10 Tips for More Cyber Security – Secure Passwords, Encryption, and More
Every day I move through the world of the internet as naturally as if it were my living room. Normally, nothing happens to me. What should happen, you ask? The dangers I am talking about are not visible and often we do not even notice them when imminent. But they are there, in this cyber world, which has become so familiar to us. Phishing, malware, leaked account details on the internet, or data theft all have the potential to spoil your breakfast.
To make sure this does not happen to you, I collected 10 tips fory you that are easy to realize and will make a real difference for your cyber security. For some of these tips you do not even have to become active. Knowledge and caution already make a big difference. Apart from this you should consider applying two things from the list right after reading. Yes, I know that procrastination is great. But good cyber security is even greater.
1. Be Careful with Email Attachments
This advice is not very surprising and has already been covered in detail on our blog. But, we cannot stress the importance of this enough, since viruses are still mostly spread via email. In February, the ransomware Locky at times infected around 2700 devices per hour. Do not open any attachments which you do not anticipate explicitly, or whose origin is not a 100% clear. It is not enough to know the sender. You have to be absolutely sure that this specific attachment was sent by this person. If you are not sure, call or text this person. Better be safe than sorry.
Read more about dangerous email attachments here.
2. Protect your Smartphone, Tablet and Computer with a PIN
By adding a PIN to access your device you protect your accounts and passwords in case of theft. Your WhatsApp conversations and photo galleries are nobody’s business. Last year, a teacher in the US lost her job, because a student took her phone, found nude pictures of her, and shared them on social media. This wouldn’t have happened if her phone had been locked by PIN. Make sure to clean your display regularly, as well, because the entry pattern could be visible from fingerprints and swiping movements. In the next point you will find more arguments, why the theft of your phone can be disastrous nowadays, if it is not locked.
3. Don’t Leave Your Laptop Unattended in Public
When you use your laptop in public, this is a very important point. Many of us are not only working at home or at an office anymore. Some work when commuting on public transport, at the university’s library or in coffee shops. It can be tempting to leave your laptop unattended just for a short time, to get a coffee refill or a book from the shelf.
Always keep in mind that a theft does not only mean the loss of your device. Many users do not always logout of their social media accounts, or store their passwords for online stores, email programs, or even online banking. The thief could access all these accounts. Take a moment to think about what a stranger could find out about you, and what he could do if he has your laptop.
4. Antivirus Programs
This point is a little controversial. Do you really need an antivirus program? Even specialists start doubting their benefits. They argue that these programs are only helpful when dealing with familiar malware – and even this is not guaranteed. Computerworld points out the short lifespan of viruses, by the time they are detected they often do not really circulate anymore. The recent cases of ransomware passed antivirus programs without trouble. More important than antivirus programs are regular updates, an up-to-date operating system and a responsible handling of everything concerning the internet. Stay away from shady websites and do not open unknown email attachments. You yourself are the best antivirus program.
Read more here.
5. Encrypted Data Transfer
Emails, chats and file transfer should be encrypted so that nobody can intercept any information. There are email programs that encrypt your emails with end-to-end, for example ProtonMail from Switzerland. TheHackerNews provides a very good overview of their program. The good news for over a billion WhatsApp users is that from now on, all messages are encrypted, too. However, metadata and phone numbers from your address book are still uploaded to their servers.
To send files up to 12 MB you can use the new file transfer service Whisply. The sender needs access to either Dropbox, Google Drive, or OneDrive, the receiver doesn’t. The file transfer service is user-friendly and protected with end-to-end encryption.
6. Protect Your Data in the Cloud
Cloud storage providers, such as Dropbox, Google Drive, or OneDrive gain more and more popularity. Data can be stored in the cloud and it can be accessed from anywhere, and shared with others. Dropbox counts more than 400 million users by now. Many cloud providers offer a certain amount of storage for free. However, you should be aware of some privacy risks. Many providers, especially when their servers are located in the US, are problematic in terms of data privacy. You can resolve this problem by using an additional encryption solution on “zero knowledge” basis.
Here is a comparison of the most popular cloud providers.
7. Backups and Protection Against Ransomware
Let’s stay with the topic of clouds for a minute. It is important to back up your files regularly to avoid irrevocable data loss. You can either store your data on external hard drives, USB drives, or in the cloud. A major advantage of the cloud is the guarantee of the physical safety of your data. Hard drives, on the other hand, can break. (The author speaks from her own experience. Maybe “Handle your devices with care” should be a point on the list, too.) However, as mentioned in 6., keep your data safe with an independent encryption solution with „zero knowledge“ standard, such as Boxcryptor.
Another important argument for backups are the recent ransomware attacks. When your computer is infected with one of those Trojans or viruses, all, or part of your data, will be encrypted and not usable anymore. A notification will pop up, asking you to pay a ransom in bitcoins. This form of blackmail in most cases cannot be stopped by antivirus programs, because the malware always circulates in several versions that are changed frequently.
However, you can protect yourself by making regular backups. If you have backups of the encrypted data you can just delete the infected files and use the uninfected backup files. In this scenario, another huge advantage of a cloud stroage comes into effect: Usually, the cloud provider will have a history of the files stored on its' servers - this allows you to simply undo an encryption attack by an attacker, by restoring an older version of the respective file.
8. Secure Passwords
This is a crucial point in cyber security, one that you probably have heard a thousand times. Still, everybody knows it, but nobody seems to follow it. The 3. Point in this list showed what can happen, when your laptop is stolen and somebody gains unwanted access. Now imagine somebody figures out your Amazon password. That’s not good. But it is even worse, when you use the same password for Facebook and your email account. Especially your email account should be protected with a strong password, because with access to your email others have the power to change your passwords.
Ideally, you will immediately change at least one weak password after reading this list. A good trick for strong passwords is to think of a sentence and use the initial letters of each word as a password. You can easily remember it, but for outsiders it is incomprehensible. Think of a sentence which contains some digits, too. “I love Boxcryptor and use it on 2 devices” turns into “IlBauio2d”. Let your imagination fly, but don’t forget the sentence. Write down your passwords and store them at a safe location, in case you have difficulties remembering a password.
My colleagues here at Boxcryptor and I, we are making use of a password manager (e.g. LastPass or 1Password). This Software stores all of your passwords, usernames and login-URLs in your secure account. These tools make the log-in process a piece of cake. Our human brain only has to remember one password (the one for the log-in to your password manager). All other passwords may be as complex and confusing as possible, because you won't have to remember them - your password manager does it for you.
9. Security Awareness in Public WIFI
Only use websites with https:// protocol, not with http:// when you are surfing in public WIFI, because the connection with https:// is encrypted. However, avoid using your email program or other accounts containing personal and important information. Deactivate automatic synchronization of your email. If you don’t, your mails will be loaded in the background as soon as you log into WIFI. It can happen that somebody who is snooping around knows the content of your emails before you do. Without proper security measures other users with a little knowhow will be able to read along with you, whatever you see on your screen.
Read more here.
10. Sensitivity and Awareness
The first step towards more cyber security is being aware of potential security risks. I hope this list was helpful for that. In most cases, cyber security means to pass on some offers in certain contexts. In other cases, it means to put in a little more effort. However, this effort is worth it, even if you will not actually notice the benefits it brings. Why? Because the outcome of good cyber security is that nothing happens.
If you are aware of the dangers that come with careless and thoughtless behaviour online, you are making the first step into the right direction.