< Chapter 3- SECURITY TIPS >
Physical security is the protection of personnel, hardware, programs, networks, and data from physical circumstances and events that could cause serious losses or damage to an enterprise, agency, or institution. This includes protection from fire, natural disasters, burglary, theft, vandalism, and terrorism.
➢ Before you turn on a computer,check if it has weird objects connected to it. People could use physical keyloggers to gain your information.
➢Don’t leave your smartphones, Computer, laptop, notebook, etc with personal information unattended or unsecured.
➢ Lock your plug-in hardware as people could gain access to your working environment. It would be an easy way for a criminal to take the plug-in hardware with him. Lock up your external hard drive, USB sticks.
➢ Don’t toss around with your USB sticks. Keep them safe and encrypt them!
➢ When your hard disk or memory is declared dead, be sure to dispose of them in a secured way. Put them in a bag and hammer them to pieces and then burn it.
➢ Don’t mix your laptop that you use for your work as a multimedia internet laptop. Keep work and fun separated when dealing with information.
➢ Turn off your Wi-Fi, either through the OS or using a physical switch (if you have one), when not in use.
➢ Almost any device can be used to record audio and/or video, including smart phone, watches, and buttons.
➢ Disconnect the internet cable when you are done with the internet on your Computer. This will prevent a Wake on LAN attack.
➢ Use secure wiping functionality (Disk Utility) or tools to erase drives/devices before giving or selling them.
These are the measures taken to prevent an unauthorized entry or access to a Computer, Computers or group of networked Computesr. The strength of a password is a function of length, complexity, and unpredictability.
➢ Use password generators, if any to create passwords for yourself and then add an extra character that you prefer to the generated password.
➢ Use password managers to manage your passwords for you.
➢ Keep your password secret.
➢ Do change your password on a regular basis.
➢ Prevent the use of easy to guess passwords like; 12345 or welcome or a dictionary word. Hackers use password lists to brute force accounts. Use a space in your password as most crackers cannot crack such passwords.
➢ Don’t leave password notesv on your desk, under your keyboard / phone / table. You could use a password manager instead.
➢ Make sure that your credentials travel via HTTPS protocol.
➢ Set strong (hard to guess) secret questions and answers.
➢ Disable auto login.
A method used to trick people into doing things they would not do if they knew your real identity and intentions. Social engineering can come in many forms, such as phishing attacks and email hoaxes, as well as many of offline activities.
➢ Don’t provide people information that they should not have.
➢ Always be careful if someone asks for non-disclosed information. (This could be your credentials or the password of your username).
➢ Hackers often impersonate (spoof) users to gain information. Be aware.
➢ With social engineering comes the threat, theft of financial information. Hackers use phishing or spear-phishing techniques to request confidential information, such as account details.
➢ Never provide sensitive information via email. If someone tries to get you to give out personal data, passwords and other sensitive information via your email don’t do so. Always call back to the real source and confirm if such a request is needed.
➢ Be skeptical of anyone that tries to get personal data, passwords and other sensitive information from you.Normally, it is very rare for a company to make you give out any information, so you should never do so if you haven’t checked the source first and are absolutely confident about it. It is your right not to give out any information unless it is under extreme circumstances.
➢ Beware of people that call you on the phone and try to make you provide your personal information, passwords, and other sensitive information. Always be skeptical if someone calls you on the phone and tries to get your personal information, your passwords, and other sensitive data. Always be skeptical and never give out any information to strangers.
➢ You will never get one hundred thousand via an e-mail contact. Spammers use various techniques to gain information from you. They will act like they have money waiting for you and all they need is your credentials. Be aware of this threat.
➢ The police do not send mass e-mail to private citizens about cyber scams. If you received an e-mail that claims to be from the police or other top official, it is most likely a scam.
➢ Social engineering can strike you anytime. It is a method that is used to obtain information and let people do what you want them to do.
➢ Attackers might use various methods to obtain their information. When you get a security warning take it seriously.
It is the interaction among people in which they create, share or exchange information and ideas in virtual communities and networks.
➢ Consider if you want to use your real name. (You can connect your network directly to add a specific username)
➢ Social media is fun but is as dangerous too. Don’t leave your social media page open in a public environment like schools, cafes and other hotspots.
