Cybersecurity 101 for someone who is not a pro

So you use the internet for everything you need. What if someone attacks you online? Now, if this does not make you nervous, you should be worried.

This will not happen to me

Most people pay no attention to their online safety and usually, it is OK. Most likely nobody will attack you personally. However, if someone targets a specific vulnerability, you may be jeopardized.

I know that with all my skills, my site was broken twice in 2017 due to DDOS attack caused by a known vulnerability in older WordPress versions. I was somehow able to manage both attacks without external help. But I am worried since.

My kids downloaded some funny app on their Galaxy phone which was new and I did not have time to protect it. Fast forward two days. We had to restore the phone to factory defaults and open a new Google account for the kids. I am happy I do not allow them to play on my phone. My wife allows them to play on hers.

I lost the first year of my daughter’s life. Not literally. My wife used to take lots of family photos from her device. Then she lost the device. She did not even try to make backups. We were not really functioning with a small girl and two not so large boys.

Now if this could happen to me, probably it could happen to you.

When to be scared

Some events are just scarier than others. Here are my top 5:

• Your mobile device is in the hands of your kids, or god forbid you lost it.
• When traveling you need to log into your google account from some internet cafe.
• A friend with whom you did not speak for years suddenly writes you an email.
• You have to use torrents or dark web to get the information you need.
• Somebody who is not your agent approaches you about your website, your patent application or other privileged information.

Your password should not be 1234, your birthday or “password”

Use strong passwords, e.g. at least 8 letters with numbers, different cases and special symbols like e1ghT_L33t3rs. Do not use something crazy, and modify regular words. Personally I do not like password storage services, as your screen and keyboard could be captured when you access such site, say by a camera you did not notice. Have different passwords for the sites you cannot afford loosing. Like  e1ghT_L33t3rs_ebay++, e1ghT_L33t3rs_paypal!!.

And if you can, use two factors identification. This means you should really watch your mobile device for identification purposes. More cautious people have a very small and rugged mobile device they always carry on their body and a larger device they put in their bag.

Use the damn protection

On your main computer and mobile device, you should be as protected as possible. In your main browser use adblockers. Install bitdefender or another top-notch antivirus. Do not mine cryptocurrency or download software you do not trust. Never open emails you consider dangerous.

Your device matters

Windows computers and Android phones are attacked more often. Like 10 times more often, than Mac/Ubuntu or iOS. For children, I often use “sports” or “military” grade devices like Samsung Active.  These devices are not as beautiful and a bit more expensive, but significantly less likely to break. Laboratories often remove protection to ease the work of their technicians. The more your device spends in labs, the more likely it is to become vulnerable.

Always update your software. New versions of software often fix security bugs. Do not be the first to update though, as the update itself can be flawed. Typically it’s OK to wait four days and update then.

Have a DMZ device

In cybersecurity, we often talk about the “demilitarized zone” devices. We can try dangerous things on these devices, but we will never try the things that require high security. In the same way, we can have a second email account etc. This device should ideally have its own network. At home, I have two different internet providers: one for me and the other for my kids. If someone demands ransom for the DMZ device, we can simply format its storage and return the device to factory settings.

You can also use VPNs, anonymous web surfing and other advanced features to protect your identity and browsing history.  If a stranger (site or person) offers you cookies, be very afraid.

Facebook is evil

While Google at least wants to be less evil than its peers, Facebook is seriously dangerous. You can be targeted by various security agencies, marketers with false ids and worse.  If you are attacked, your own account may be deactivated and nobody promises you will ever be able to use it again. Do not put your private information online, and if you have to do this try to use encryption.

The most common attacks

Some attacks are more common than others. Here are my top five:

• Impostors exploiting an honest mistake, like writing a web address with a typo.
• Social hacking by someone near you. For example, a person filming you while you enter a password or taking your mobile device.
• Phishing, typically by emails that bypass our guard, pretending to be something they are not.
• Trojan horses in the software we download or emails we read.
• DDOS if you have a site. It is attacked by multiple devices until your site crashes.

If you are attacked by a toy, it will try to go to other devices and debilitate hardware. Viruses are very annoying but they are built to be detected. Small crooks may demand ransom or try to access your money. Professionals will get access to the services you use and sit quietly until they find your biggest vulnerability, or use your device to attack their true targets.

What to do if something bad happens

Before you do anything drastic search the web for advice from some other device. If you happen to know a professional, discuss the situation with him. You do not want to be your own doctor unless the situation is minor. Consider getting paying experts’ help as soon as you can. Also, consider contacting the police within 24 hours of the event.