Published on August 8th, 2016 📆 | 4164 Views ⚑
0The ultimate Guide to Not Getting Hacked
https://www.ispeech.org
The internet can sometimes be a scary place, where hackers steal hundreds of millions of passwords in one swoop, or cause large-scale blackouts. The future is probably not going to get better, with real-life disasters caused by internet-connected stuff, smart house robots that could kill you, flying hacker laptops, and the dangers of hackers getting your genetic data.
But hereâs the good news. Thereâs actually no need to be scared. Hacking and data breaches are real, growing dangers, but there are basic steps that can keep you generally safe on the internet, and weâre going to tell you what they are.
There are a few things you need to know before we get into the details of this guide. First, thereâs no perfect security. If someone is really out to hack you, and they have the resources to do so, they will. Second, the most important thing to think about when thinking about staying secure online is something you probably havenât thought about before, and that is what data youâre trying to protect and from whom. In hacking lingo thatâs called âthreat modeling.â
THREAT MODELING
No one security plan is identical to any other. What sort of protections you take all depend on who may try to get into your accounts, or to read your messages.
Is your threat an ex who might want to go through your Facebook account? Then making sure they donât know your password is a start. (Don't share critical passwords with people, no matter who they are; if we're talking Netflix, make sure you neverreuse that password elsewhere.) Are you trying to keep opportunistic doxers from pulling together all different types of personal information on you, such as your birthday, which in turn can be used to find other details? Well, keeping an eye on what sort of stuff you publish publicly on social media would be a good idea. And two-factor authentication (more on that below) would go a long way to thwarting more serious criminals.
But, overestimating your threat can go the other way: if you start using custom operating systems, virtual machines or anything else technical when itâs really not necessary (or you donât know how to use it), you too can suffer. At best, even the most simple tasks might take a while longer; in a worse scenario, you might be lulling yourself into a false sense of security with all sorts of gadgets and gizmos, while overlooking what actually matters to you and your particular threat.
With that in mind, hereâs a few basic things you can do to prevent the most common threats online.
KEEP YOUR APPS UP TO DATE
Probably the most important and basic thing you can do to protect yourself is using up-to-date software. That means using an updated version of whatever operating system youâre using, and updating your apps and software. Bear in mind that you donât necessarily have to use the latest iteration of an operating system, such as, say, Windows 10. (In some cases, even slightly older versions of operating systems get patched. Sorry, thatâs not the case with Windows XP, stop using it!) Whatâs most important is that your OS is still receiving security updates, and that youâre applying them.
So if you come away with one lesson from this guide is: update, update, update, or patch, patch, patch.
Many common cyberattacks take advantage of flaws in outdated software such as old browsers or PDF readers. By keeping everything up to date, you have a way lower chance of becoming a victim of ransomware, for example.
PASSWORDS
We all have too many passwords to remember, which is why people just reuse the same ones over and over. And even though our brains arenât actually that bad at remembering passwords, itâs almost impossible to remember twenty or more unique and strong passwords.
The good news is that the solution to these problem is already out there: password managers. These are apps that keep track of passwords for you, automatically help you create good passwords, and simplify your online life. If you use a manger, all you have to remember is one password, the one that unlocks the vault of your passwords.
Intuitively, you might think itâs unwise to store your passwords on your computer. What if a hacker gets in? Surely itâs better that Iâm keeping them all in my head? Well, not really: for most peopleâs threat models, the risk of a crook taking advantage of a shared password on a website is far greater than some sophisticated hacker dropping a load of super-fancy malware onto your device. Again, itâs all about understanding your own threat model.
So, please, use one of the many password managers out there, thereâs no reason not to do it. It will make youâand the rest of us!âsafer, and itâll even make your life easier.
TWO-FACTOR AUTHENTICATION
Having unique, strong passwords is a great first step, but even those can be stolen. So for your most important accounts (think your main email, your Facebook and Twitter accounts) you might want to add an extra layer of protection known as two-factor (or two-step or 2FA) authentication.
By enabling two-factor youâll need something more than just your password to log into those accounts. Usually, itâs a numerical code sent to your cellphone, or it can be a code created by an ad-hoc app (which is great if your cellphone doesnât have coverage at the time youâre logging in).
Thereâs been a lot of attention recently around how mobile phones may not be suitable as 2FA devices. Activist Deray McKessonâs phone number was hijacked, meaning hackers could then have the extra security codes protecting accounts sent straight to them. And the National Institute of Standards and Technology (NIST), a part of the US government that writes guidelines on rules and measurements, including security, recently discouraged the use of SMS-based 2FA.
The attack on Deray was low tech: It essentially involved getting his phone company to issue a new SIM card to the attackers. It's hard to defend against that, and there are other ways to get those codes sent via SMS, as text messages can, in theory, be intercepted by someone leveraging vulnerabilities in the backbone that carries our conversations. There is also the possibility of using an IMSI-catcher, otherwise known as a Stingray, to sweep up your communications, and verification texts too.
