Application Security | Cyber Security | Data Security

Top 7 Security Tips for End Users

Welcome to Secumantra! In this post, we will understand some important security tips to protect ourselves and our families from being a victim of a potential online fraud.

Security awareness has become very important in modern world when most of us are connected to internet and are working from home due to current pandemic situation. So let’s look at some simple security measures everyone should be knowing.

1. Use Strong Passwords

We are accessing so many sites including social media, banking etc. using a username and a password. So password is a very critical piece of information and key to your personal data. You need to be very careful about the password and shall follow few guidelines.

  • Make sure you always use a strong password with proper length and complexity. Password guidelines are generally provided by the application owner. Yes longer passwords are a bit difficult to remember, but their complexity and length makes them strong enough for hackers to crack. 
  • Do not use passwords which are easy to guess for a hacker. Examples include like “test”, “test123”, “12345”, “password”, “[email protected]$$w0rd” etc.. Also do not forget to change default username and password which applies to many sites.
  • It is really bad idea to use the same password for all websites and/or devices. If the password is compromised once, it gives access to all sites where you used same password. So it is important to use different passwords, at least for the sensitive sites.
  • Be aware of password complexity checkers sites. Such utilities will tell you whether your password is strong enough with a numeric score. You are entering passwords to an unknown site and you don’t know what’s happening to the password. Is it a safe website? Is the transmitted as a clear text or is it encrypted? So it is better to stay away from such tools and websites.
  • Many applications and sites support two factor authentication today where you need to provide additional information like OTP sent to your mobile device. So it is always better for you to enable two-factor authentication for sensitive sites in terms of security.

2. Mobile Device Security

Most people have smartphones or some other mobile device like tablet. It is not just the number of users have increased but also the usage of internet and cloud services. Most of the time these devices are always connected to internet and other applications.

Mobile devices can store huge amounts of user data these days (like 64GB, 128GB) and compromising mobile device security can have many security threats like –

  • Steal confidential data
  • Expose personal photos or videos
  • Buy items from online shopping site like Amazon
  • Text or email (in a bad way) to your contacts

Having your smartphone in wrong hand is very bad thing and amount of impact can be really painful in case of compromise. So we need to follow basic preventibe measures –

  • Always set PIN or password for unlocking the device
  • Set self destruct mode if someone uses wrong password multiple times, e.g. factory reset and back to default set where no data available.
  • Set up remote wipe and device tracking capabilities which will help in case you lost it
  • Be sensitive to shoulder surfing, specially when you are entering pin or password
  • Do not leave your device unlocked
  • Be careful while giving permissions to a new app during installation, take a moment to think before you ‘accept’ all permissions blindly
  • Keep your mobile device operating system and apps up to date

3. Always use secure network connection

Always consider any network other than your home or work network as an insecure network. This applies particularly when you are travelling. Free Wi-Fi at airports and hotels is major target for attackers. Even though the data over your device is encrypted, it is not necessary that the connected network transfers the data in an encrypted format.

  • Avoid doing crucial transactions over a public network
  • Use cellular connection if available
  • Consider using appropriate VPN settings for unknown networks
  • Assume that your online activities are being

4. Don’t Use Pirated Software

Apart from the legal risk while using a pirated software for professional purpose, there exist a major security risk.

Hackers generally develop a crack for an application with some hidden intention behind. Even if you don’t need to purchase the software and save some money, cracked software come with some malware inside it. It may impact the performance of the system and corrupt or leak the important data on your system.

So always avoid using cracked or pirated software. Same is true for mobile apps, you should only install apps from trusted platforms like Google Play or App Store.

5. Prevent Systems from Malware

Today malware is spread primarily through email, IM and the browser. but it can be spread through shared media (e.g. USB flash drives)

There are different types of malware like viruses, spyware, ransomware etc. Virus typically has malicious intent like crashing your system whereas spyware typically allows your system to work normally but keeps spying your actions.

Ransomware is relatively new type and a big threat to organizations security. When it is installed on your machine all data is encrypted and becomes unusable. Typically you have pay money to the hacker if you want to decrypt your data.

What can we do prevent malware infection. Hers is the list of few best practices:

  • Avoid opening attachment from untrusted sources
  • Avoid visiting untrusted websites
  • