Although you might think otherwise, these types of cyber-attacks are not limited to companies or governments. Far from it, attacks on personal accounts are very much the order of the day, even generating monetary losses. No one is safe.
Because of this, this article tries to mention some of the most common measures that can be taken to be a little safer in the digital world.
There is no such thing as 100% security and, beyond technical (and sometimes boring) configurations, the entry is oriented towards a constant thinking about cybersecurity and the risks that may exist on the net. The idea is not to become obsessed and isolate oneself from the world, but to act logically or, as I personally like to say, with common sense.
Mistrust ‘by default’
In cybersecurity there is a premise, first mistrust, verify what you are securing, and then act accordingly. Many times we perform automatic actions without stopping to think about the possible consequences, and this in a digital world full of malicious actors, can cost us dearly.
Caution with links
Whether they are links in emails, links on websites, clickable images, pop-ups, etc., always always always check where you are going to click.
In the vast majority of cases, given the origin of the link or because we know it is reliable, we can click and browse without any problem (although we can also be suspicious). Even so, there will be another percentage of occasions where we may not be so sure and we must act with caution.
Before entering, we can check that we are going to navigate where it really says we are going to navigate, and then look for information about that page.
Information trackers
Normally the websites we visit are not mind readers and know what we are thinking. This is due to the way certain types of advertising show us what we want most. It is not magic or fortune telling, it is based on what we have searched for (or even talked about) before.
Although it is difficult to get away from these ‘listening’ mechanisms, ad, tracking and content blockers can be used. These are just small tools designed to block these behaviours. Similarly, you can use web browsers based on security and privacy that also use search engines designed for this purpose.
Social networks and messaging
From a cybersecurity point of view, poor management of social network accounts and messaging applications is a huge hole that goes unnoticed. There are cases of identity theft with fake profiles used to obtain banking information or sensitive data, links to malicious content can be found in comments on posts, there are cases of fake support accounts used to steal information, theft of the accounts themselves, etc.
As if that were not enough, social networks are also a problem in terms of user privacy. On some occasions, accounts are open to any user on the network or even on the Internet, exposing personal information or images. Believe it or not, any information in the public digital world can cause us great harm.
What actions can we take? As mentioned above, first of all, be suspicious of any type of communication or content that is not identified. Likewise, always be alert to new login events. Finally, emphasise the importance of privacy, do not expose yourself publicly if it is not really necessary.
Nothing is free
The title of this section seems really accurate to me in the digital world and its possible malicious actors. It is not always about infecting the device with a virus, but rather about obtaining information or attracting users for a purpose, usually to obtain a monetary benefit.
In this sense, there is a well-known and very accurate phrase that says, ‘if it’s free, we are the product’.
Avoid open WiFi networks
Open WiFi networks can be helpful at certain times when we need an Internet connection. However, in recent times they have acquired a malicious character due to the ease with which information can be stolen from them.
Under these networks, a cybercriminal may be able to ‘position’ themselves in the middle of the communication between our device and the final server, stealing all our information.
For this reason, it is important to avoid these types of networks, even if we think they are legitimate. In these cases, it is preferable to have a personal mobile data connection. In those cases where it is unavoidable to have to connect, you can always use a VPN to encrypt the traffic and make it unreadable.
Shopping on the Internet
Internet offers are a constant. A multitude of portals compete to offer the best discounts, selling products even below cost. Make no mistake, these companies never lose.
The aim is to attract users and try to get them to buy other products as well as the product on offer. That’s not a bad thing if you don’t ‘get stung’, the problem is that other websites sell the products with the aim of obtaining personal data and being able to sell it externally. Be careful with this type of purchase because sometimes it is worth paying a little more and preserving your privacy.
Protect your accounts
On the Internet there are many different kinds of sites where you can register to access certain services. Normally, these websites ask us for our personal details and store this information in their databases.
So far so good, but what happens if my details are leaked? What happens if the password I have entered is also used on other websites?
These scenarios are more common than you might think and are one of the ways that bad guys can gain control of our digital lives. In view of this, there is no denying that we have to open an account on a website (although we should consider whether it is really necessary), but we do have to protect ourselves accordingly.
Two-factor authentication
Setting up two-factor authentication for account protection is considered an even more important security measure than good password management.
This security measure is very widespread nowadays, and allows an additional barrier to be established to the first validation factor (usually passwords). In this way, we ‘ensure’ that the person accessing the account is the legitimate user and, in the event of theft of credentials, they would not be able to access it since the double factor is also necessary.
As with everything, it is not 100% secure and has its weaknesses. For example, given the possible vulnerabilities of the traditional SMS messaging system, it is not recommended to establish a two-factor protection system via this route, and it is preferable to configure applications designed for this purpose.
