Cybersecurity: Also a matter of privacy

Cybersecurity encompasses both public and private spheres; weaknesses in either of these can impact all parts of your life. Cybersecurity is not simply a concern for organisations, it is also important that individuals incorporate simple and easy safe cyber practices into their daily routine. So what are these practices that are putting us in danger without us knowing? With #Cybermonth in mind, here is a list of 6 habits you should banish in your personal life in order to keep your data protected and make your life more comfortable:

1st pitfall: using the same password for all your online accounts

Some people use the same password for all online accounts, making it very easy for private data to be hacked. Using different passwords for every online account is critical. Nevertheless, your passwords need to be hard to decipher.

Here is some advice: 

  • Use a different password for each usage (application, devices, etc…) and never re-use the same password between work and home.
  • Change all default passwords before using your solution or product. You must also change your password on indication or suspicion of compromise.
  • When possible, choose the longest  combination of words, numbers, symbols, capital and lower-case letters for your password. Be creative to invent your own method. This will be much more difficult for hackers to guess.
  • You can use free digital wallets [software password management like Lastpass, dashlane are the most known, for instance] to help you record and store your passwords.
  • Don’t forget to always lock your smartphone and laptops with a password.

2nd pitfall: frequently using unsecured public WiFi

Finding free public WiFi can seem to be a strike of luck, however, these kinds of networks can actually endanger all your devices and particularly the data they contain. A network without a password is not protected at all; your messages, photos and videos can all be red/downloaded easily by a hacker. Another form of cyberattack involves hackers creating a fake public WiFi, where they will wait for you to connect and then steal all your information.

Here is some advice:

  • The simplest precaution is not to connect to the Internet using unknown hotspots, and instead use your mobile 3G or 4G mobile network, which will have built-in security.  
  • It is also better to use a portable WiFi router that is just like your internet box at home, but instead of being attached to a phone cable, they have a SIM card inside. Moreover, it will allow you to connect multiple devices simultaneously.
  • You can also use Virtual Private Networks (VPNs), a technique that encrypts your data before it is sent across the Internet. If you're using third party VPNs, you'll need the technical ability to configure it yourself, and should only use VPNs provided by reputable service providers.
  •  Turn off the internet on your smartphone when you do not use it, so you cannot be tracked.
  • Ensure your anti-virus software is updated when you know you will have no other choice than use a public wifi.
  • Be aware that free public chargers for your phones are just as dangerous. If you want to use them ensure you are protected with adaptors that will block the transfer of data.

3rd pitfall: postponing software updates

Updating the software on your PC, smartphone or computer will prevent the risks of intrusion. By definition, an update is an improved version of your software. These updates provide cybersecurity solutions to fix previous failures in the systems.

Here is some advice:  

  • If you don’t like to wait for your updates to end, program them for the night.
  • Start it when you are connected to your private WiFi at home, it will be faster and won’t waste your mobile data.
  • Only download software installation and updates from official sites.
  • Configure your devices to allow automatic software updates.

4th pitfall: routinely publishing images of your friends and family

The ability to upload and share photographs is a key feature of many online social networks. The image-annotation functionality often offered in these applications allows users to ‘tag’ their contacts in the photographs uploaded. Therefore, it gives potential criminals a complete collection of photographs of an individual. These images can also be geo-tagged (by location) and may contain other information in the background, such as: car registration plates, house numbers and even images of sensitive material such as military equipment or maps, which could pose a security risk. A user could be so careful not to post anything inappropriate on their own accounts; however, they cannot control what their contacts do. Birthday greetings can reveal exact dates of birth, whilst comments on work-related posts may disclose sensitive information on individuals who work in sensitive roles. Dates of birth and home addresses are commonly used to verify your identity and may, therefore, be used by criminals for the purpose of identity theft. In addition, many of the answers to common security questions, such as ‘pet’s name’ and ‘name of my first school’ can be found via social network profiles.

Here is some advice:

  • Social networking sites generally require an email address to sign up and if a corporate email address is used, it may be harvested and used for phishing or targeted malware attacks against the organisation. Set up a separate email account to register and receive mail from the site. That way, if you want to close down your account/page, you can simply stop using that email account too. Setting up a new email account is very simple and quick to do using common providers.
  • Frequently check your friends list and remove people you hardly know.
  • Configure your privacy settings to limit the visibility of your posts to your close friends only and prohibit the sharing of your pictures.
  • Do not click on links in posts, tweets or direct messages unless you are 100% certain that they are genuine and well-intentioned.

5th pitfall: exclusively using your PC as an administrator

As administrator, you have many access rights on a PC: deleting apps, adding new ones, reconfiguring other sessions. However, when downloading an app, the administrator essentially gives its rights to this app. Some Trojan horses will take advantage of this situation and take control of your PC. So, even though not having admin rights limits your access to your own devices, it also restricts hackers who try to access your sensitive data.

Here is some advice:  

  • Create an administrator account with a strong password and set up your PC.
  • Then, switch this administrator account to another type of user (e.g. “guest”) in order to limit the risk of being cyber attacked. This does mean your PC will ask you for the administrator password each time you try to carry out a decisive action (such as updating your operating system, deleting files etc.) but your PC will be better protected overall.

6th pitfall: trusting all the emails you receive

We all receive dozens of emails a day that we open with trust. The email is one of the preferred vector criminals use in their attempts to trick busy people who don’t take the time to read with attention every message. Criminals who use “phishing” tactics are successful because they carefully hide behind emails and websites that are familiar to the intended victim.
Cybercriminals use among other collected information the personal information to impersonate the victim – applying for credit cards, opening bank accounts, applying for loans, and committing other fraudulent activities. They can also use this technic to infect computers and infiltrate company networks for targeted attacks.
For instance, receiving emails from your bank, a relative or a public institution can create a sense of trust and confidence. Still, it is possible that they may have been sent by a hacker trying to replicate emails which are familiar to you. These emails will direct you to a virus using links, attachments or requests for your bank details/passwords. The motives for providing this information may seem legitimate but hackers won’t hesitate to steal your personal information or freeze your system with the purpose taking your money, in that case this is called “ransomware”. If this occurs at work it can contaminates your whole professional network.

Here is some advice:

  • What makes phishing messages suspicious is that in addition to urgent language, phishing emails often employ a sense of scarcity, reciprocation, authority, affect and proximity in hopes that readers will click malicious links or attachments out of alarm or confusion. Such messaging is often framed around updates that are immediately required, payments that must be made within a certain amount of time, gifts that you have to collect in a very short period or you will lose it.
  •  In case you fail victim, disconnect every device from your computer to avoid their infection and launch an anti-virus scan. If you have provided bank details, inform your bank and signal the incident to the police. If you notice a fraudulent use of your email account or any other application, immediately change your account password.
  •  An emerging threat on phone is now called "smishing", when someone tries to trick you into giving your private information via a text or SMS message, using the same technics as phishing. Just ignore and delete the message. You may also be able to activate “block texts from the internet” feature if available on your phone.
  • In case of doubt, never reply, type in the website addresses yourself and use their contact options to ask the organisation if they sent the message to you. Be aware that no person or organisation (e.g. bank or business) has the right to ask for your passwords.
  •  When it is possible, use a multi-factor authentication.

Head over to the#JustAskGemalto page to access tips and information on how to use your devices securely in our digital evolved world.