These past few days two major alarms were set off. One by Mathy Vanhoef who demonstrated how basically every wifi-enabled device could be compromised and second one concerns Adobe’s infamous flash software. A bit earlier this year we had the infamous WannaCry ransomware attack.
But these are just the tip of the iceberg, the ones that are visible. We have a lot more malware, threats or vulnerabilities being exploited every single day. Cybercrime is serious and can do a lot of damage as well as cost a lot of money to both an individual or an organization. According to the Guardian, 1 out of every 10 people in England and Wales are victims of cybercrime. Juniper Research reports that by 2019, losses due to cybercrime is projected to be as high as $2 billion.
Now, not all system are equal and not all system are similarly exposed, though at some level every system is vulnerable, even the mighty Linux. The most exposed are the Internet of Things devices followed by the very fragmented Android ecosystem (most of the devices do not run the latest version nor gets the latest updates). If you have any of the two, exert some caution. Using a simple and accessible search engine like shodan.io, a person can identify vulnerable IoT devices connected to the internet.
Linux systems have a strong community ready to provide support; Microsoft and Apple treat security seriously and provides with patches and updates at a fair pace. Remember what I said though, no system is fully secure and anything connected to the internet will be vulnerable at some point, which leads us to the following: “What can I do to minimise the risk of compromising the privacy/security at an individual level or for my organization?”
Here are a few practical steps I recommend:
Use a VPN
A virtual private network is common to those familiar with security. A VPN will allow you to surf the web in more privacy(think of it like a private tunnel of communication). VPN has been gaining traction over the years with many firms now offering it as a service. Most VPNs will cost you some money. NordVPN and PUREVPN are among a few that PCMag recommends in 2017. However, If you are an individual and you want to try a VPN but do not want to spend some cash then download Opera Mini. Opera Mini comes with its own integrated free VPN that is easy to use.
Look out for HTTPS
Using HTTPS-enabled website means that the information you type and send through the website is encrypted. NEVER EVER input any password or sensitive information if you do not see https. I also recommend the installation of an extension called HTTPS everywhere.
No online transaction over unknown or public wifi
Avoid using anything that involves money over Public wifi or any wifi that is not yours for that matter! Instead, I would recommend you to use Mobile data next time that you have to access PayPal or eBay or MCBJuice. I advise against accessing those over public wifi that you find at Caudan or the University of Mauritius.
Unknown USB & Email attachments
Exert caution over unknown USB drives and unsolicited email attachments. Do not connect any USB you find on your main machine that contains precious information. The same advice also extends to email attachments.
Please please pleeease don’t be dumb with passwords
Don’t use common passwords such as the one in the following list. Do not use the same password everywhere, instead use complex and different ones. It can be difficult at the beginning I know but it is possible, I assure you that much. Lastly, if your name is Jack and you were born on the second of April, do not use predictable passwords like Jack24 or Jack0204 or Jack_02_04 (you get the idea).
That’s it for me and hope you enjoyed the information. Feel free to contribute further and add some of your best practices if I missed.