Passwords
When it comes to security, we are very strict about passwords. We are always reminding people to change them, to use a thousand characters, numbers, capital letters, symbols, etc. It is true, it is not convenient, but we also have to think about their importance, where they are considered the first validation in many cases.
How do we come up with good passwords? At this point I think it is worth emphasising the importance of password managers. These are small solutions that help us in the daily administration of passwords and make our lives easier by setting a password for each site.
The second thing I would like to identify is biometric readers. More and more applications and websites allow the use of biometrics as validation. It is a totally valid solution and even more secure than passwords in many cases.
If none of this convinces us, it is important to use strong passwords and, above all, to change passwords between different websites.
My data is mine and mine alone
In the digital world, personal information seems to have a much lower value than it should have. While in our life we may be somewhat stricter about offering certain personal data, on the Internet we tend to give it away even before we are asked. This is quite serious and on many occasions it is an automatic action.
We are the ones who govern our data, and as such, we should have control over it and not sell it at zero cost. This is mentioned because it is the objective of many attacks, which are based on obtaining the user’s own information and then taking another series of actions.
Not offering personal data
It seems obvious that, to avoid greater evils, we should not offer up our personal data, but this will not always be possible. Websites often ‘scan’ data in their logs, sometimes abusively.
In view of this, we must bear in mind that we are in a position to demand the deletion and/or modification of our data in different web environments. This is mainly based on the European regulation, GDPR, where any website hosted under this policy has the obligation to comply with it.
I would also like to make special mention of companies that can pay us for our data. There have been cases where they have exchanged money for a reading of our iris, for example. From a privacy point of view, this is very serious and should never happen.
Online monitoring
In a similar way to what happened with trackers, monitoring on the Internet is constant. Not only on specific websites but also on browsers or entire systems. Therefore, it is advisable to use security mechanisms that prevent this type of monitoring, such as security-oriented browsers, search engines with a degree of privacy or even systems dedicated to this purpose.
It is also important to try to block typical third-party cookies or, at least, to read and select them. It would not be right to accept any type of cookie automatically.
Internet of Things
Although it is commonly known as the IoT or Internet of Things, we are referring to all those devices in the home that are connected to the Internet. Speakers, televisions, washing machines, refrigerators, etc. In recent years, everything has been connected to the Internet in order to offer a better service.
In this context, any device can be compromised and we should not wait for our robot vacuum cleaner to follow us around the house. The purpose in this sense is clear: to reveal our most confidential information, to listen to us, to see us or to follow us to find out how we live.
Devices that are always listening deserve special attention. They offer a good service, but we have to bear in mind that they are constantly recording our surroundings.
Faced with this type of scenario, use common sense and decide whether it is worth it for the dishwasher to have an internet connection. If necessary, always follow the manufacturer’s instructions.
Payment methods
Entering, for example, a credit card on a website to make a purchase is not necessarily a bad thing, but it is a delicate one. It is totally inadvisable to enter the card that we link to our current account, where we are paid our salary and have our savings, on a website. The same goes for when we link the bank account with our money in payment systems. This should never be done.
Instead, you can use prepaid cards designed for this type of online shopping, or even bank accounts to transfer the money to. But it is important not to give your bank details to websites that may suffer a data breach.
Protecting digital money
Something very specific but which has been spreading more and more in recent years is digital money or currency. These are assets, normally based on blockchain, that can be purchased with FIAT money. We are talking about Bitcoin, Ether, Cardano, and all those other digital currencies.
It is also highly advisable to protect this money and not just buy it and store it on an exchange. The best thing is to have a cold wallet. That is, to have the private key to our money in our possession and not constantly connected and exposed to the Internet.
Series of security habits
Under this heading we want to point out a series of security habits that can be useful in everyday life. Combined with critical thinking in cybersecurity, it will be a little more difficult for us to be affected by a major problem.
Always apply updates
Keeping systems up to date is important in order to apply the latest security fixes developed by the manufacturers. Whenever possible, do not delay these actions for too long as they implement a series of important security improvements.
Likewise, systems or devices have a life cycle in terms of these updates. It may be three, five or more years, but it is also important to bear this in mind, as when this support ends the device becomes vulnerable to new attacks.
Antivirus
Antivirus or antimalware programmes are important components of any system. Although, as we have seen, they are not enough on their own, they do help a lot in detecting and blocking threats.
In addition, depending on the purpose, they usually offer additional tools that can help us with other protection tasks.
Staying informed about cybersecurity
Although it is difficult to keep up to date with new threats, it is advisable to at least take into account any alerts or events that inform us about them.
The state security organisations do important work in this respect, reporting new attacks and issuing global warnings. There are also many media outlets, such as this blog, where we can find information and keep up to date.
