enabled, which led me to quickly change my password before anyone got in.
Reduce time spent on Public Wi-fi
I treat Public Wi-fi like a public toilet. In malls/shopping areas, restaurants, or public transit, I only use it in dire situations. Say when the mobile signal is very weak inside a mall or basement, and I get out of it after my business is done.
I strictly do not open any banking app or email when on public Wi-fi. My use of public Wi-fi is limited to audio and/or video streaming. I prefer to use public Wi-fi when there is a password. Chances are, those passwords are updated and old hackers are less aware of the latest ones.
Keep greed and fear in control when checking your email
Recently a hacker sent a mass email to all the employees of my organization, on our personal email IDs! Posing as a person who is very high up and urgently calling for a talk. It is very easy to give in to the urgency, but if you just pause for a moment, and check the sender’s email ID, it becomes very clear that it is an impersonation attempt.
Similarly, we receive plenty of offers that are too good to be true. It might not even be a Nigerian prince offering his share of millions in inheritance, it might be a simple sign-on bonus from (an obviously pretending) e-commerce or a streaming website. Just wait a second before clicking that link. You can simply hover your mouse or see the link before clicking it. If the link is not the authentic website that you know, just don’t click it.
Keep the defense updated
Spend a few seconds and try to enable your operating system’s firewall and defender. If you are using an anti-virus or anti-malware program (why wouldn’t you), keep that updated to the latest version.
Apps on Google Play Store and Apple frequently get exploited due to their hidden vulnerabilities. When they are detected, the app tries to roll out quick fixes, and that is why it is important to keep apps updated and not store any confidential information such as credit card or banking logins on apps.
Passwords Passwords! How many are there?
I get it. The mess, the hair-pulling experience of maintaining 100 passwords (an average person these days has 100 logins). But there are a couple of things we can do. We can use a password manager or even a browser-suggested password. That way, we just have to ensure that the password manager or the browser is safe from hacks.
Another trick that I have learned is that it is far more difficult for anyone to crack a long password than an 8-letter password with special characters. So you can think of a phrase or a short sentence that you can easily remember, and keep that as a password, maybe replacing a few letters with numbers or special characters (3 for E? L for !).
I also believe that if your home space is safe, then it is easier to write a password with a pen on actual paper. These days no one is interested in reading a paperback book or your boring diary.
If you appreciate my work and would like to tip me to continue improving, please buy me a coffee.