But apart from the trick of getting a new SIM card, these are attacks that are not trivial to pull off, not just because they might requires specific hardware like Stingrays, but also because they are relatively expensive.So, realistically, though, for the vast majority of people, SMS 2FA is still a robust security measure that does what itâs designed to do: add an extra layer on top of your password that might get phished or otherwise stolen.
You could, if the website allows it, use another 2FA option that isnât SMS-based, such as an authentication app on your smartphone (for example, Google Authenticator), or with a physical token like a Yubikey. If that option is available to you, it's great idea to use it. But it would be foolish to disregard SMS 2FA altogether, especially if youâre not under targeted attack.
2FA is a great way to make it nearly impossible for average cybercriminals to break into your most important accounts. You can check out all the services that offer it and how to turn it on here.
DOS & DONâTS
Donât use Flash: Flash is historically one of the most insecure pieces of software thatâs ever been on your computer. Hackers love Flash because itâs had more holes than Swiss cheese. The good news is that a lot of the web has moved away from Flash so you donât really need it anymore to still enjoy a fully-featured and rich browsing experience. So consider purging it from your computer, or at least change the settingson your browser so you have to click to run Flash each time.
Do use antivirus: Yes, youâve heard this before. But itâs still (generally) true. Antiviruses are actually, and ironically, full of security holes, but if youâre not a person whoâs at risk of getting targeted by nation-state hackers or pretty advanced criminals, having antivirus is still a good idea. Still, itâs far from a panacea, and in 2016 you need more than that to be secure.
[adsense size='1']
Do use some simple security plugins: Sometimes, all a hacker needs to pwn you is to get you to the right websiteâone laden with malware. Thatâs why itâs worth using some simple, install-and-forget-about-it plugins such as adblockers, which protect you from malvertising threats presented by the shadier sites you may wander across on the web.
Another useful plugin is HTTPS Everywhere, which forces your connection to be encrypted (when the site supports it). This wonât save you if the website youâre going to has malware on it, but in some cases, it helps prevent hackers from redirecting you to fake versions of that site (if thereâs an encrypted one available), and will generally protect against attackers trying to tamper with your connection to the legitimate one.
Do use VPNs: If youâre using the internet in a public space, be it a Starbucks, an airport, or even an Airbnb apartment, you are sharing it with people you donât know. And if some hacker is on your same network, they can mess up with your connection and potentially your computer.
Donât overexpose yourself for no reason: People love to share pretty much everything about their lives on social media. But please, we beg you, don't tweet a picture of your credit card, for example. More generally, itâs a good mindset to realise that a post on social media is often a post to anyone on the internet who can be bothered to check your profile, even if it's guessing your home address through your running routes on a site like Strava, a social network for runners and cyclists.
Personal information such as your home address or high school (and mascot, which is a Google away) can then be used to find more information via social engineeringschemes. The more personal information an attacker has, the more likely they are to gain access to one of your accounts. With that in mind, maybe consider increasing the privacy settings on some of your accounts too.
[adsense size='1']
Donât open attachments without precautions: For decades, cybercriminals have hidden malware inside attachments such as Word docs or PDFs. Antiviruses sometimes stop those threats, but itâs better to just use commons sense: donât open attachments (or click on links) from people you donât know, or that you werenât expecting. And if you really want to do that, use precautions, like opening the attachments within Chrome (without downloading the files). Even better, save the file to Google Drive, and then open it within Drive, which is even safer because then the file is being opened by Google and not your computer.
Do disable macros: Hackers can use Microsoft Office macros inside documents to spread malware to your computer. Itâs an old trick, but itâs back in vogue to spread ransomware. Disable them!
Do back up files: Weâre not breaking any news here, but if youâre worried about hackers destroying or locking your files (such as with ransomware), then you need to back them up. Ideally, do it while youâre disconnected to the network to an external hard drive so that even if you get ransomware, the backup wonât get infected.
Your life needn't be the above-pictured cyberhell. Most hacks are opportunistic, and these basic precautions go a long way toward securing yourself. Image: Shutterstock
GO OUT THERE AND BE SAFE
That is all for now. Again, this is just meant to be a basic guide for average computer users. So if youâre a human rights activist working in a dangerous country or a war zone, or an organization building IT infrastructure on the fly, this is certainly not enough, and youâll need more precautions.
But these are common sense essential tips that everyone should know about.
Of course, some readers will leap at the chance to point out everything that may have been missing from this guide, and weâd like to hear your feedback. Security is a constantly changing world, and whatâs good advice today might not be good advice tomorrow, so our goal is to keep this guide updated somewhat regularly, so, please, do reach out if you think we have something wrong or missing something.
And remember, always be vigilant!
Gloss