As more and more people are getting connected to and undertaking critical daily activities on the Internet, a lot more risks are emerging posing threats to sensitive and private information we manage online. In the online security chain, however cutting-edge security gadgets we deploy at different layers, a seemingly benign interaction on the Web could lead to devastating outcomes such as loosing our critical credentials and conceiving malware that compromises our devices. The most difficult vulnerability in the online security arena is the human vulnerability which is easily exploited by attackers. By sticking to simple measures and staying ‘reasonably paranoid’ we can significantly raise the bar against attackers and stay more vigilant against manipulations. Although impractical to absolutely quantify, it is repeatedly suggested that most of the attacks can be avoided if people consistently adhere to the following simple but effective measures:
Think Before You Click
Be cautious whenever you click a link on: any page, pop-up dialog, email text, and social media applications. The risk is that after a click, you have lost the control and just because of the single click you did, you might end up with: malware downloaded on your device and steals your credentials, you get redirected to another page with more dangerous attacks, the link you clicked is automatically shared with your friends on social network without you noticing it and hence propagating the infection to your friends, friends of friends, an so on. Clicking on email attachments also requires careful examination even if the email is from someone you know and trust, because the antiviral software of the mail provider may not thwart all attacks (specially the new ones).
Stay Up-to-Date
On a daily basis (if not hourly), the must-to-update list includes antiviral software, operating system, web browser, and browser extensions (e.g., video player, PDF renderer). Most of the current providers, allow doing the updates online and some (e.g. Google Chrome Browser) even allow silent update without bothering you as a user.
Have Strong Password Policy
Passwords should be complex enough to challenge password cracking techniques and memorizable by the owner. A commonly suggested mix requires alphabets (uppercase and lowercase), digits, and special punctuations (e.g., ?, $, &, !) and the length should be eight characters or more. Never imagine using a dictionary word as a password because it is just a piece of cake for password cracker software. Be sure not to use a password that people who know you can guess (e.g., your lover’s name, phone number). Studies show that many people are still using the same (and very obvious) password across multiple websites.
The disaster with this is obvious. Once you lose your password you risk giving a master key to open all the doors you have locked. Under no circumstance, you have to write down your password somewhere or tell it to any other person. There is one more thing to keep your passwords more robust – change your passwords with reasonable frequency and in situations you are suspicious that your password might have been compromised. There is this analogy about passwords and pants which humorously conveys most of the message “Passwords are like pants. You shouldn’t leave them out where people can see them. You should change them regularly. And you shouldn’t loan them out to strangers.”
Be Cautious of What You Publicize about Yourself
The rule of thumb is that you have to limit the amount of personal information you make publicly available on the Internet, especially via social networks. You never know, your basic information(e.g., email address, phone number, location)may be harvested and used in malicious activities such as spam campaigns and phishing scams. Never disclose any confidential, personal or financial information unless and until you can confirm that and request for such information is legitimate. Review your bank, credit card, and credit information frequently for irregularities and report immediately to your bank in case you observe suspicious activities.
Avoid banking or shopping online from public computers (e.g., Internet Cafes) which are likely to be compromised with malware and may have a wrongly configured or unencrypted Wi-Fi connections. Use HTTPs when connecting via Wi-Fi networks to your email, social media and sharing websites. Check the settings and preferences of the applications and websites you are using. Look for the green browser address bar, HTTPS, and recognizable trust marks when you visit websites where you are required to login or share any personal information.
This is a Guest Post written by Birhanu Mekuria Eshete for Tech Talk Africa, Birhanu is an enthusiast of technology in general and ICT in particular. He is currently specializing for my PhD in Cyber-Security with emphasis on analysis and detection of malicious activities on the Web.
Source : techtalkafrica[dot]com
No comments:
Post a Comment