➢ Applications are fun but are dangerous too. Applications need information for their databases which could belong anyone. So, before you download or install an application check the source of the application. Hackers often use messages that people will click on. Social media is a great resource for hackers as everyone is connected. When you click on a malicious link you will get infected by malware that will extract your credentials to a criminal database.
➢ 1,000 friends’, don’t accept such requests. Only accept people that you know to your social media network. This will protect you from harm.
➢ Don’t share your password with others.
➢ Beware of shoulder-surfers when typing in a password or sensitive information.
➢ SSL keeps you safe. Pay attention to the SSL errors when browsing. Recognize current phishing and other scams.
➢ Malicious content is crawling social media. Be aware surveys that like collecting your information.
It is a mobile phone with more advanced computing capability and connectivity than basic feature phones.
➢ Be careful with your contact list. Your list could contain potential information for hackers. you lose your phones, be sure to inform your contacts about it.
➢Smartphones are used regularly. We can’t imagine world without them. They contain a lot of information. Be sure to keep that information close.
➢ Don’t just install all types of applications and when you delete an application, remember to delete the account you created with it.
➢ Your Smartphone has storage memory. Remember to wipe/erase them before you decide to sell or trade them.
➢Set your phone to lock or timeout after a certain period of inactivity, requiring a password to get back in. All the major Smartphone operating systems support this.
➢ Third-party apps share too much. When you install a third party app you grant it certain privileges. Those privileges may include access to your physical location contact information (yours and that of others) or other personal data.
➢ Geo-location activation. Do you really want people to know where you are?
➢ Wi-Fi for free. Be aware that when you are connected to an access point someone could take out all your information.
➢ Disable Wi-Fi, Bluetooth when you are not using it.
The process of encoding messages or information in such a way that only authorized parties can read it. Encryption doesn’t prevent hacking but it reduces the likelihood that the hacker will be able to read the data that is encrypted.
➢ Use encryption software (like Truecrypt or Vera-crypt) to encrypt your information.
➢ Make sure that only you know the encryption password.
➢ Don’t write the encryption password down.
Computer software used to prevent, detect and remove malicious computer viruses. Most software described as antivirus also works against other types of malware.
➢ Use an anti-virus on your Computer. If you can’t pay one get one for free. You can use the ‘Microsoft Security Essentials’ to protect your .
➢ Update your antivirus. Your antivirus uses a database of signatures. This database needs to get updated so as to recognize new threats. Run your antivirus on a regular basis.
Some places where public computers may be available are libraries, schools, or facilities run by the government. Prevent logging in on public Computer.
*Disable auto login.
*Check for weird objects like key loggers.
*Use secure protocols like HTTPS.
*Don’t store files on public Computers.
*Be aware of your environment.
*Delete your browsing history
*Delete your cookies.
*Prevent using public Computers.
A Technology that allows an electronic device to exchange data or connect to the internet without wire.
*Use a strong password.
*Don’t broadcast your SSID.
*Use good wireless encryption.
*Use another layer of encryption when possible.
*Restrict access by MAC address.
*Shut down the network when it’s not being used.
*Shutdown your wireless network interfaces, too.
*Monitor your network for intruders.
*Cover the bases.
*Don’t waste your time on ineffective security measures.
It is a type of malware that encrypts the files on your device, making them useless to you. The ransomware authors then typically demand that you pay a ransom most often in Bitcoins (crypto currency) to obtain the key needed to decrypt the files.
Guidelines to ensure you don’t get locked out by ransomware
*Backup your data. If ransomware strikes, your data can be restored by normal recovery methods once the malware has been removed.
*Update security software such as antivirus, anti-malware, application firewall, etc. on all your devices, including mobile, to protect yourself against any new variants of ransomware.
*Keep your operating system and other software updated. Patch, patch, and patch is the only silver bullet for newly discovered security vulnerabilities that could be exploited by attackers.
*Do not open any suspicious-looking emails you receive, especially if they contain links or attachments. They may be phishing emails which may get you infected with ransomware.
*On mobile devices, refrain from downloading apps from unknown sites and only install apps from trusted sources such as Google play or iTunes. Also, pay close attention to the permissions requested by apps.