In 2017, organisations will need to focus on data protection and cyber security. The new EU General Data Protection Regulation entering into effect in May 2018 is foreshadowed by new laws and regulations, and we still remember well the horror stories on massive data theft that we read about at the end of last year.
Those responsible for security at IT departments will continue to fight off ransomware attacks, attempts at espionage and viruses in 2017, as the following sentence still applies:
„If you connect it to the Internet, someone will try to hack it.” (Brian Krebs in KrebsOnSecurity)
The question is: How can an “ordinary” Internet user achieve protection against data theft or hacker attacks?
This article is offering a few tips that can help you in achieving protection.
Ransomware – the underrated risk
Ransomware is a type of malware affecting a user’s computer or an organisation’s IT system and subsequently encrypts some or even all data. The data is therefore no longer accessible to the user. Then, a “ransom payment” is demanded to decrypt the data. The ways to covertly install ransomware on computers or systems become more elaborate all the time, and the attachments hiding the malware are designed ever more professionally. Such attacks can be avoided by paying close attention: Always take care when you open an e-mail attachment. Do you know the sender? Do the e-mail’s subject line and the attachment’s name make sense? Have you really ordered or bought something from the supplier who is now sending an invoice? Do you really have to watch each presentation you receive from someone you know - who in turn has received it from an acquaintance, who again has received it from whoever? It is better to not click once instead of no longer having access to your own data and photos.
Regular backups of your data to external drives or servers are equally important. In the worst case you can then restore your data.
You should also take care to have the latest versions of your programmes (in particular your web browser) by regularly installing updates.
Data theft and identity theft: Safe passwords and two factor authentication (2FA) offer protection
Your data is valuable. This applies to major information such as your credit card or account details, but also to “minor” information such as your e-mail address or a social media account. Hackers make a lot of money out of both. Therefore keep in mind: Protect your data! Safe passwords are an easy protective measure which is nevertheless neglected too often. A safe password meets the following criteria:
- It consists of at least eight characters – the more, the better.
- Your password contains no word that can be found in a dictionary.
- It also contains no character sequence that is associated with you (date of birth, names of pets, places, etc.).
- Upper and lower case characters are used, at least one number or special character is present.
- Each password is used for a single service or access.
Password managers such as KeePass, 1Password or RoboForm can help you generate safe passwords and store them in a kind of “password vault”. You then only have to remember a single password to unlock the vault and can still use a multitude of different, complex and therefore safe passwords for your services and accounts, without having to compromise on usability.
If available, two factor authentication (2FA) should also be used as an additional protective measure. The first factor is something the user knows (for example a password, a PIN or a TAN). It is combined with a second factor, which is something the user possesses (for example a hardware token, a banking card or - in the case of tokenless 2FA - a mobile phone). Authentication according to 2FA is only successful if both factors are used together and if they are correct. This additional protection makes it much harder for data thieves and hackers to gain access to your data or your identity. For this reason, you should use this measure!
Secure communication with messenger apps
When you communicate via phone, text or web messages, use secure alternatives to WhatsApp, Google Hangouts or Facebook Messenger. They offer genuine end-to-end encryption. When you set up your user account, you ideally need no personal data or only very few such as your phone number, e-mail address or name. Some of these suppliers are apps such as Threema(link is external) from Switzerland, Signal(link is external) or Wire(link is external). The following article (in German) on the consumer protection portal verbraucherzentrale.de(link is external) lists additional examples.
Paying attention when using open WIFIs
Public WIFIs are a nice thing – but unfortunately they are mostly unencrypted and therefore unsafe. Avoid entering personal data or passwords for important services such as online banking, etc. when you are using open WIFIs. It only takes minutes or even seconds to spy for or read your password in an unprotected network. Secure “virtual private networks” (VPNs) offer protection to move around the Internet safely.
Data leeches are out for your data
So-called data leeches spy on you and log all of your Internet activity. Whether you “google” a term, visit a website or place an online order: you always leave a trail from which a data leech can gain valuable information on you. For more privacy on the Internet, keep in mind:
Use alternatives to Google Search, such as DuckDuckGo
Switch to the incognito mode of your standard browser, use alternative web browsers such as Vivaldi, or use the Tor anonymity network with its “Tor browser”.
Regularly delete the cookies stored for your browser, preferably after each browser session. To do so, click this link for instructions (in German).