The Internet has brought us unprecedented convenience, but the risk of online attacks and identity theft we face has also increased. Every day, many individuals or organizations suffer cyber-attacks.
Each attack is a warning to the rest of us.
12 common mistakes:
- Reuse the same password
- Click on a link or open an attachment of an unknown source
- Sharing too much information on social media
- Two-step authentication (2FA) is not activated
- No antivirus or anti-malware protection
- Skip software update
- Click URL stats with HTTP instead of HTTPS
- Keep AirDrop and Bluetooth on
- Use public WiFi without a VPN
- No screen lock or password protection for your device
- Not encrypting the hard disk
- Use unencrypted communication methods
Reuse the same password
Though It seems convenient to use the same passwords for all your accounts, the practising makes it much easier for attackers to hack your data. Imagine, if a hacker cracked your one password, it would be enough to expose the data in all your accounts.
Therefore, every account you own should have a strong password. Given the difficulty of remembering dozens of complex passwords for everyone, we recommend that you use reputable encryption password managers.
Click on a link or open an attachment of an unknown source
Phishing is the most common and effective way for hackers to break into security. Phishing attacks often trick you into entering credentials or downloading malware onto your device.
If you receive a message from an unknown source asking you to click a link or download an attachment, double-check the URL and file. Sometimes, phishing emails can even come from people you know. If anything looks suspicious, please contact the person to confirm that they sent the email.
Sharing too much information on social media
Hackers can get a lot of information about you by simply checking your social media. They can use your valuable data to reset passwords, apply for credit cards, or create more persuasive phishing emails. The best option is to limit the information you share on social media. For example, set your Facebook profile as private.
Please think twice when posting the following information:
Your date of birth.
The place where you were born.
Names of your family members, such as your mother's maiden name.
Previous address or current address.
Education information (e.g. where did you go to university).
Daily life details.
Other information related to security verification questions.
If you publish this information publicly, hackers can use any of it to answer your security verification questions.
Two-step authentication (2FA) is not activated
Relaying on 2FA to send your SMS is not 100% secure. For example, Reddit got hacked in 2018 because of using the insecure 2FA sent through SMS.
One time password sharing through an authentication generator is the best way to protect your data. In the worst-case scenario where hackers know your password, two-factor authentication (2FA) can still prevent them from accessing your account. They need more than just your account ID and password to log into your account. They also need a one-time password usually generated by the authenticator on your phone. However, they cannot have access to your phone. If you have 2-step verification enabled, it is almost impossible for hackers to complete the attack.
No antivirus or anti-malware protection
Installing a reliable antivirus or anti-malware program on your device is one of the foundations to prevent online hacker attacks. Many programs can protect your device from ransomware, malicious URLs, and other threats. Some operating systems, such as Windows, come with free antivirus software called Windows Defender. You may consider installing this kind of software to protect your system.
Skip software update
It's easy to skip software updates because they don't seem that important. However, using outdated versions puts your private information at risk of cyber-attacks. It may result in your identity theft or loss of money and credit.
Software updates are important because they often contain critical patches for security holes.
Apple recommends Users keep their system and software up to date, as the best way to keep your Mac secure is to run the latest software. We recommend updating apps and systems as automatically as possible so you never miss an update.
Click URL stats with HTTP instead of HTTPS
It may seem like a small change, but the "S" at the end of the Hypertext Transfer Protocol (HTTP) can have a significant impact on your online security.
Hypertext Transfer Protocol Security (HTTPS) is an extension of Hypertext Transfer Protocol (HTTP) and is widely used for secure communication through computer networks. In HTTPS, the communication protocol uses Transport Layer Security (TLS) or the previous Secure Sockets Layer (SSL) for encryption. Therefore, this protocol is also called HTTP based on TLS or HTTP based on SSL.
HTTPS will encrypt and transmit your data more securely. But a site with HTTP can expose your data to anyone who monitors its traffic. So before clicking an URL, make sure it is a link that starts with HTTPS.
Keep AirDrop and Bluetooth on
Bluetooth vulnerabilities like BlueBorne can allow hackers to connect and control your device without detection. Even force it to send sensitive information. However, this is only possible if your Bluetooth connection remains open. Therefore, you should always turn off Bluetooth and AirDrop networks unless you actively share files or pair your device with other devices.
Use public WiFi without a VPN
Public WiFi networks usually are not safe, even if you know who runs the network. They lack proper protection protocols, leaving you vulnerable to man-in-the-middle attacks or WiFi sniffing.
Both MITM attacks and WiFi sniffing can provide hackers with a window to view your browsing history and let them read your keystrokes. To make matters worse, none of these attacks is particularly complicated. Consider using a VPN to protect your data if you want to add an extra security layer. om attackers.
No screen lock or password protection for your device
In order to protect your data, physical security is as essential as network security. If you always carry smartphones and laptops, potential intruders have many opportunities to touch them. Never leave your device unattended. And you should set a password for your device to ensure that attackers cannot install malware on your computer.
Not encrypting the hard disk
Setting a password on your device is excellent. However, if your device is lost or stolen, your data is still dangerous. That's why it is crucial to encrypt your hard disk. Device encryption and setting a password are not the same thing. Although both require a password, device encryption is a separate additional step that prevents anyone from accessing the data on your device without a password. Most Android and iOS devices have an encryption program pre-installed, and both Mac and Windows support it. So please always keep your hard disk encrypted.
Use unencrypted communication methods
Snowden's revelations show that most of our electronic communication methods are subject to large-scale surveillance, including phone calls, text messages, and emails. By using a communication service equipped with end-to-end encryption, such as Signal or Liverado, ensure that only the intended recipient can access your message.
These tips above are just some steps to reduce your online data exposure. None of these tips requires advanced knowledge of computers or programming, just a little discipline and attention to detail.
Of course, even if you implement all the protective measures we recommend here, we cannot guarantee that your data are 100% safe. Still, you will significantly increase attackers' difficulty accessing your data.