In the third event of its 2020 webinar series, the Chamber of the Digital Economy of Uruguay (CEDU) invited Guillermo Rodríguez, Pentester at Datasec, a Uruguayan company that has excelled in risk management, quality and security in information systems, to explain the main techniques that threaten personal data on the Internet and how to avoid them.
"How not to lose in the digital world, as this talk was called, is related to the fact that many of the technologies we use are to create, to produce, but precisely, we rarely have the precaution or try to be cautious not to lose, that is, not to have problems in which our information is attacked, and this is precisely related to cybersecurity in general," Rodriguez introduced.
The professional with more than 15 years of experience in the field said that "analyzing this issue is extremely relevant these days, more with the rise of the pandemic and digital technologies", hence the importance of "digital literacy, which involves entering a new world and understand new words, concepts and processes of doing things".
The expert began the talk by detailing the different reasons why people hack: for money, fun, for example those young people who are learning to use these technologies, out of curiosity, competition, which is called espionage or cyberwarfare, or even revenge, by disgruntled employees.
Meanwhile, he said that security failures are largely due to little training or awareness on the subject, as well as "the lack of perception of security, which happens to believe that having an antivirus, firewall or some security components, it is enough and it is not so", since "not only enough to have these controls", but it is necessary to "ensure that when entering a link, download or run a file on our device, we really trust its origin".
On the other hand, Rodriguez addressed "phishing," the technique of sending fake e-mails that tricks recipients into entering their personal information on fraudulent websites.
"In this way, they imitate an official website of a bank, for example, or attract the attention of the recipients with important shopping offers that arrive in the mail," he explained and commented that one of the main ways to detect it is "paying attention to the web address or URL received, in which you will surely notice that it is misspelled, although the appearance of the page resembles that of the official site, which we already know," he explained.
He also added that another of the cases related to this practice is the sending of malicious software or "ransomware", which "takes the files we have on our equipment, whether computer or cell phone, and makes a process called encryption, which is basically a concealment that prevent us from accessing our documents," so that later a "financial ransom is requested to recover them".
"This type of attack is one of the most risky, since it can come from cases of identity theft, that is to say, from fake mails pretending to be people we know and trust, that when executed, in addition to affecting our computer, if a shared network is used as in the case of companies, can also affect the rest of the computers," he added.
For this it is "fundamental to take into account the identification of the false, the policy of backing up the information, as well as other more technical actions," he concluded.
At the end, he reviewed and summarized his presentation commenting on ten practices to follow to ensure the security of personal and work data, such as accessing the Internet from reliable networks; safely dispose of confidential information that is not needed, since they can be recovered if you use the simple process of deletion; take care of the information you handle and avoid disclosing it to others; have several passwords for different sites or online accounts; and take care of the transport of sensitive information on laptops when traveling.
In addition, he recommended using encryption devices or systems to store confidential information; take care of physical access to the devices or block them; report incidents to the authorities and avoid connecting unknown devices, such as pen drives that can be found; do not spread fraud, fake news and report false ones immediately; and finally, take care of the privacy of the screen when working remotely, which involves logging off when using remote connections through, for example, platforms such as Zoom.
CEDU's webinar series will continue until the end of the year and the next one will be held on Thursday, November 19 at 10:00 am. It will be given by professionals from Fenicio E-Commerce, the renowned online sales platform in the cloud of simple management. Free registrations are already open at www.cedu.org.uy/eventos-cedu/ .
Connect