How to protect your data from attacks in the virtual world

  • Yasir Altaf Zargar
  • Publish Date: Jul 3 2018 7:48PM
  • |
  • Updated Date: Jul 3 2018 7:48PM
How to protect your data from attacks in the virtual world

Human life is turning out to be dependent on the internet. Nowadays, the withdrawal of cash, home-based banking (Net Banking), shopping on an internet enabled smartphone (e-shopping) and the speed of the processes makes our life easy and comfortable, but dependent on the internet.

With the systematic enhancements in the technology, life has dramatically become a slave to new inventions. This has become a prime concern and the questions regarding the privacy of an individual have become a core issue. Thus the concept of internet security takes birth, with internet security being broadly defined as “the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorised access.”

What would happen if a malicious or an un-authorised person takes control over networks that have virtual connections with traffic signals and many other devices like our computers and mobile phones that we use to upload our precious information? It is precisely here that the idea of “internet security” takes precedence.

With the failure of conventional security techniques and growing internet attacks all over the world, many nations including the US, China, Iran, Pakistan and India, among others, have started working on tactics meant to improve security layers and to prevent unauthorised attackers from intruding in any network or any website.

The growing internet related attacks justified the dire need of improving security protocols for devices that are remotely connected and to provide security for the privacy of individuals, organisations and institutions. Thus the concept of “ethical hacking” takes birth. Contrarily, unauthorised attackers known as “black hat hackers” follow the path of destruction by hacking either for a political or financial agenda or have some other motives behind any attack. 

The term “hacking” is a prime concern in future where things could be remotely connected and handled from any part of the world with one click. This term could be the biggest challenge to the “internet of things”. The term “internet of things” is not only a concept of advancing technological tools but a concept of controlling any device at any place around the world remotely. It represents a vision in which the internet extends into the real world, embracing everyday objects we use.

The smartphone that we use today has been designed to make the world interconnected, as “smart” technology teaches us. However, a smartphone could get hacked. The growing exploitation of such devices proves that the regular security protocols need to be followed. This will help us make ourselves secure from internet attacks.

If hackers want to target a particular company, for example, they can find vast amounts of information on that company just by searching the web. They can then use that information to exploit weaknesses in the company’s network security, which in turn puts the data you have entrusted to that company in jeopardy. 

Think of your home computer as a company. What can you do to protect it against hackers? Instead of sitting back and waiting to get infected, why not get trained and fight back?

Keep in mind that a hacker can attack any person. They can do anything depending on their intentions. They could get your Facebook details, publicly expose your private pictures or could post anything unwanted or unlawful. They can take your bank details, can change password of your any online account, and can put backdoors running in the background of your system. 

Here are some safety/security precautions that would be helpful in securing yourself from any internet attack.

 

Never click on a link you did not expect to receive (Phishing Attack)

Sometimes you receive mails that you did not expect to receive. This is an old and an easy way of hacking anyone’s bank account or any social networking account. This attack is known as a “phishing attack”. Through this attack an attacker sends a malicious link to any victim and pushes him to enter their precious details. The hacker then uses tricky measures while performing this attack. That is why if a person checks his spam box he would see hundreds of such mails filled with malicious links. Moreover, we see mails like “you have won 10,000 USD”, click below on the link and withdraw them into your account. Such mails are simply phishing mails. 

As such, never click on any link that you are not expecting to receive. Even if you are opening any such link never ever put your precious data into it like Facebook username and password or your e-banking details. Try to practice smart surfing and emailing.

 

Use different passwords on different sites

A common problem among internet users is that they use common password on social networking websites. With data breaches occurring almost daily, if you are using the same username and passwords on most of your online accounts, it is a walk in the park for someone to start using your Facebook account, Twitter or any of the social networking account. This will help any hacker to breach into your other accounts if he gets information of one.

 

Try to use alpha-numeric passwords with upper and lowercase combination on online accounts

This is one of the main security measures. Through this an attacker would never be able to hack anyone’s account by “brute” force. You should follow the combination which would be hard to guess. Most common websites with high web security prefer to use combination of alpha-numeric passwords with upper and lower case combination.

 

Never download attachments received from strangers

Viruses/malware are often spread via attachments on emails, so if you don’t know the sender who sent you an attachment, do not try to open it.   Never open attachments that end with an extension “EXE”. The same is true of links. Even if it looks like a safe link, it may lead you to somewhere you weren’t expecting.

 

If you’re doing online banking, follow bank’s security recommendations

Many banks will recommend adding a piece of software (security software) or antivirus which guards against hackers. Scan your computer using that software that allows you to detect viruses. Do it. That will give your account maximum protection. For example, HSBC uses a programme called Rapport. Only complete online transactions where the URL starts with ‘https’ and not just ‘http’. The “S” stands for secure. Don’t do internet banking on computers that may be infected by a virus or a Trojan. Always remember your bank will never ask for your login details via email, text or phone. They do not need at all. 

 

Banks will never pay you without any reason

It is the holy truth that no bank would like to pay you hundreds of dollars without knowing your identity. People receive scam calls habitually that in the internet (computing) language we call “vishing”. Through these calls an attacker asks about your banking details or any social network account information. They manipulate your mind by using social engineering tricks. They try to pretend that they are either your friend or your boss. It happened with many persons in Kashmir. People were asked to disclose their banking details/net-banking as they were told that the company (fake) wants to gift some money or anything. That was a social engineering trick to get your information from you. Be aware of such phone calls, messages and emails.

