Data, Data, Data.
In 2020 data is one of the most valuable commodities on the planet. Companies want to know everything about you to target highly profitable advertising revenue, hackers want to know everything about you to extort your money. This highlights the importance of keeping your self and your identity safe online. This article will set out a few pointers on how to keep your data as safe as possible.
One of the biggest adversaries to online data safety is convenience. By that I mean, how much easier is it to hit the ‘log in with google’ button instead of supplying all your details to manually register for a website. This, whilst convenient creates issues. Also using google itself may cause some safety concerns. However you need to find a balance between good, evil and convenience. This article is not going to focus on ad-tracking or anoniminity, but more so the safety and security of your data.
Lets talk browsers:
Ok, so browsers are an important first step in to making sure your data is safe. The browser is the portal from your computer to the rest of the web, and needs to be safe and secure. Firstly, any of the major browsers are fine, Chrome, Edge, Firefox. The most important note here, is to ensure it is updated to the latest version, has advertising tracking turned OFF. And although it has been harped on for years, make sure every website you visit is https:// (Secure Hypertext Transfer Protocol) which is indicated by the padlock icon in the address bar. NEVER send any login information or personal information across a HTTP connection that is not secured. This is extremely easy for hackers to intercept. If you are using the old versions of Internet Explorer E.g IE11, stop now. They are full of security holes. Upgrade to a modern browser.
Two Factor Authentication
Every website you use that offers Two Factor Authentication (TFA) should be enabled. This includes all your social media accounts, banking, accounting and email applications. Two Factor authentication sends an SMS or uses an authenticator app to generate a pin number to grant access after your username/password has been accepted. These means if someone gains your login credentials, they will be presented with the secondary challenge to log in. This takes away some of the convenience factor we spoke about earlier, but in my opinion is a mandatory and non-negotiable security consideration.
SMS TFA is OK, but the authentication apps are better. Social engineering has been used in many recent attacks where a hacker goes to all the trouble of getting a replacement SIM card for your phone, or changing your phone number to theirs after granting access and getting access to your SMS messages for the purpose of TFA code retrieval. The authenticator apps are more secure and use a QR code (that can be safely stored) for the purpose of adding a randomly generated TFA code. Examples include Google Authenticator and Authy. Use this where possible.
Cloud Based Data
With the strong preference this year of cloud storage solutions instead of localised data storage, this provides a risk that your data could be more easily accessible by hackers. This is particularly concerning if the data contains health records or personal information. In this case, don’t let cloud storage scare you away, it fine, but needs to be appropriately secured. Here are some tips:
- Make sure your cloud accounts all use different passwords.
- Use a password manager (we’ll talk about that later)
- Check your email address and passwords against the database at https://haveibeenpwned.com/ to see if they have been hacked in the past. You’ll be surprised how many times your email address and personal details have been leaked!
- Ensure Two Factor Authentication is enabled where possible
- Ensure your workstations that will be accessing this cloud based service are up-to-date and have appropriate anti-virus and malware scanners.
Password managers are a great idea as they save your passwords in one-spot. Yes they create a potential single point of failure, e.g. if they are hacked, all your passwords are exposed. However with two-factor authentication they are a safe and recommended solution. The benefit of these applications is they allow the generation of a random secure password for each site, so you have a different password for each. This means if one site is exposed and leaked, your password is restricted to that one site only. People who use the same password for numerous sites expose their data to higher risk of compromise.
Some password managers are:
Both of them use the military-grade encryption, being 256-bit AES to encrypt your data. The master password is encrypted using PBKDF2 SHA-256 algorithms. Lastpass is slightly better value, dashlane is easier to use.
Public WiFi and VPN’s:
Ok, so first lets talk VPN. Virtual Private Networks. If you don’t know what a VPN is, it is essentially a tunnel. Think if it burrowing a tunnel through the internet from your device to a remote server. This tunnel burrows its way through the world wide web and secures it self with encryption, so no one outside can see inside the tunnel. Often spruiked by privacy advocates to keep your browsing ‘anonymous’ to some degree any way. Yes, these are useful for this purpose. But also can pose a security risk themselves. How do you know your data is not ‘sniffed’ or ‘monitored’ as it passes through the VPN? You don’t. You are trusting them. All in all, a good VPN can be helpful, but this is reliant on the operator being a credible service. Avoid a VPN provider that provides free accounts, as this will attract all types of undesirables to their network, and poses a higher risk to your data security. Nord VPN is often touted as a good provider. (Sneaky plug: we also offer a pretty good premium VPN as part of our Stealth Internet brand). Generally you shouldn’t need a VPN for day to day web browsing on your home of office network. Where they come in handy is when you are using untrusted or open public networks. See the next paragraph.
Now, on to WiFi and public networks. Free WiFi is everywhere. Its easy to go to a nice cafe, pull out the lappy, connect to their WiFi and conduct some important business. However, Public WiFi networks are notorious security hotspots. Hackers can intercept WiFi data, packet sniff and even gain access to your local resources quite easily. For this purpose, I STRONGLY recommend using a trusted VPN whilst accessing any public WiFi network. The tunnel it creates will prevent any local hackers looking at your traffic across the WiFi link. Particularly online banking apps whilst travelling abroad and connecting to public WiFi should be conducted over a VPN.
Anti-Virus, Anti-Ransomware, Anti-Malware
If you are going to take anything away from this article, this is it. If you are running a Windows OS, you are particularly vulnerable to these threats. 15-20 years ago the big threat was trojans, but today ransomware is the big troublemaker. This is where a hacker installs a program on your computer (usually by tricking you to click a link or calling you and getting you to run something) then remotely encrypting all your data and demanding a ransom (payable in untraceable bitcoin) to get it back. This is an emerging and worrying trend. There are 3 ways you can avoid it:
- Ensure you never click any link that looks suspicious (or even looks legitimate! – double check the sending domain of all emails!) Also never click anything or run any command at the request of a cold caller.
- Install appropriate protective software. (more in this later)
- BACKUP BACKUP BACKUP!!!
To prevent ransomware, a good antivirus product is a MUST. Windows 10 Defender is a free anti virus package for windows that works really well, HOWEVER it does not contain anti-ransomware functionality.
If you want to tie steps 2 and 3 above together, a really good solution is ACRONIS TrueImage backup software. This includes a automated backup software tool that will backup your entire PC to the cloud each day, and also includes an anti-ransomware protection monitor that will alert you when something is trying to encrypt your data. Acronis also have business solutions available, but for $70 AUD a year per PC, its a very worthwhile investment. Acronis doesn’t provide antivirus or malware protection though. SO you need to pair it with another utility or use the included Windows Defender.
Other solutions include Malwarebytes, which offers a really good all in one virus, malware and ransomware protection suite. It doesn’t include backup like Acronis, so you need to make sure your backups are done using another utility. It is about $60 AUD per year.
If you need backup only, you cant go past the value and affordability of BACKBLAZE. This offers cheap cloud based backup solutions for home and business.
If you need help with any of these products, we are an authorised reseller of all the above backup and protection software, and can help you decide!
Stay safe, and keep that data secure!