We are online almost all the time in today’s hyper-connected society. With our smartphones and tablets we virtually always available, either accessing our emails, social media or just surfing. Recent research suggests that we spend on average 20 hours or more per week online [Ofcom, 2017].
This inseparable relationship with the internet has exposed us to a wide array of external threats which provides us with enough reasons to understand how to protect your personal information.
Major website hackings recently have increased dramatically. As it was reported that a trove of stolen data included classified U.S. hacking tools were offered for sale online. The past year, in May, hackers were reported having accessed some of the dumped tools to hijack computers around the globe.
In an article posted on Medium, Quincy Larson, the founder of Free Code Camp, an open-source platform for learning to code, provided comprehensive reasoning for people to make it tougher for attackers to access their personal data.
He further expressed his subjectivity on the term “attacker” by adding “anyone trying to access your data whom you haven’t given express permission to, whether it’s a hacker, corporation or even a government.”
Mr. Larson further added in an interview few rudimentary steps that can be taken to protect our personal data, however, as long as we’re connected to the internet there’s no one hundred percent safety, but we can only reduce the margin of error and ensure those steps have been taken.
1. Use Signal or WhatsApp as a medium of communication (Text messages):
The term ‘encryption’ is generally heard a lot and if you ask anyone about it most probably the reply would be it’s a “lock” to protect your data, but that’s just a superficial definition, so to speak. On the contrary, it scrambles up data which makes it difficult for anyone to really understand it without a key. It is quite useful for protecting data on your computer and also making sure no one snoops on your texts and emails on your phone.
Signal is quite a well-known app for the purpose of safeguarding your text messages. It’s readily available for use on both the iPhone and Android free of charge, however, there’s a catch, your friends must download it as well for its encryption to be fully functioning. On the other hand, Apple’s iMessage, also encrypted uses a platform which is open-source due to its code functionality, this allows any security specialist to inspect it without requesting special authorization from its original developer.
Moxie Marlinspike, the founder of Open Whisper Systems – the firm that created Signal, said that “In general, the idea behind the app is to make privacy and communication as simple as possible.
WhatsApp remains one of the most popular chatting platforms, also uses Signal’s software to protect text messages via encryption.
2. Being cautious not to click on suspicious links or documents sent via email and ensuring your computer/mobile phones are timely updated.
Cybercriminals have for a long time now targeted millions of computers around the globe using ransomware – a software that encrypts your data and that isn’t accessible until a payment has been made to the attacker.
Such attacks are carried out through sneaky schemes called ‘Phishing’ by sending emails that are visually legitimate and usually seems like an email received from someone you would know. Rule of thumb, don’t click on links when you’re not quite sure where it would redirect you even when sent by someone you know.
Updating your software without a delay is key the reason being software companies would instantly patch any bugs and vulnerabilities traced to reduce the possibility of an external attack. The problem with obsolete versions and pirated copies are that it makes it easier for the attacker to exploit the vulnerability that has been discovered and patched in the new software. Specifically, this problem is quite prevalent with computers using Microsoft Windows, which is the most used operating system in the world, and consequently an easy target for hackers.
In terms of practicing vigilance for Windows users, it is recommended by Mr. Chen to use Bitdefender or Malwarebytes as an antivirus tool.
3. Use FileVault or BitLocker to protect your CPU’s hard drive and back up your data to a cloud storage, external hard drive, or both.
Mobile phones are generalized as valuable assets we carry around with us, however, the real treasure lies in the personal information saved on our computers.
The threat lies in the idea that even if all your data is protected by a single password and a cybercriminal would gain access to it, he could instantly be able to access your files by decrypting it.
On the contrary, these threats are a part of our lives now and understanding how to take precautionary measures to ensure the safety of your data is of paramount importance. Such that Apple and Windows have designed specifically an automatic encryption that is a button away from turning it on. FileVault can be easily be enabled on the macOS from the Security and Private System Preferences panel. Apple has provided comprehensive guidelines to help you turn it on. Windows users are required to run Windows 7 and above to be able to run BitLocker. Also, a guide and you can access it here.
Correspondingly, it is of paramount importance to back up your data frequently. In case if you lose your data, it’s easier to retrieve it through a cloud storage/ backup service. There are numerous backup services offered online, however, few of the many would be Crashplan, which seemingly backs up your data as well as encrypts it. Alternatively, you could store or use an external hard drive to add that extra layer of security.
Backups don’t only store your data safely, but it also offers security against viruses and out of the reach of cybercriminals.