 

Do not use open Wi-Fi connections

The problem with most Wi-Fi hotspots is that they do not encrypt information and once a piece of data leaves your device headed for a web destination, it is “in the clear” as it transfers through the air on the wireless network, says Symantec’s Sian John. “That means any ‘packet sniffer’ (a program that can intercept data) or a malicious individual who is sitting in a public destination with a piece of software that searches for data being transferred on a Wi-Fi network can intercept your unencrypted data. If you choose to bank online on a public Wi-Fi network, it is not a good idea since that is very sensitive data you are transferring. Preferably you should either try encryption [software], or only use public Wi-Fi for data that is not sensitive even if it is public – and that shouldn’t include social network passwords.”

 

Don’t store your card details/debit card or net-banking details on websites

Mass data security breaches (where credit card details are stolen en masse) aren’t common, but why take the risk? It takes extra 90 seconds to enter details. This small time is a price to get secured. 

You should be aware about the common data breaches happening to any company that leads to expose of your precious data would include your bank account details, credit card/debit card details or your net-banking access.

 

Secure your Facebook account

Since Facebook announced that they would allow users to promote their posts, pages, or accounts which involve adding your credit card/debit card access to the Facebook database, this may be the prime reason that a hacker may target you. For this people should follow the recommendations provided by the Facebook Team and update their accounts regularly. Facebook updates its timeline and privacy settings regularly, so it is wise to monitor your profile regularly, particularly if Facebook has announced that they have done a change in their database or in the design. 

Firstly, in the privacy settings menu, under “who can see my stuff?” change this to “friends” (be warned: setting this to “friends of friends”). Also in privacy, setting “limit old posts” applies friends-only sharing to past as well as future posts. Thirdly, disable the ability of other search engines to link to your timeline.

You should also review the activity log, which shows your entire history of posts and allows you to check who can see your posts, photos or videos. Similarly, you should look at your photo albums and check you’re happy with the sharing settings for each album. In the future you may want to consider building “lists” – subsets of friends, such as close friends and family, who you might want to share toddler photographs with.

Also, remove your home address, phone number, date of birth and any other information or simply try the option visible to “Only Me”. That info if publicly visible would be used to fake your identity. Similarly you might want to delete or edit your “likes” and “groups” – the more hackers know about you, the more convincing a phishing email they can spam you with. Facebook apps often share your data, so delete any you don’t use or don’t remember installing. Finally, use the “view as” tool to check what the public or even a particular individual can see on your profile, continue to “edit” and adjust to taste. If this all sounds rather tedious, you just might prefer to permanently delete your account.

Recently, you might have heard about Facebook- Cambridge Analytica scam. In fact, it is reality that they had not breached any of the Facebook servers. But still they managed to get the data of 50 million users. Actually, what happened, a Cambridge psychologist Aleksandr Kogan approached researcher Michal Kosinski to get Facebook users data, which he had collected using a simple ‘online personality quiz’ app that requires users to log in using Facebook to participate. Always remain vigilant whenever you try to use any app provided to you either by any company or by any user.

 

 Don’t link your social networking account to third party websites

If you want to comment on an article or you want to buy anything from any website or you want to sign-up and you’re prompted to sign in with Twitter or Facebook, do not go behind the door. “Linking accounts allows services to acquire a staggering amount of personal information”. Try to use secure login. It takes 60 seconds more to sign-up on any website. Preferably, if you are doing that then consider you are almost secure.

Use a firewall, anti-virus programme and anti-spyware programme, update them regularly

You can use Windows’ own firewall, or a third-party, such as Norton or McAfee. But make sure you don’t use both as they can interfere with each other.

- A firewall will stop unauthorised people hacking on to your computer.

- Anti-virus programmes will guard your computer from viruses which could destroy your computer.

- Anti-spyware will look out for programmes such as key loggers and Trojans which spy on your computer use in an attempt to learn passwords or account details.

Not only this, but you have to update your anti-virus or your firewall regularly. Viruses are spreading regularly and there are some viruses which encrypt data, hang computers, and decrease the speed. Updating anti-viruses secures your computer from modern day viruses/Trojans/malwares/horse. You might have heard about Ransomware that recently struck the headlines. People were ransomed and were later told to pay for the files which were encrypted by the Ransomware.

“Ransomware is a sophisticated piece of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files unless a ransom is paid. You can call it a data kidnapping malware or an exploit in which the attacker encrypts the victim’s data and demands payment for the decryption key”

 

Remember you’re human and you can do a mistake

Human error is still the most likely reason why you’ll get hacked. Your mistake leads to the exploitation of your device.  A most common trick some hackers use is that they grab information about you by becoming your friend online that helps them to breach your network/device/computer. In fact they do social engineering tricks to breach into your data.

 

Use WPA, WPA2 security with an alpha-numeric password

By disabling the “WPS” (which saves a router from that Wps-Wpa cracker app) option in your router, use WPA2 as a security measure to protect your Wi-Fi from attacks. Use of an alpha-numeric password would be a good way to secure your Wi-Fi router from brute-force attacks.

 

Yasir Altaf Zargar is a Srinagar-based web security analyst. He tweets as @zargaryasir and can be reached at zargaryasir@gmail.com

 

 

 

Box

 

The term “hacking” is a prime concern in future where things could be remotely connected and handled from any part of the world with one click. This term could be the biggest challenge to the “internet of things”. 

 

 

 

The term “internet of things” is not only a concept of advancing technological tools but a concept of controlling any device at any place around the world remotely. It represents a vision in which the internet extends into the real world, embracing everyday objects we use.