It is well known that laws and regulations have never been an impediment to those who are willing to ignore them, so we should be cautious not to push our luck. In this regard, it is appropriate to take steps to improve our position in the face of abuses that exist and threaten our rights to our data.
In this way, and without pretending that the following is an exhaustive list of recommendations, we outline some recommendable conducts in favour of improving the privacy of our data:
Protect accounts with strong authentication
Strong, multi-factor or more often two-factor authentication provides an additional layer of protection against identity hijacking. Many online services, including email and social networking, offer this extra protection, to help ensure that the user logging in really is who they say they are and not someone who stole or guessed their password. It requires the person to have more than just a password to access an account, most commonly used being biometric technologies (especially fingerprints), one-time codes (OTPs) and security keys, usually USB devices that must be present at the time of access.
In this way, the compromise of an account already requires more effort on the part of the attacker, since access requires that in addition to knowing the password, a second element or factor, in the form of something you have or something you are (biometrics), is available.
Keeping software up to date
Using outdated software exposes you to the risk of vulnerabilities that criminals look for, know about and exploit. It is essential to keep all the software we use, the operating system running on our computer (Windows, MacOS, Linux, Android, iOS), the web browser we use (Chrome, Firefox, Safari, Internet Explorer, Edge, etc.) and personal productivity programs, such as text editors, spreadsheets, etc., up to date in terms of versions and security patches. This proactive practice helps to avoid infections with malicious software (malware) that could compromise personal accounts and devices.
Preventing malware from entering our devices is fundamental for the protection of our privacy, given that among the things that can be infiltrated there are types of malware capable of capturing all our typing (everything we write), and activating our camera and microphone, as well as other actions such as encrypting our files and then holding us to ransom for them, or incorporating our device into a large network of slave machines, subsequently used for different criminal actions.
Preventing phishing attempts
Phishing is the name given to attempts by criminals and other malicious actors to trick people into revealing their passwords to online accounts, or to allow their devices to be infected with malware sent to them. This type of deception can occur through various channels, mainly email, but also social networks and text messages; its primary consequence is the compromise of security, which generally results in the theft of personal and financial data, the latter usually ending in the theft of money.
These messages usually come from known accounts that have been previously abused by attackers, making it difficult to differentiate them from legitimate messages. In addition, criminals use documents and other commonly used files as an infection vector, duly manipulated to abuse certain vulnerabilities in certain programs, which, if present (due to lack of updates), will be allowing access to the device. Another trick used is to get the victim to try to access a known site by entering their credentials on a fake site, which imitates the real one and retains them for later fraudulent use.
Phishing tends to bypass any technological defences that may be in place, so it is important to be vigilant and better to check in time for anything that arouses suspicion. It is advisable to pay special attention, for example, to urgent and unexpected messages or mistaken greetings. It never hurts to think twice before clicking on a link or opening a strange document; it is also good practice to make sure the address of the website you are visiting is what it should be before entering your login credentials.
Use unique passwords
Using the same password for accounts to access multiple online sites is one of the most common ways in which accounts are abused. By using the same password for more than one service, if one service is breached and its users' credentials fall into the hands of criminals, they will be able to access the other services where the same credentials are used. As this re-use of credentials is common practice, criminals tend to try to use them to access the most commonly used sites, including online banking systems likely to be used by victims, e.g. based on their region of residence or some other characteristic of their activities (hence it also makes sense to protect personal data).
It is difficult to remember many different and strong passwords, but there are tools that can help. You can use a password manager, which requires you to remember only one password to access it and thus access all other registered passwords; they are implemented with strong security measures that minimise the chances of them being abused and usually have implementations that allow them to be kept synchronised across multiple devices, such as personal computers, tablets and smartphones. And they are very low cost - there is no excuse not to use them.
Securing mobile devices
Smartphones and tablets often contain a huge amount of personal data, including emails (often also corporate), contacts, calendar of activities, locations and shortcuts to various applications. If one of these devices is lost or stolen, the data goes with it, leaving all the information contained therein vulnerable.
The first measure to protect a mobile device is to lock it with an access code, a pattern of movements or by means of a biometric functionality such as a fingerprint or a face image. At the same time, it is advisable to have activated some of the ways available in the different existing brands, to be able to remotely locate, lock or erase the device. Sometimes these features are provided by the device manufacturer, or alternatively can be added by specific security applications.
Use reliable security tools
Although security tools are not infallible, it is advisable to have some kind of protection for our devices that is capable of stopping the most common attacks and, if possible, goes beyond the basics. For this, the most reasonable option is to resort to one of the well-known commercial alternatives available, avoiding falling into the easy way of free software with dubious results.
There are online reports accessible to everyone that provide statistics on the test results of the various tools. The main ones alternate on the podium of the best, based on their performance in recent times. Guided by these reports is a good starting point when choosing which tool to use to protect our devices.
In addition, online services increasingly offer alternatives to make their use a more secure experience. For example, the possibility of activating two-factor authentication to access a service should be taken advantage of whenever it is available, as it is one of the best allies when it comes to protecting our privacy.
Sharing the minimum through social media
Finally, we could not fail to make some recommendations regarding social networks. These, beyond their nature (leisure, work, personal contacts, etc.) are managed in ways that are beyond our control and all our information posted on them, including all publications, are at the mercy of the will of those who administer them. In addition, they operate on technological infrastructures that, like any other, have vulnerabilities that are often abused by attackers who penetrate them in search of subscriber data to use them for different purposes.
Consequently, the less personal information we post on social media, the less we are compromising our privacy and identity security.
Author:
Hugo Köncke - Regional Consulting Manager of Security Advisor
About Security Advisor
We are a regional company, with presence in Uruguay, Argentina and Chile, with exclusive focus on information security solutions, operating since 2000 and serving more than 400 private and public companies, institutions and governments.
In an increasingly competitive, global and challenging environment, threats and vulnerabilities have also become globalised, and our professionals work to be the information security benchmark for our clients.
Our team is our most valuable asset. We are constantly updating and training in the latest trends in attack and defence systems security. We optimise our regional presence and operations to meet the needs of our customers with the best resources, regardless of the country where they are located.
Other related articles:
4 recommendations to avoid becoming a victim of Sextortion
Security Advisor and Symantec: solutions for malware and phishing prevention
Raising awareness of an old reality: "Extortions, scams, robberies - Criminal trends in cyberspace".
Connect