21 March 2017

Cybersecurity in seven minutes

MARCH 15, 2017 —Knowing about cybersecurity risks isn’t the same as protecting against them.

For instance, a recent survey from the Pew Research Center found that just 12 percent of Americans use a password manager, and only 3 percent use it regularly – even though that’s how security pros recommend everyone keep track of passwords. It takes time and effort to stay on top of best security practices, so all too often, people cut corners.

That’s why we’ve put together a short guide to cybersecurity essentials. It will walk you through some of the most common risks, and the specific ways to protect yourself when it comes to three critical areas: 
Privacy: How someone else can see what you’re doing online or on your device. 
Security: How someone can intercept data. 
Control: How someone can take over your smartphone or computer. 

These scenarios illustrate the kinds of risks to watch out for, and how to protect yourself.
The privacy-killing phone

Do you use an online service to backup smartphone files, calendar, and photos? Sometimes this kind of software syncs call histories and data between phones and shared devices without users realizing this could expose private calls or other information.

For instance, what if you made calls to someone you'd rather your spouse or another family member didn't know about? That phone number might show up on your shared home computer.

How to protect yourself:

• Know what software you have installed on your computer and phone, and don’t install if you don’t know how it works.

• Think twice before sharing information from your computer with any company or app – or perhaps even before sharing devices between family members.

The leaking app

Do you use a text messaging app on your computer? If the app sends messages in a way that's unencrypted, someone with the right tech skills could can read them.

Insecure messaging apps could expose confidential business information or even open you up to government snooping.

How to protect yourself:

• Only use online communications and software tools that encrypt your data like Backblaze (encrypted cloud storage) or Signal (encrypted messaging) .

• When you’re choosing software or signing up for a new service, look at its security ratings.
The downloaded takeover

If you download a malicious document from an email attachment, your computer may get infected by a virus that could take over your system. 

If it's a ransomware virus, it could encrypt important files until you pay cybercriminals a fee to decrypt the data.

How to protect yourself:

• Only download from sites you know and trust.

• Be cautious when opening email file attachments.

• Run antivirus software on your Windows PC and keep it up-to-date.

Illustration by Rob Cottingham
The surveilling network

Do you access Facebook at work? If so, your computer’s online activities are tracked by your company’s networking software. And, your IT department can tell your boss how much time you spend on Facebook.

How to protect yourself:

• Use a Virtual Private Network (VPN) to mask what you are doing online.

• Use Tor, a browser that protects your online activities.

• If you’re using Facebook at work, use your personal phone (and don’t connect to the company Wi-Fi network.)

• Maybe don’t use Facebook at work.


Illustration by Rob Cottingham
The next-table hacker

Have you ever logged into your bank account while using Wi-Fi at your favorite café?

The network may exposes your banking data to a malicious hacker who is on the same network.

The hacker could use your banking information to make purchases with your money.

How to protect yourself:

• Use a Virtual Private Network when you’re on a public network that serves as a trusted intermediary for everything you’re doing online such as Private Internet Access.

• Be careful about what you do online when you’re using a public network.

• Regularly review your bank and credit card statements.
The too-good-to-be-free network

So, you needed to get online while at a hotel with expensive Wi-Fi fees, so instead you hopped on the Free Public Wi-Fi network.

But, the network let someone else get access to your computer, too.

In this case, the malicious hacker used that access to install software that ropes your computer into a “botnet” – a network of computers that are used for various hacking purposes – but all you notice is that your computer is a little bit slower.

How to protect yourself:

• Never join a network you can’t identify.

• Regularly scan your computer for stray software.


Cartoon by Rob Cottingham
The web stalkers 

Most websites install "cookies" on your browser to track the products you look at online.

As a result, advertisers and marketers target you with ad that are based on your past history and collect information about your browsing habits.

How to protect yourself:

• Set your browser to block third-party cookies.

• Browse the web anonymously by using private browsing (ok) or Tor (better).

• Use an ad blocker program to avoid ads and ad targeting.

• Join fewer social networks.
The phishing attack


Cartoon by Rob Cottingham

If you changed your password after getting a warning from your email provider, you could be in trouble.

That message may not have come from your email service; it just looked that way. In some cases, crooks set up fake sites to impersonate email providers.

If it was a scam, hackers have your password.

How to protect yourself:

• Use password management software to create a “password vault” that will allow you to create and use unique, strong passwords for each site you log into.

• Never follow password reset links (unless you just triggered a password reset on a site you trust). Instead, visit the site where you want to change your password, and start the reset from there.

The false flag takeover

Have you ever received a link in an email to update your software? Yeah, that email probably didn't come from your software company.

But if you followed the link and downloaded an updated program, bad guys now have access to your computer.

How to protect yourself:

• Always look at the address a link points to, not just the link that is shown.

• Keep your software updated yourself.

• Never trust tech instructions in an email, pop up, or phone call that comes to you. Instead, call back a number you know you can trust, or email a trusted address.

No comments: