Cybersecurity: What I know that you should too
It’s the era of the Internet of things(IoT), of driverless cars that talk to automated garage doors, that in turn talk to a house’s lighting system, which knows just when its owner who has an artificial pacemaker walks in. This individual’s artificial pacemaker talks to his mobile device, which talks to his doctor. The point is, everything is talking to every other thing. And it is fastly becoming the new normal. There’s no stopping it, there are only more and more developments coming up. So, why should you be concerned about these talkative devices and sensors? Well, because a human-like you can talk to all your devices without your permission, yes, including the artificial pacemaker stimulating the next heartbeat of an individual with such an implant. So I've compiled a list of things I know about cybersecurity that I think you should too. It’s not an exhaustive list, it’s a personal one meant to spread awareness and cause you to take actionable steps to protect your present and future interests and assets and maybe even your life. Here are the standard methods I use:
Protect your data: This had to come first as it’s the most important. Protect your data online and offline. Be careful about how you respond to unsolicited calls and emails. Try not to share debit card details or anything personal. No matter who the caller claims to be, don’t share any passwords, or other private details. If the person is genuinely from a service you’ve subscribed to, then surely they can afford to call back later. Later, being a time when you’ve confirmed the identity of the caller directly from the service provider. By service provider, I’m referring to banks, Internet Service providers, or any other subscription service. It is important to also state here that you should always do your own research. The more you know about the services and promos your bank or subscription service is offering, the easier it is for you to detect lies when you receive unsolicited emails, calls, and text messages from phishers. Lastly, don’t be too quick to provide your email address or other personal details to apps or other internet services(more on this later).
Use VPNs: VPN stands for Virtual private network. A virtual private network is a service that provides a secure and encrypted connection for its users by hiding their IP addresses. Think of a VPN as your personal invisibility cloak. It enables you to have a high degree of anonymity online and allows you to go to places you normally wouldn’t be allowed to if the gatekeepers could see you. Pretty neat right? It’s mostly legal to use VPNs. I used 'mostly' because some countries that censor websites or outrightly ban access to external networks also have bans placed on VPN use. China has a ban on most VPNs but it has a list of state-allowed VPNs. That defeats the purpose of using a VPN because they can track the users of such sanctioned VPNs. Also, hackers gain access to people’s computers through their IP addresses. So if you’re using a VPN, you’re doing yourself a world of good, as your VPN provides you with its own IP address and any attack would be directed at its own secure servers, not your computer or mobile device.
Use Password managers: There are a number of secure and easy-to-use password managers out there where you can safely store your passwords and you’ll be given a master key which you should keep offline, don’t go saving it somewhere on your device. I repeat keep your master key offline. A good number of these managers are paid products, but there are free ones such as bitwarden(I use this and I recommend it). Bitwarden uses salt hashing(a really cool way of encrypting your data such that in the unlikely eventuality of a breach, the attackers would only see gibberish and not your real password), and other technologies to keep your data safe and secure. In addition, Bitwarden randomly generates safe passwords for you. A rule of thumb for the creation of safe passwords is that “passwords shouldn’t be memorable”. If you can easily remember your password, then it’s probably not as strong or as safe as you think because, hackers use really complex algorithms to crack passwords these days. So a password manager such as bitwarden is a safer choice.
Use authenticators: You probably are used to the not-so-recent trend in registering for online services where you have to set up two-factor authentication. Well, it’s a pretty good trend. But, there’s a catch, if you’re using text message or email as your factors then you’re at risk of a man-in-the-middle(MITM) attack. A man-in-the-middle attack is one in which an attacker is able to intercept communication between two parties. The MITM then alters the messages as they desire in order to gain access to secure data. This is where the use of authenticators comes in handy. Authenticators work by generating a passcode that is created from a secret code shared between you and the authentication service. Examples of authentication services are the Google authenticator app, kraken, and bitwarden.
Practice safe online habits: Safe online habits such as being cautious about the links you click on, checking and double-checking websites you visit to be sure they aren’t cloned versions, and keeping your personal life as far away as possible from the online space are vital in ensuring online attackers can’t get to you through phishing. Phishing is a method of hacking that crackers use to obtain valuable information from unsuspecting individuals by stealing sensitive data through various means in a bid to create a profile of the individual which they then use to access the individual's private accounts(bank, social media, crypto wallets, etc). Other cybersecurity practices are
- Create multiple emails for different purposes: Use one for all your financial processes, use another for social media, and then use another for the random services you sign up for daily.
- Keep your social media accounts as private as possible: Keep important details off of social media. Details like addresses, phone numbers, emails, and location. Keep them private.
- Lastly, deep fakes are becoming a thing. The likeness of individuals – their faces, voices, and mannerisms – can be captured and used to impersonate them. So, as much as it depends on you, keep pictures and videos away from the online space. Thank you for reading through. Please drop comments and your own cyber safe recommendations.
P.S. The cover photo is from pngtree