4 minute read

PHISHY BUSINESS Vanessa Love, UTS Cyber Security Society

Phishy Business:

A Guide to Cyber Security

by Vanessa Love, Director of Education at UTS Cyber Security Society.

Our societies now run on new technological infrastructure that, if compromised, could result in frustration, extreme loss or even the destruction of our civilisation as a whole.

In this article, we’re going to teach you some basic security measures you can implement to avoid identity theft, being hacked, and the loss of personal data and accounts.

Implement 2FA Beware of Phishing Emails

2 Factor Authentication (2FA) is offered by most websites as a way to keep your account secure. This involves downloading an app on your phone and connecting it to your account. When you next log into your account and provide your password, you will also be asked for a token from the app on your phone. Entering this code as a second method of authentication prevents bad actors from being able to access your account if they crack your password as they don’t have access to your 2FA token. Phishing emails are sent by bad actors in an attempt to get you to reveal sensitive information about yourself. Often these look like legitimate emails you would receive from companies, however, when you click on links, download attachments, or respond to these emails, you’re actually sending your data to the hackers. There are some ways to identify these emails. First, check for any common spelling mistakes. A poorly drafted email could be a phishing attempt. Second, look at the company that’s sending the email and ask yourself questions. Do I have an account with this website? Have they ever contacted me before? They’re asking for my bank details; shouldn’t they already have them? Third, go into the properties of the email and check the address in the reply field. If the URL is not correct and redirects to a suspicious domain, this is a phishing email. Fourth, even if you think the email is legitimate, always go to the actual website to login as you usually would. There’s no need to click the link they provided you when you can go to the website online yourself.

Encryption

Password Managers Data Collection

When storing data on hard drives or USBs, you can encrypt those devices first to help protect your data. Using a tool like Veracrypt, you can format the drive with a password that needs to be entered every time you plug the device in. This ensures that even if you lose the device, you don’t have to worry about other people accessing your sensitive information. A word of caution though, make sure you write down the password or use a password manager. If you lose your password, you’ll be the one locked out.

A password manager is essential in today’s world as people usually have a variety of different accounts for services they use or have forgotten about. A free, opensource password manager like Bitwarden can help protect you online by generating strong, unique passwords for each website you visit and storing them securely in the cloud to ensure access on multiple devices. This helps avoid password re-use which can dramatically reduce your online safety because if hackers crack your password on one site, they have your password for every other account you’ve used it for. Every account you sign up for, will collect some kind of data on you, and start to establish a profile of your online presence. Reading the terms and services of websites can be a very tedious process that no one really does, but there is a handy browser extension for that. It’s called ‘Terms of Service: Didn’t Read’ and allows you to discover at a glance how intrusive a website’s data collection and privacy policy actually are. Also, note that browser extensions themselves might not always be safe, so do your research before installing anything on your computer. Avoiding some services altogether isn’t really an option for most people, so it’s important to remember that you are being tracked across the web and the data collected on you is being sold to other companies without your consent. Spoofing your details for accounts and deleting old ones that you no longer use is a good way to help reclaim some of your privacy and digital safety back as the fewer accounts you have, the smaller your digital footprint, and thereby the smaller your attack surface is.

Even something as simple as going through and changing your browser settings can help to improve the privacy and security of your browser. The landscape of cyber security is constantly changing, and with it, the recommendations and courses of action you should take for your online protection. Be vigilant, not fearful, and you’ll have the best chance of staying safe online.

“The fewer accounts you have, the smaller your digital foot� print, and thereby the smaller your attack surface is”

This article is from: