How to become a guru of cybersecurity
Technologies / / December 19, 2019
If you do not care much about network security, be prepared for the fact that once your passport or CCV-code of your card in the hands of fraudsters. And it is better to prevent than to deal with the consequences.
Anton Kardan
The head of information security companies in the sector AT Consulting.
scale of the problem
The digital world is closely entwined with our daily lives: we have long communicate, learn, work, shop online. But if you care about security in offline perceived as something natural, that the rules of behavior in the network abide by no means all.
Above all we must clearly understand the extent of possible tragedy. Many people casually refer to Internet safety, thinking, "Who may need my smartphone, I have there only pictures and book of contacts." So here's what you can learn about the hackers gained access to a telephone or a computer:
- Photos, videos, and other content (even if it is stored in the cloud).
- Information about the documents: passport, insurance policy, tickets and so on. This is especially true if you store them in a digital copy of the "VKarmane" applications, Wallet or in the folder "Photo".
- Financial information including CVV your card, account movements, late payments.
- Everything that happens in all your social networks (hacking account "VKontakte", incidentally, is among the top most expensive hacker Service) and email, access to a message attachment, and confidential corporate and personal correspondence.
- Data geolocation, microphone and camera.
Password - a godsend for a spy
A compromised or weak password - the second most popular hacker hack (according to research company BalabitBalabit: TOP-10 most popular hacker methods). However, from year to year on the list, we can see the most popular passwords classic qwerty, 12345 or even just password.
Sometimes the opposite situation: a man invents a super-long and complex password and use it in all of its accounts: social networks, forums, online stores, personal offices of banks. Now, when each of us is registered in at least ten different online services, a single password is the key to the whole of human life and could harm her.
Preventive measures:
- Specifies the password complexity based on the fact, which account he leads. It is obvious that the safety of online banking more priority than the account at the amateur online.
- Secure password is at least eight characters, and meets the following requirements: the availability of capital and lowercase letters (agRZhtj), special characters and numbers (% @ # $ *!). Password of 14 characters there are 814 trillion (!) Selection of combinations. Check how long it takes for hackers to crack your password, please visit howsecureismypassword.net.
- Do not use common words or personal information, which is readily available from public sources: birthdays, nicknames pets, company name or university, your nickname, and the like. For example, your password 19071089where 1989 - year of birth, and 0710 - the number and the month is not so reliable as it seems at first glance. You can write the name of a favorite song or a line from a poem in a different layout. For example, ChaykovskiyLebedinoeozero → XfqrjdcrbqKt, tlbyjtjpthj.
- Critical services protect one-time passwords. To do this, you can download the application controllers that they generate, such as KeePass and 1Password. Or use two-factor authentication, where each entry in the account will need to confirm one-time code from the SMS.
social networks
Broad public Wi-Fi-network helps people in big cities to reduce the costs for mobile Internet. It is now rare to find a place with no icon Free Wi-Fi. Public transportation, parks, shops, cafes, beauty salons and other urban spaces has long provided its visitors free internet. But even in his favorite spot checked you can run into a hacker.
Preventive measures:
- Watch out for the name Wi-Fi-point: the name of the authorized network usually describes a place where you are, for example MT_FREE in Moscow transport. In addition, the official network always requires authorization from a browser, or a one-time SMS code.
- Disable automatic network connection on your phone and laptop - so you'll reduce the risk of catching a fake access point.
- If you like to work from a coffee shop or often go on business trips, to transfer money to online banking, use a VPN-connection (virtual private network). Thanks to him, all your traffic passes through the network as if in a cloak of invisibility, it is very difficult to decipher. The subscription cost for this service usually does not exceed 300 rubles per month, there are free offers, for example at the HotSpot Shield or ProXPN.
- Use HTTPS secure connection protocol. Many sites such as Facebook, "Wikipedia», Google, eBay automatically support it (take a look: in the address bar the name of the site is highlighted in green, and nearby there is a lock icon). For Chrome browser, Opera and FireFox, you can download a special extension HTTPS Everywhere. DownloadQR-CodeHTTPS EverywhereDeveloper: www.eff.org
Price: 0
DownloadQR-CodeHTTPS EverywhereDeveloper: efforgPrice: Free
DownloadQR-CodeHTTPS Everywhereot EFF TechnologistsDeveloper: developer
Price: Free
Applications: trust but verify
The recent turbulence surrounding the Chinese applications Meitu, Is accused of stealing personal data, once again reminded of how important it is to monitor the download to your smart phone applications. Seriously consider whether you are willing to risk their safety for the likes under the photo with the new filter.
By the way, to spy on the users can be even paid apps: while software code is not open, to understand what it is doing in reality, it is problematic enough. With regard to data that may become available because of the programs it any actions and information that is on the device: telephone conversations, SMS or data geolocation.
Preventive measures:
- Download apps only from official stores (App Store, Google Play) and famous brands.
- Check the information on the application, the developer, user reviews, update history.
- Before downloading always check the list of services to which access is requested the application and confirm that it on the adequacy of: application for processing photos might need a camera, but the toy arcade - unlikely Is.
Phishing - a worm for particularly gullible fish
Increasingly, attacks on a particular person becomes a springboard for hackers to more valuable data - corporate information. The most effective and popular acceptance of cheating unsuspecting users - phishing (sending fraudulent emails with links to resources false). To avoid becoming the main culprit of the leak of corporate information and a candidate for dismissal for failure to comply with safety rules, be careful how and what you do in the workplace.
Preventive measures:
- Know and comply with the privacy policy and the security company in which you work, and the procedure for its violation. For example, who to ask for help in case you lose your password by email or corporate system.
- Lock your workstation unused hot keys Ctrl + Alt + Del or Win + L for Windows.
- Do not open attachments from unknown addresses letters with suspicious content. Clear signs of phishing - impact on the emotions ( "Your account has been blocked, please confirm your details') and hidden hyperlinks or address. In order not to fall for the bait of an intruder, do not download suspicious attachments (genuine and important documents has never given the name "Report" or Zayavka), check the appearance of the letters (logo, structure, spelling mistakes) and links (if they are sewn in the text leads to a site, the length of the suspicious links).