How to become a cybersecurity guru

2024 Author: Malcolm Clapton | [email protected]. Last modified: 2023-12-17 03:44

If you don't care too much about network security, be prepared for the fact that one day your passport data or the CCV-code of your card will be in the hands of fraudsters. And it is better to prevent this than to eliminate the consequences.

The scale of the problem

The digital world is closely intertwined with our daily life: we communicate for a long time, study, work, shop online. But if concern for offline safety is perceived as something natural, then not everyone follows the rules of behavior on the Internet.

First of all, one must clearly understand the scale of a possible tragedy. Many people are nonchalant about Internet security, thinking: "Whoever needs my smartphone, I only have photos and a contact book there." So, here's what hackers can find out about you by gaining access to your phone or computer:

• Photos, videos and other content (even if it is stored in the cloud).
• Information about documents: passport, policy, tickets and more. This is especially true if you store digital copies of them in applications such as "VKarmane", Wallet, or even in the "Photos" folder.
• Financial information, including your card CVV, account movements, recent payments.
• Everything that happens in all your social networks (hacking of the VKontakte account, by the way, is one of the top most expensive hacking services) and mail, access to attachments in messages and confidential corporate and personal correspondence.
• Geolocation, microphone and camera data.

Password - a find for a spy

A compromised or weak password is the second most popular hacking method (according to a study by Balabit). Nevertheless, from year to year, in the lists of the most popular passwords, we can see the classic qwerty, 12345, or even just password.

The opposite situation happens: a person comes up with a super-long and complex password and uses it in all his accounts: social networks, forums, online stores, personal bank accounts. Now, when each of us is registered in at least ten different online services, a single password becomes the key to a person's entire life and can greatly harm it.

Preventive measures:

• Determine the complexity of the password based on which account it leads to. Obviously, the security of an Internet bank is more important than an account on an amateur forum.
• A strong password is at least eight characters long and meets the following requirements: uppercase and lowercase letters (agRZhtj), special characters (!% @ # $? *), And numbers. There are 814 trillion (!) Brute-force combinations for a 14-character password. To check how long it will take hackers to crack your password, visit howsecureismypassword.net.
• Do not use common words or personal information that is easily obtained from open sources: birthdays, pet names, company or university name, your nickname, and the like. For example, the password is 19071089, where 1989 is the year of birth, and 0710 is the date and month, not as reliable as it seems at first glance. You can write the title of your favorite song or a line from a poem in a different layout. For example, Tchaikovsky Swan Lake → XfqrjdcrbqKt, tlbyjtjpthj.
• Protect critical services with one-time passwords. To do this, you can download the manager apps that generate them, such as KeePass and 1Password. Or use two-factor authentication, when each login to your account will need to be confirmed with a one-time SMS code.

Public networks

A wide public Wi-Fi network helps residents of large cities to reduce their mobile Internet costs. Nowadays, it's rare to find a place without a Free Wi-Fi badge. Public transport, parks, shops, cafes, beauty salons and other urban spaces have long provided their visitors with free internet. But even in a favorite trusted place, you can run into a hacker.

Preventive measures:

• Keep an eye on the name of the Wi-Fi point: the name of the authorized network usually describes the place where you are, for example MT_FREE in Moscow transport. In addition, the official network always requires authorization via a browser or a one-time SMS code.
• Disable automatic network connection on your phone and laptop - this way you reduce the risk of catching a fake hotspot.
• If you like to work from a cafe or are often on business trips, transfer money in the Internet bank, then use a VPN connection (virtual private network). Thanks to him, all your traffic passes through the network as if in an invisibility cloak, it is very difficult to decipher it. The cost of a subscription to such a service usually does not exceed 300 rubles per month, there are free offers, for example, from HotSpot Shield or ProXPN.
• Use the secure connection protocol HTTPS. Many sites like Facebook, Wikipedia, Google, eBay support it automatically (take a closer look: in the address bar, the name of such a site is highlighted in green, and there is a lock icon next to it). For Chrome, Opera and FireFox browsers, you can download a special HTTPS Everywhere extension. appbox fallback https://chrome.google.com/webstore/detail/gcbommkclmclpchllfjekcdonpmejbdp?hl=en?hl=ru appbox fallback

Applications: trust but verify

The recent hype around the Chinese app Meitu, which was accused of stealing personal data, once again reminded of the importance of keeping track of apps downloaded to your smartphone. Consider seriously whether you are ready to risk your safety for likes under the photo with the new filter.

By the way, even paid applications can spy on users: until the software code is open, it is quite problematic to understand what it does in reality. As for the data that may become available due to such programs, these are any actions and information that is on the device: telephone conversations, SMS or geolocation data.

Preventive measures:

• Download apps only from official stores (App Store, Google Play) and brands you know.
• Check information about the app, developer, user reviews, update history.
• Before downloading, always study the list of services that the application requests access to, and check it for adequacy: an application for photo processing may need a camera, but an arcade toy is unlikely.

Phishing is a worm for especially gullible fish

Increasingly, attacks on a specific person are becoming a springboard for hackers to more valuable data - corporate information. The most effective and popular technique for deceiving gullible users is phishing (sending fraudulent emails with links to false resources). To avoid becoming the main culprit of corporate information leakage and a candidate for dismissal for non-compliance with safety rules, keep track of what and how you do in the workplace.

Preventive measures:

• Know and follow the privacy and security policy of the company you work for and what to do if it is violated. For example, who should be contacted for help in case of loss of password from mail or corporate system.
• Lock your unused workspace with the hotkeys Ctrl + Alt + Del or Win + L for Windows.
• Do not open email attachments from unknown addresses and suspicious content. Obvious signs of phishing are the impact on emotions ("Your account has been blocked, please confirm your details") and hidden hyperlinks or the sender's address. In order not to fall for the bait of an intruder, do not download suspicious attachments (a genuine and important document will never be named "Report" or Zayavka), check the appearance of the letter (logo, structure, spelling errors) and links (whether they are embedded in the text, to which site lead, suspicious link length).