Paranoid or Cautious? Protect Your Data Like Everyone’s Watching (Cause They Might Be)
A case for a paranoid approach to cyber security + 8 measures you can try for yourself
Most of my friends think I’m paranoid because of my security measures.
They mock the fact that I put tape over my laptop’s webcam.
They don’t understand why they should start using two-factor authentication for logging into their online accounts (or never even heard of it).
They are willingly sharing tons of information on their social networks profiles, while I never post anything personal. No check-ins, no real time photos, no photos from where I live or work, no high school memories, no bragging about concert tickets, not even a single like to a political or religious post. Nothing that might give away too much information about me or that someone could use to connect the dots and somehow endanger me (in the near future or over the years).
In the past, many cyber security measures were considered to be paranoid. With the passing of time, their reputation evolved and they became part of the good practices.
My reasons to change my mindset about security measures? To be honest, I’ve had my share of bad experiences in the past.
I’ve had a vengeful ex-employee who hacked my personal and work online accounts, including my website, and caused lots of damage.
I know people that could have jumped into fire for their friends, they entrusted them with their passwords and access to their online accounts, only to later discover they weren’t who they thought they were. All that trust eventually turned against them.
My parents would have been financial fraud victims in multiple occasions, if it weren’t for the security measures they asked their bank to enable. The same security measures that I’ve seen others blame and consider to be inconvenient.
But where exactly do you draw the line between convenience, precaution and paranoia?
Let’s have a look at some of the measures that might be considered paranoid by some for now, and the reasons that lie behind them. Who knows – in the next couple of years, they might become the norm.
1. Put tape over your laptop’s webcam
Don’t you ever freak out over the thought that someone might surreptitiously activate your laptop or smartphone camera and record you? ‘Cause I do. All the time.
I don’t remember exactly how or when this paranoia grew inside me. What I do know is that I “fixed” it by sticking tape over my laptop’s webcam. I also try to keep my phone all the time with its camera on the table, so there would nothing “interesting” to see. And I never talk important stuff with any digital device in the room.
While researching it, I found out that my paranoia is perfectly entitled.
For example, a student sued his high school in 2009 for spying on him. They were remotely activating the webcam and taking photos through the very laptops they provided their students.
In 2013, Miss Teen USA was photographed without her knowledge by an ex high school colleague who infected her PC with spyware. The victim fought back and the man was sent to jail.
And then there were the Snowden revelations that let the public learn that the government agencies can turn on your laptop’s or smartphone’s camera or microphone.
I’m sure there are many people out there who aren’t aware of the fact that somebody could be watching them. Putting tape over the webcams is just a small way to fight against surveillance.
2. Never check in on social networks
That includes no posting of flight tickets and holiday pics (at least not while you’re still away from home).
Something so common and apparently innocent can turn into a nightmare. There were plenty of cases of people who checked-in from their holidays, bragged about the wonderful places they’re visiting, only to come back home and find out that their house became the target of burglars.
That’s because you never know who else can benefit from the information you are sharing. You can never fully control and restrict who’s watching your social networks posts. Even though you are careful with your security settings, you have no idea how those posts are shared, where they could end up or who else can breach one of your friends’ accounts.
And since we’re talking about leaving for holidays: no chit-chat with the cab driver on the way to the airport either. Don’t let them know where you’re going, how long you’re staying, if there is nobody left to guard the home or what smart home system you recently installed. There’ve been cases where they gave away information to burglars and had their share after the job was done.
Better safe than sorry, don’t you think?
3. No pics of your kids on social networks
Parents should stop posting photos of their kids on the social networks.
First of all, think about when those kids will grow up and their whole lives will be available publicly, will be there to use against them, to shame them. This is most likely to happen among teenagers, a time when kids are extremely harsh with each other. Let them choose if they want those pics to be available online or not.
“Parents often intrude on a child’s digital identity, not because they are malicious, but because they haven’t considered the potential reach and the longevity of the digital information that they’re sharing.”
Second, you never know where those pics will end up. There’ve been cases of private Facebook groups where people were sharing other people’s kids pics and making fun of them.
Or, even worse: pedophiles who were posting photos of children. Imagine what could happen if a pedophile would put together all the information you are willingly sharing on your social network: the area where you live, your kid’s school, the park where your kid plays, etc. Gives you the chills, right?
4. No clicking on that short link
Beware of short links that you never requested and you don’t know where they lead. Don’t click on them, as you can’t know if they are safe or lead you to a possible infection with malware.
The same advice goes for attachments. If you know who sent it to you and you were expecting it, then go ahead and open it. Otherwise, steer clear from it, as it can harm your system, no matter how innocent it might seem.
5. Use separate email accounts, with different purposes
Most people have and use only one email account that fits all their personal needs (and sometimes even work).
You should have a completely separate email account for subscribing to newsletters and shopping deals, for creating online accounts, and different email accounts for work and for personal conversations.
It might be a hassle at first, to create and manage all those email accounts, but it’s worth it. This way, you’ll reduce the chances to receive spam (or worse, phishing and / or malware) on your important email accounts.
6. Set different passwords for different accounts
While this is one of the easiest security measures that people can take in order to prevent their accounts to be breached, it’s also one of the most ignored.
Think of it this way: if one of your accounts is hacked, it doesn’t matter how that happened. It can happen in multiple ways: it could either be your fault, the website’s fault, your system’s fault, a friend of yours fault, etc.
What it matters is that you do anything to control the damages. And that would be impossible if you set the same password for all accounts – then the attacker would have access to all your accounts.
Just as you don’t have the same key for your house and your car, the same way you shouldn’t recycle any passwords. We know we’ve been saying this a lot, but it’s only because there’s a huge gap between what people should be doing to protect their data and what they are actually doing.
7. Data backup. Multiple data backups. Three, at least.
A lot of people understand the importance of backup, but few actually take their time to do it (or automatize it, as it doesn’t have to be taken care of “manually”). It’s only after they lose something important that they take action.
Think about all the devices you have and the data stored on them. Or the online accounts that you use – for work, for social reasons, for fun, for shopping.
What would happen if that data was damaged or lost? What if you ended up with a ransomware infection and your data encrypted?
Take your time and do data backups. Not just one, but multiple backups, in multiple locations. Here’s how.
8. Use AdBlock + disable Java and Flash
The debate on adblockers usually revolves around the same two arguments. The first is how the advertising business failed us, delivering ads that are more and more intrusive (and inefficient). On the other hand, there are the collateral victims: independent and legit content creators, that don’t have any other sources of income and ads were their only way to sustain their business.
I’m not going to explore those two perspectives, as they have already been widely discussed in the media. I want to bring into subject another problem that most people ignore, even though it’s a real threat: malvertising.
A cyber attacker can exploit all the vulnerabilities from websites, browser plugins and outdated software, in order to serve you ransomware. Like it happened these past days, with a massive Angler malvertising campaign that was served on major websites, such as BBC, MSN, AOL, The New York Times and others.
The solution? A combination of ad block software with disabled Java and Flash Player plugins. And a free tool (like Heimdal Free) that can monitor and silently update your vulnerable apps.
Until something bad happens to them or someone close to them, most people don’t take any kind of cyber security precautions. They don’t consider their data to be valuable and don’t imagine that anybody would take their time to try to hack them. However, nowadays most of the attacks are automated, so it doesn’t even have to be personal.
Also keep in mind that you shouldn’t rely solely on an antivirus for your protection. It’s not bulletproof! You may have one of the best antivirus softwares – it won’t keep you safe from all the harms that are in the cyber world.
And always remind yourself of this: Every move you make, every step you take, you are leaving a digital trace. And someone might be watching.