How to be safe on the Internet
We believe in everyone having a safe environment to browse the internet and be protected against all malicious activity on the internet. In this journey, we constantly struggle in providing the best knowledge and education about the internet and its dark side to everyone associated with us. There are certain guidelines that we encourage people to follow. These guidelines are the culmination of personal experiences and general practices that the security community suggests to everyone out there. This is going to be a long article. but its necessary
Install an Ad-Blocker
An Ad-blocker is an extension to the web browser of your choice that stops advertisements from being shown on web pages. Unfortunately, most internet companies make money via advertising and hence certain webpages may not load due to presence of an ad-blocker. However you can allow some pages to show ads. Ad-Blockers are useful in blocking what are known as malvertising ads which instigate a user to click on a link that in turn downloads a malicious file on your system or might be an accessory to exploit your system and installed unwanted software.
- AdBlock Plus
- uBlock Origin
Disable use of flash
Just as malicious advertisements are a vector of infection to your computer, so is certain content provided via the adobe flash player. Adobe flash player by itself is not malicious, but it is the vulnerabilities triggered in adobe flash player that cause the most harm to your browser. Installing an extension that disables auto playback of Flash content on your browser makes sure you are only loading content that you explicitly want to see.
- Flash Block (Plus)
Download software from the original authors and producers of software
For example, do not download MS office from any other source than microsoft.com. It is unconditionally necessary that you use only genuine software downloaded from official websites only. This is one of the primary reasons for infectious activity on your system, where a third party application is downloaded from questionable sources and it is given access to your data. Many new developments have been made where malware infects your device by installing random third party applications on your system and breaks out information about your personal life. The attacks include everything from having access to your passwords, your confidential data to gaining access to your webcam and other personal devices. This is a serious breach to one’s personal life and can be avoided easily by opting for genuine software from genuine sources
Don’t share location on social media
There have been incidences wherein a physical attack has been orchestrated after information is gathered about a person via their online profile. Telling the world that you and your family are out of town is a nice opportunity for thieves to ransack your house and steal valuables. Always think about how information that you share can be misused by someone else, since one you share something, it’s on the internet forever.
Using unique password for each site. Use a password manager.
One of the most important ways to be safe on the web today is to use a unique password for every website that we visit. This reduces the risk of any other website being hacked that you are associated with. One of the most efficient ways to ensure the security and uniqueness of your password is the use of a password manager. This ensures your password is always kept in an encrypted space and can be accessed by one user only.
Use two factor authentication on all sites that support it
This is one extremely efficient way to stay protected over the internet, related to any password operated sites. This is being mandatory by many banks and mail providing companies where your account is protected by a two factor or multi-factor access. The user gets complete control over the access of his/her private account and the access is restricted based on information provided to the authentication mechanism. This can be associated with various other sites or applications depending on the availability or compatibility of this feature.
- Google Authenticator
- Duo Mobile
Use phrases instead of passwords
Passwords can be easily generated and that much it equally easier for all your accounts to be hacked or malicious people on the internet can get easy access to sensitive data over our system. Hence, It is very important that we always keep our password updated. One way to ensure we remember this password is the use of a password manager as suggested in our section above. One efficient way of doing this is by using a phrase instead of using easy passwords like our names or date of birth. We can also ensure the password is strong by using an alpha-numeric password supported by special characters.
Use a separate browser/operating system for online banking/sensitive activities.
The digitization of banking or any financial transaction done over the internet has brought in a major change in the technological development of the people and along with it the risk of online fraud or theft. There is an abundance of the means by which anyone can get access to your online financial belongings and commit fraud or theft by the accessing this data. We can ensure that this can be protected and safe online banking can be done by various measures, one being that we can use a separate browser
Do not type your PII(Personally Identifiable Information) in a public forum.
The easy accessibility of data has made it extremely easy for anyone to misuse this information and cause harm in the process. One should be extremely careful in giving out personal information on social or a public platform. This helps anyone who tends to cause harm to take this information and use it according to his pleasure. We strongly urge everyone, until possible to not give your personal information on a public platform as it can increase overall risk. On a more broader understanding of this threat, your personal information can be misused by masquerading as you. This can involve making duplicates of your identity cards, cloning sim cards to obtain OTP for bank transactions and even receiving payments in your name
Create a separate email account and use only that for registering on social media
Our mail contains various details about our personal as well as professional life. We use the same mail to access various social media accounts. Thus anyone with access to your email has access to your social media accounts. Hence, it is a safe option to create a separate mail id just to be used for your social media applications which does not give out sensitive information about your personal or professional life.
