Why is Digital Security so Important?
With many gadgets and gizmos comes great risk to cyber attack. Protecting your online information is important, because bad actors can use your information to pretend to be you. Or worse, they can hack your expensive gadgets and steal your private data.
Whether you have a super secret double life or just simply use the Internet from now and then, it is important to secure your personal information. There are many steps we can do to help mitigate identity theft. In this super long article, we’ll outline some of the steps you should consider taking to keep yourself safe online.
NOTE: No cybersecurity plan is bullet proof. The advice given in this article is to mitigate risk and chances of a successful attack. Be sure to secure your assets and have multiple layers of response (identity theft insurance, multiple banking accounts, etc.) in the event of a successful attack.
Table of Contents
What Are Hackers?
In short, hackers are individuals that possess the skills necessary to bypass security measures within a system. Not all hackers are bad; there are several There are a various hackers out there, ranging in ethics and skill levels:
Skill Level
Script Kiddies
Script Kiddies are entry-level hackers that leverage readily available programs (or scripts) to attack systems. The vast majority of hackers are script kiddies; namely if their program fails to breach security protocols, they don’t know what to do.
Hacktivists
Hacktivists are hackers with more advanced knowledge and workings of systems. They are usually in a group with other hacktivists and often target entities that they few to be in violation of their code of ethics.
Professionals
There are not very many professional freelance hackers, as they are most likely hired by a company or organization. These hackers are quite capable of their craft.
State-Nation Sponsored Hackers
It can be argued that most professional hackers end up working at the state-nation level, having access to a plethora of public-sector tools at their disposal.
Ethics
The ethics scheme of cyber security can be describe by what color hat the hacker wears. This is more of an expression; you do not need to wear hats if you hack (unless you want too…).
White Hats
White hats are the “good guys” that are hired by companies to break their systems. In doing so, a company can evaluate their stance and make adjustments. White hats do not maliciously destroy companies, rather show them what to do to prevent other hackers from doing this with permission from the entity.
Black Hats
Black hats are the “bad guys” that often hack other devices for their own driven motives -mostly financial gain or political status/fame. Unlike white hat hacking, black hat hacking is done to dispense a payload or some program that performs a malicious action against a system without authorization from the entity being attacked.
Grey Hats
Grey hats fall somewhere in between the first two, in that the hacker breaks the law by hacking but for a justifiable cause (at least in the hacker’s mind). For instance, many hacktivist groups initiate new members by having them take down websites that exploit vulnerable people. There are a few articles floating around that state these hackers take down more of these dark websites in a few hours than national agencies do in a year. It can be a touchy subject, but grey hats can be viewed as digital vigilantes so to speak, however, instead of capes they wear fedoras.
What Are Hackers After?
Fame
Hackers first started out breaking systems as a way to brag with their friends. While the market for ransomware attacks has paved the way for hackers to make money more so than anything else, there are still hacktivist groups out there that hack to become more famous in the community.
Politics
There will always be new hacker stories in the news. Whether an agency or government intentionally let their defenses down to let a “perpetrator” get through or if they were genuinely taken off guard, hackers will often target politically sensitive systems (local/state governments, candidates, etc.) out of political spite. This is why government and government-contracting agencies invest millions of dollars into cybersecurity.
Money
Hackers can make a lot of money accepting high-profile jobs, however, there are several low-effort, high-paying opportunities that involve you. Your personal information, whether you are someone famous or have nothing to hide, can be bought and sold in bulk on the dark web. Additionally, you can become an attack vector against someone you may know if a hacker can breach your systems.
This is why it is crucial to protect yourself and your family from digital threats. There are several opportunities that can leverage you to unseeingly let hackers into your devices. Here are just a few examples from YouTube on digital security as a whole.
NOTE: These videos are for educational purposes only. Do not use this information with malicious intent.
Malware Types
Viruses
Viruses are the most commonly cited form of malware, however, not all malware can be classified as a virus. Viruses are self-spreading programs that jump from devices on networks, infect and repeat.
Worms
Worms are programs that run behind the scenes, often undetectable without anti-malware software. Worms do not self-spread like viruses; they typically reside on one or a couple systems within a social network (you and your friends/family).
Trojans
Much like the Trojan horse, Trojans are malware poised as helpful programs that users install. Whether the installed application is useful to the user or is simply a waste of space on the hard drive, the payload is executed as soon as the user accepts the download.