4. Use strong passwords which include upper/lowercase letters, numbers and punctuation characters.
This is already a known advice and highly recommended, using strong passwords and not repeating it elsewhere is one of the most basic steps toward protecting yourself from a cyber-attack.
Rethinking new passwords all the time is definitely an inconvenience, which prompts people to use the same password across their accounts or make it easy. Recently, Mark Zuckerberg, CEO of Facebook, had his accounts on Twitter, Instagram and Pinterest hacked as a result of the recurring passwords across the social media platform, he was reported to have used the password “dadada” which is really simple. That’s why experts strongly advice to create a new password for each account and it should considerably be a strong password, however, this raises another Issue – strong passwords are hard to remember and makes it difficult to recall it each time or poses a risk of losing it to someone.
To keep a track of your passwords, it is recommended to use password managers, which is similar to a bank vault, a place created to store all your passwords with just one master password. LastPass is one of the most used password managers in the world but there are also other similar platforms - 1Password and KeePass.
5. Using two-factor authentication across your accounts.
When accessing your accounts from new devices or in case someone breaks through the first layer of your password, two-factor authentication (2-FA) provides an extra layer of security by prompting it to send you a code to your mobile phone, email or even you can download Google Authenticator which works on some accounts to auto-generate a code for 30 seconds.
The 2-FA should also be set to accounts wherever it’s available, but your email is the real goldmine for hackers since many sites use emails as a backup to password recovery. Hackers are quite familiar with this knowledge and have exploited this in preceding years.
6. Using HTTPS plug-in which ensures encryption between your browser and the website.
This plug-in is highly recommended which verifies and differentiates between a secure/unsecured page. Hyper Text Transfer Protocol Secure (HTTPS), the ‘S’ at the end is what ensures that the website you are entering is encrypted and would ensure all communication/data exchanged between your browser and the website are protected from different forms of surveillance and potential attacks.
An extension developed by HTTPS Everywhere provides a safe browsing experience and helps identify suspicious pages without having manually to check each time for the availability of the ‘S’. It is downloadable for several browsers, but for now, you can download it for Chrome and Firefox, the two most used browsers.
Any questions regarding the plug-in are answered here, you can find a list of FAQ’s to enlighten you and also includes its availability on other browsers.
7. Using Virtual Private Network, or VPN.
It is common practice for people to use VPN especially in countries where access to certain sites might be prohibited due to reasons, however, the real benefit of VPN isn’t just allowing you to access banned sites.
The Time’s tech expert, Brian X. Chen, highly recommends using VPN to create a secure connection which protects all the data flowing in and out of your computer/phone, and masks your IP to a different location than you currently are, in short hides your location.
Technically the function of VPNs is to create a secure passageway through which all your data is sent/received and other computers or devices connected to the same network can’t make any sense of it. This is especially useful when accessing public networks, like at the airport or malls.
If you want to invest in a VPN, some require a monthly subscription after the trial is over and some are free. The tech expert, Mr. Chen, recommends using any of these Freedome by F-Secure, TunnelBear or Private Internet Access.
8. Anonymity isn’t always guaranteed.
Incognito feature is available on several browsers including Chrome, Safari, and Firefox, however, it isn’t completely secure. On Chrome, the incognito home screen clearly mentions that “You aren’t invisible”. “Going incognito doesn’t hide your browsing from your employer, your internet service provider or the website you visit”. This mode just simply doesn’t keep a record of the websites you visit, this means you are vulnerable to sites keeping a track of your visits and collecting data via cookies – small piece of data that is sent from a server to the browser and vice versa, usually is used to analyze user behavior, save preferences and login credentials.
9. Use DuckDuckGo search engine for sensitive searches.
If people don’t completely feel safe about using Google as the primary search engine, it is highly recommended to use DuckDuckGo.
Mr. Larson said, “Google is built on the hacker ethic, and they have put principle above profits in some aspects.”
However, you would find many that are dubious of large software organizations such that in Mr. Larson’s experience have crossed paths with many and he thinks it’s “reasonable”. There’s always a trade-off. Search results on Google appear to be much more precise when compared to its competitors’ specifically because of the way it gathers and evaluates data on its customers’ searches.
An extra precautionary measure?
If someone manages to find a way into your computer, they wouldn’t be able to snoop on you.
And yes this most certainly happens around the world, you can read about it here! Mark Zuckerberg was recently found to have taken this precautionary measure and his picture posted on twitter viewed his lap covered with tape, you can find the whole story here.
-Mahmood Hassan Aladawy firstname.lastname@example.org
This article was originally printed on Nov 22, 2016 with headline “protecting your personal digital data in 7 easy steps’” on the NYtimes.
Back to News List