For Individuals at risk (Journalists, Persons of Interest, etc…)
Use end-to-end email encryption
end-to-end encryption is similar to the kind of encryption offered by WhatsApp for its messaging services. We are going to suggest two methods for setting up your own secure email channels
PGP is short for Pretty Good Privacy. It is a mechanism wherein contents of an email message can be securely transmitted from one person to another. The security primitives ensure that as long as the keys used to encrypt an email are not compromised, the confidentiality of the email message is guaranteed. There are various guides for setting up PGP. The process can be daunting and has known problems. PGP is not immune to downgrade attacks and requires an expert to be setup correctly.
ProtonMail is a partly open-source end-to-end encrypted email service founded in 2013 at the CERN research facility. ProtonMail encrypts email locally before sending it to protect email contents and user data, in contrast to other common email providers such as Gmail and Hotmail. The service can be accessed through a webmail client or dedicated iOS and Android app.
Use full disk encryption for all your devices
The data generated by professional individuals is as important as the assets of any company and this data is always at risk of being hijacked or altered, a theft of your devices opens you up to various risks. in some cases, information being held by you may be of an ongoing investigation or may be sensitive in nature. Full disk encryption ensures that access to your local disk does not give access to your data. This ensures data security post theft. It is also important to know that a strong non-guessable passwords has to be used while using full disk encryption.
Use passcodes vs fingerprint locking
Passcodes are information you know rather that information you have, we leave fingerprints everywhere on a day to day basis, and if you are in a profession that faces a higher level of security risk than an average human being, it has to be known that the fingerprint is one of the most easiest items to get, humans leave fingerprints everywhere and it has been demonstrated time and again how these could be bad for individuals with higher risk profiles
Use a VPN service always
If you are an individual with a higher degree of risk than normal, setup a private VPN server and use it for all communications especially when in untrusted environments like airports, cafes, public WiFi zones. While this does not mean that your home connection is secure, it ensures a level of privacy against prying eyes and makes it difficult for an attacker to trick you into putting your password on fake login pages or show you warnings that make you reveal information.
- Private VPN Server
- Tunnel Bear
Apart from everything that applies to individuals, Companies are responsible for more than one person. Here are some things every company that is serious about cyber safety needs to do
Monitor, record and archive everything
A company faces a higher risk profile than a single individual since all it requires for someone to compromise your company is one human being that may be naive and gullible with regards to use of computer resources. The most useful tool incase of a company data breach is the ability to rewind the clock and understand what happened on the company network. This is akin to depending on CCTV footage when a theft happens in real life. A well working monitoring solution will allow you to find the moment the compromise occurred on the company network but more importantly will let you know how the breach spread through the network. We have previously seen cases wherein employees have sent confidential emails to their personal e-mail accounts and stolen data from a workplace. a monitoring solution turns the leverage to the employer which can be invaluable.
Don’t use cheap hosting
Most businesses that have an online presence make use of web hosting services provided by their web developer. The web developers are good at developing great looking websites, but more often than not compromise for security and reliability for cost and reduced quality of service. It is easy to fall into cheap hosting offers for your online presence, but with reduced cost comes increased risk. Cheap hosting services are cheap because time and effort is not spent in keeping them up to date and patching them against security vulnerabilities. Ask your web developers for a update plan and the update cycle for the software that powers your business online.
Keep revertible backups
There has been a notion of taking daily or weekly data backups for a while now. While a lot of people accept the importance of taking a backup, very few or none of them understand that these backups need to be apply friendly, A backup is only as good as its efficacy in reverting to the backup. Data mirroring backups are not backups at all, if your primary data source is corrupted. so is the mirror, and the whole point of a backup is lost, data revert needs to be painless and quick with guarantees in the maximum loss to a business. Next time when you think of a data backup automation solution, be sure that the backups are accessible and usable in a timely and efficient manner.
We are currently in the process of planning a hands on session to setup the above mentioned, If you would like to be a part of this session or would like to be a host for this session. Leave a comment, send an email to firstname.lastname@example.org