Malware Applications
There are a variety malicious programs out there that are specialized in many different facets. Here are a few of the different forms of malware:
Nuisanceware
Sometimes, malware is designed to annoy users. Goose.exe is a popular not-so-malicious nuisanceware attack that installs a cartoon goose onto your desktop and it will control your cursor, play music, etc. However, there are other pieces of malware that flood your system with pop-up ads and make your device unusable.
Ransomware
Ransomware hijacks your system and demands that you pay them a fee to unlock your system. One thing to keep in mind with ransomware is that if you pay the fee, it does not mean you will get your computer back.
Keyloggers
Keyloggers comes as physical devices or software packages that record your keystrokes and sends them to a hacker. This can be useful for obtaining login credentials and even personally identifying information.
Skimmers and Sniffers
Skimmers are very similar to keyloggers, however, they are physical devices that are used to compromise items like credit cards, mobile banking information, etc. Sniffers also come in a variety of packages that listen to your digital conversations and take the packets that you and your router communicate with.
Block the Majority of Attacks with Good Habits
While there are many great tools out there that can prevent you from being compromised online, the best place to start is to have good browsing habits. For instance, you can have a secured digital workspace but it will not stop hackers if you click on an advertisement on an unsafe website. Even when you have set up your layered security at the end of the course, you can still allow hackers to bypass everything we have set up if you do not have good browsing habits.
Website Safety
There are quite a few ways you can keep yourself safe online, however, adding security protocols to your web browsing can make pages load slower and can break pages. In general, the following suggestions below can help you stay safe online without making it a chore:
-
- Be respectful. Don’t antagonize people online. You don’t know what they are capable of nor how much free time they have. In most cases, it’s better to just let it go.
- Advertisements can take you to an external website. They can also embed malware if the links are not thoroughly checked by the platform. Exercise caution with advertisements. If you are unsure but want to know more about the product, search for the product in a search engine.
-
- Do not enter personally identifying information on websites -unless you are making purchases or trust the website. Ex. you should never have to enter you SSN on Facebook to log in.
-
- Use a VPN
-
- Use a secure search engine
-
- Use a secure web browser
-
- Do not allow notifications on websites you do not trust
-
- Inspect links before you click on them. Look for misspellings and irregularities; they can be a malicious link instead of the website you think it is
Network Safety
There are several services online that require confidential information, such as mobile banking an online transactions. Keeping your information secure through a VPN and strong password is critical. However, be sure to consider your network security in addition to the concepts we’ve covered so far.
Online shopping is becoming quite popular for consumers, businesses and hackers alike. Here are a few guidelines to keep you safer:
- Use a virtual credit card number
- Only use credit cards for online transactions
- Ensure there is an https:// in the website address (or lock icon) to indicate it is secured
- Read the return policy/terms of service included on the website.
Phishing
Phishing is one of the most used techniques to infiltrate systems. Phishing is the technique of sending mass emails in hopes to rattle the emotions of those who receive it and act on a whim to oblige the hackers request. Phishing attempts are generally carried out by email, however, we see an increasing number of phishing attempts through phone calls, text messages and social media DMs. Regardless of the platform, phishing attempts can increase in complexity through a technique called spear phishing. This is a dedicated phishing attempt that will be customized to you.
There are many tell tale signs of a phishy email, most notably the following:
-
- High to Extreme Sense of Urgency
-
- Unusual Request, An Opportunity that is too Good to be True, Alleged Blackmail, etc.
-
- Weird Email/Phone/Social Media Address
-
- Anything that makes you feel uneasy. If you weren’t expecting a call, text, email, why should you have to immediately respond or do what they say? YOU SHOULDN’T
Emails can have any prefix, however, the postfix is what defines the domain that serves the email address. For instance, you can have any GMail account you want, but it must end with @gmail.com. The same is true for any custom domain name. They may use your email prefix with their postfix to convince you that they are emailing you from your own email (“they hacked you” [no, they did not]).
This property does not exist with phone numbers of social media accounts. For phone numbers, scammers are increasing their efforts to use localized area codes to make the phone number look familiar. When in doubt, let it go to voice mail and see if they leave anything. For text messages, it is best to ignore outright. If the requests persist, block and report the number.
Much like with text messages, you can ignore any unsolicited social media DMs. The same protocol can be followed, however, you are much more likely to get the desired results when you block them after many attempts to reach out.
VPN
A VPN is a virtual private network that you can connect to to prevent hackers and internet service providers (ISPs) from listening to your communication. Once you connect to the server, you can use encryption to securely send your information to and from the server. Additionally, any requests you make online will go back to the server. For instance, if you want to view content only available in the U.K. but you are in the United States, connecting to a U.K. VPN will trick websites into thinking that you reside in the U.K. The website is unaware that the VPN server is sending you all of the information!
