We're blissfully ignorant of how we put ourselves at risk online.
- According to the 2019 Official Annual Cybercrime Report, businesses fall for ransomware attacks every 14 seconds.
- Many people ignore standard security practices that significantly reduce their chances of being attacked, such as disabling their computer's microphone and camera.
- Establishing better cyber security practices is a matter of unlearning bad habits, and creating better ones.
The sheer number of massive data breaches and known security vulnerabilities online today should be enough to scare us into better data safety practices. However, though these issues seem to consistently elicit gasps and condemnations by talking heads and private users, little else is done. It's not about turning office and personal computers into Fort Knox, really, it's about using common sense and exercising caution.
According to the 2019 Official Annual Cybercrime Report, businesses fall for ransomware attacks every 14 seconds. Cybercrime is also on the rise, with some estimates putting the cost of online crimes at roughly $6 trillion by 2021. In this increasingly risky landscape, it makes sense to invest heavily in antivirus, anti-malware, and overall protection tools. However, these applications can only take you so far.
At some point, the problem isn't that hackers are too smart for us, but that we, in a false sense of security, believe we can let our guard down, which leads us to ignore standard security practices that significantly reduce chances of our being attacked. Here are some no-brainer security steps that we constantly overlook but should start keeping in mind.
Browsing the web via VPN
While it may seem like an endless amusement park with everything you've ever wanted to find, the internet is a much darker than we'd like to imagine. Although it is undoubtedly a great tool and has significantly enhanced quality of life the world over, the internet also means our personal data is now exposed every time we browse the web or open an application online. Often, sites and bodies we see as the "safest" are often themselves invaders of our privacy such as internet service providers, governments, and giant tech companies.
Connecting to an unknown network can be dangerous — something nearly 92 percent of those who use public WiFi networks ignore. Undeniably, many have started to limit their activity online as their concerns about privacy (rightfully) grow. Yet, many people still happily browse the web without a care and continue to leave trails of data everywhere, creating noteworthy problems when their information is scanned and compromised.
According to Harold Li, Vice President at ExpressVPN: "In an era when we conduct the most crucial and sensitive parts of our lives online, a VPN is a critical tool for protecting both digital privacy and security. They increase your anonymity online, shield your online activity from monitoring by ISPs and governments, and defend your data from hackers on shared networks such as public Wi-Fi." Even so, most of us continue to neglect VPNs. In fact, according to VPN Mentor, only 5 percent of internet users in the U.S. have a VPN.
Protecting Google docs
As we become increasingly reliant on the cloud, one of the first things we've migrated is our ability to do work. McAfee's 2019 Cloud Adoption and Risk Report found that for the past six years running, the "file sharing and collaboration services" category — services such as Google Docs — has been the leading driver of cloud use in business, accounting for nearly 21 percent of services in use at the average company.
According to the study, today, some 83 percent of organizations store sensitive data in the cloud, and about 8 percent of all cloud-shared documents include sensitive information. Moreover, we're sharing these files more than we used to, with significant year-over-year rises in documents set for open access to "anyone with a link."
This is problematic for two reasons. On one hand, the ease with which we can share documents increases the likelihood that they will be intercepted. On the other, as user bases stratify around services they use, SaaS platforms gain access to sensitive corporate assets unbeknownst to even the IT team. This is what's known as "shadow IT."
In remarks to Techopedia, Uri Haramati, the CEO of SaaS management platform company Torii , noted that "Considering the rampant threat of cyberattacks, security risks are definitely something companies have to be wary of."
On the other hand, "The fact that they are trying out new tools, means that they want to be better at their work," according to Haramati. "Why should management dampen such a positive attitude? Instead, leaders should value their employees' drive to be better and find out how their existing processes can be improved upon."
Disabling your microphone and camera
Recently, video conferencing service Zoom was revealed to have major flaws that allow hackers to theoretically take over unsuspecting users' webcams with a single URL. This may seem like a less threatening incident than having data stolen, but it can be just as damaging. A malicious third party with unfettered access to your webcam can discern much about your personal habits and can potentially witness and record damaging or embarrassing situations. In the U.K., for instance, there have been recorded incidents of hackers capturing these moments and threatening to upload them to social media unless a ransom is paid.
The problem is similar with microphones, which can be used to track your communications even when your devices are "off." Most A.I.-based assistants today, for instance (such as Siri, Alexa, and Google Home) are constantly listening, and companies have people on the other side listening to these recordings, as was discovered recently with Siri. Simply turning off your microphone manually can give you significant protection.
Using Encrypted Communications
It may sound straight out of a James Bond movie, but encryption is quickly becoming one of the most important technology fields in our digitized world. Even with a VPN and robust protection, it's still not impossible for someone to access our communications while they're in transit between us and the recipients. In fact, as our messaging applications expand in number and importance, governments, law enforcement and nefarious actors' interest in them is rising.
Many services do offer powerful encryption tools and features, but people often remain on the most popular chat apps because of convenience and familiarity. Facebook Messenger remains one of the most popular tools (despite belonging to a decidedly anti-privacy corporation), while Chinese apps like WeChat and Tencent's QQ Mobile are also main players despite the fact that they're both heavily monitored by the Chinese Government.
Facebook's Messenger, for instance, only offers optional end-to-end encryption (even though WhatsApp, which Facebook also owns, provides E2E by default). This doesn't even account for emails, which remain the most popular online communication method. Even when sending sensitive data, we're more than happy to send it via Gmail or Yahoo! and completely ignore the fact that there is little we can do once those emails leave our inboxes to protect the information we've shared.
Establishing better cyber security practices doesn't require a computer science degree and a military budget. What it needs is attention to detail, unlearning bad habits, and creating new ones. As the number of vectors available to hackers, scammers, data miners and governments continue to expand, it won't be big things that cause breaches, but rather something as small as leaving a webcam on, forgetting a password, or sending a compromising email without considering who may view it.