Unfortunately or not the main activity of the spring of 2020 is the quarantine. In quarantine (who can do it) rests, relaxes, tries things he has never done before. Whoever can do it, works from home or is just on leave. Not like hackers, who may undertake smaller or larger “projects” with unprecedented momentum. I just read the other day that the IT system of the Stadler Group had been attacked (https://www.globalrailwayreview.com/news/100586/cyber-attack-stadler/ ) or think a few weeks earlier a similar thing happened at an Israeli waterworks ( https://www.dw.com/en/israel-thwarted-attack-on-water-systems-cyber-chief/a-53596796 ) or the spread of the global ransomware spreading in 2017-18 was of similar also ( https://www.theguardian.com/technology/2017/may/12/global-cyber-attack-ransomware-nsa-uk-nhs ).
Various attacks and unauthorized data acquisitions are causing more and more serious damage, with a total of $ 3.5 billion in losses to various companies in the U.S. last year, according to a recently released figure. The virus situation is likely to worsen the situation, as working at home is becoming more common and the potential for cybercrime is even greater.
What can we do to prevent it? What can we do to avoid becoming a victim?
Some experts therefore argue that a “zero trust” approach is worthwhile for companies where security is particularly important. The most effective defense possible is to assume that anyone who has access to the corporate system can harm. Therefore, in all cases, some form of identification must be applied to all users and devices that want to access corporate resources, whether inside or outside the infrastructure (e.g., telecommuting, another site, etc.). It is a principle that everyone has access to only the data and resources they really need for their daily work.
Obviously, this is a bit strong this way, but when it comes to particularly important data, there’s no bigger problem if the data is lost.
Many people rightly think that the target of these attacks is the big company, a famous person, a public institution, BUT not because anyone can become a victim, even the everyday person who only reads the usual news sites or reads their emails.
So let’s see what threats we may face and what we can do about them.
1. Protection of our network
I’ve written before about the ways we can connect to the internet, so I wouldn’t go into the details now. Each of the routers provided by the service providers (or purchased at the store) has a firewall, which is turned on by default. If we keep it on, the unauthorized, unauthorized persons will not be able to access our connected devices from the Internet. If you also use Wi-Fi, be password-protected and, if possible, don’t enter a simple password (e.g. ‘password’, 12345, etc). A good password can be eg Gezanet.98857
There are several solutions for securing corporate networks at a higher level, preventing / monitoring external intrusions, isolating subnets, etc., which I would not discuss here now.
2. Protection of our devices and data
You can install an antivirus on your computers, which will help prevent the downloading and running of infected files – as the firewall of the router does not protect against these. There are routers that also have built-in virus protection on their firewalls, but these are more designed for enterprise users and the goods are significantly higher than those for home devices.
There are countless antivirus programs available while browsing the internet, one test will bring one and the other will test the other as the winner based on their characteristics. Obviously, it’s everyone’s individual decision what feature, look, function they prefer, but the point is to use something – and keep it updated, because it guarantees that you can fight new threats effectively.
Passwords for online accounts, email, cloud service (iCloud, OneDrive, etc.) should be enough long and complicated, so please avoid the 123456, abcdef and the similar ones. It must be at least 8 characters long and include uppercase and lowercase letters (can be also a dot or hyphen). It is important, of course, not to forget after typing 🙂 Any loved ones, little favorites, any passwords about your favorite team may be appropriate if they are long enough.
If possible, do not connect your own flash drive or external hard drive to a public computer unless you are sure that the workstation is adequately protected. If possible, download programs only from trusted and reputable sites (e.g. Cnet). In the case of illegal, hacked programs, there is a chance that the hacking program contains a virus or other malicious code.
If you have a laptop and are often travelling with your device (and anyway), it is recommended that you set up password protection. You can request this either after you turn it on or when the operating system starts. Whichever one we can configure, it helps prevent unauthorized use.
There are also many ways to prevent unauthorized use on mobile phones and tablets. Depending on the type of device, biometric (face or fingerprint based) authentication may be required for unlocking, but setting a 4 to 8-digit PIN or passcode provides adequate protection if, for example, you leave the device. When you start using your mobile, you usually need to create a personal account (with an email address) that allows you to track your device or perform various actions in the event of a loss, such as deleting data, making an emergency call, and so on.
3. Preventing phishing
I intentionally did not use the word “protection”, as there is no real protection against phishing. But what is phishing. Surely everyone has heard of a case (on TV, in an article, possibly from acquaintances) that they wanted to order something, gave their credit card details, but later they did not receive the product and even additional amounts were deducted from their account.
For example, they offer a high-end mobile phone for a little bucks, because you have just been selected in an online lottery or one of the utility providers is asking for a data reconciliation and asking for our bank card details.
Telekom’s website draws attention to a recently spread fraudulent website and its detection: https://www.telekom.hu/rolunk/telekom_vilaga/biztonsagi_tartalmak/csalas/adathalaszat
In any case, let’s be suspicious, different service providers don’t ask (and can’t ask!) For credit card information. You can shop in the well-known webshops (eMag, Extreme Digital, Notino, etc.) and even if you want to pay by credit card after the purchase, you can do so in these places, as they have a contract with a bank or payment service provider (eg Simple, Barion, etc.). To further enhance the security of online payment, the bank sends a code via SMS (to the phone number provided by the customer) to complete such transactions, which must be entered on the site. On that site: https://www.paymentgateway.hu/fizetesi-megoldasok/ reliable payment providers can be found. Of course, it may be that the given method is not listed here yet, but the webshop refers to it, in which case we search for it on the Internet, read on a forum to see if it really exists.
You may receive an invitation to the prize by e-mail or telephone on behalf of a certain organization or company, but in order to receive the prize, you must prove yourself by providing personal details or credit card details. Don’t do it! Check the company’s website to see if there really is such a promotion. If we specifically remember that we actually submitted a code or block in connection with a prize announcement, we will verify that the person is actually looking for the organization that organized the promotion. In this case, we do not disclose our personal data by phone.
For example, if you received a message that appears to be a prize notification from email@example.com (just an address I guessed), check the Sport chocolate’s page to see if there is a sweepstakes or to call customer service.
Do not open a misleading or suspicious website. Let’s see the following example:
before clicking, if you move the mouse cursor over the text marked with a blue arrow, the text of the link will appear in the status bar of the browser, which we will get to after clicking (indicated by a green arrow). The crop is from the New York Times, the article would apparently take you to another page in the newspaper, so we can trust it. For example, if you see https://ad09889xxx.lompekrer.biz/lle/hlkkkm.html there, don’t click on it because it would take you to an unknown page that has nothing to do with the page you’re currently on. Obviously, it is not always necessary to pay attention to which page takes you to which page, because such links are not placed on the largest and / or well-known (news) pages. We need to be on the lookout when we visit places we haven’t been to before.
Wherever you roam the internet, stay safe, be suspicious and cautious!