Choosing a VPN
It is crucial to have a middle man protect you from attackers finding your true location. Of all the paid services we recommend, get this one. There are several great options for VPN services:
From personal experience, Express and Nord VPN do a great job at maintaining high speeds while providing solid encryption. ProtonVPN has been recommended through several colleagues as the best free option, however, you can upgrade your VPN service to have faster speeds.
Browsing Workstation
In addition to your VPN, you should also use a secure browsing workstation. This will consist of a search browser and search engine. We recommend you use TOR and a VPN for the most security. It is VERY difficult to break this encryption -so long as you follow the best browsing habits and a couple of other recommendations from our TOR video:
However, this becomes vastly impractical for most browsing applications because it can be quite slow. Additionally, many sites block TOR connections because malicious hackers commonly use TOR to connect to sites with ill intent. The intended use is to run through TAILS Linux, which is way too much work for most users to set up every time they want to scroll online.
With this in mind, having a secure web browser like Brave will offer a compromise between speed and security. Brave is a derivative of Google Chrome and it offers more security features and privacy from its predecessor. Keep in mind there are several other secure browsers out there, but Brave does a good job for us.
When configuring Brave, you should navigate into your settings and select DuckDuckGo as your default search engine. DuckDuckGo is becoming quite popular as a secure search engine. I have personally used DuckDuckGo for 4 years and counting! While some of the search results do not match Google’s search engine, it offers more privacy than Google search.
Depending on your individual needs, using either Brave or TOR will provide much more protection than Chrome or Safari. Of course, you can opt for another browser, however, we can recommend Brave.
Password Management
Keeping your passwords safe is important. Writing them all down in a notebook is a good idea -until you lose your password book. Password managers like LastPass offer a great and affordable product that you can share with your friends/family. One thing to note is the security schema implemented by the company. They were attacked before, however, the encrypted passwords could not be cracked by the attackers.
Once you import your passwords into LastPass, be sure to do the following:
- Make all passwords unique and strong (> 12 characters, 1 capital, 1 lowercase, 1 number, 1 symbol)
- Ensure your fallback email for LastPass works
- Delete passwords saved in your browser
If you already use an app like Apple KeyChain, then you do not need to worry about this. Instead, you should migrate all of your passwords to the manager and use this instead of something like LastPass.
Secure Communications
Keeping your communications secure means strong encryption. The software of choice for these communication is ProtonEmail and Telegram.
Both offer solid encryption and can run on most devices. ProtonEmail is physically located in a neutral country with extensive privacy laws, however, they will provide information to proper authorities if warranted. Telegram also has a similar privacy terms of service. While they are not totally anonymous (nothing is anyways), they definitely beat conventional online communication.
Again, these solutions do not make you immune to data breaches, but certainly help to keep your information a little more private. Be sure to follow best practices and limit the amount of sensitive information you put out onto the Internet.
When it All Goes Wrong: Identity Theft Insurance
Even after all of this, you can still get hacked because a company did not properly store your data. Or maybe a coworker accidentally clicked on a link that exposed your records in the employment database. There are many ways for it to go wrong, so it’s best to get Identity Theft Insurance.
There are several great providers like Norton and Aura, that will help you restore your identity should it be compromised. It is also a good idea to proactively use a PIN code for your SSN, which will prevent hackers from using your leaked SSN.
At the end of the day, be sure to do your homework and select the right insurance plan that fits you and your family best.
Is That All?
This definitely turned into a much longer discussion. However, there are still ways you can help improve your digital security! However, this guide on staying safe online covers a lot of areas that are commonly exploited by hackers. However, implementing multiple systems that layer on top of each other is a great way to mitigate threats.
For instance, a hacker my bypass your VPN and steal your login. Since you are using unique passwords, it’s just the one account that is compromised. If this account is to a password manager, you have multi-factor authentication. If that fails, you have identity theft insurance.
Having many layers makes it a lot more difficult to choose you as a target. While you still got hacked in the above scenario, the hacker had to go through 3 tough, independent layers to get to you. And you have identity theft insurance to help you restore everything.
This extensive system will give you more opportunities to protect yourself and your assets. Keep this in mind and follow good web safety practices always.
Founder and CEO of R U Coding Me LLC. Jacob obtained his Bachelor’s of Computer Science at the University of Central Florida. He likes to go to the gym and teach people about technology.
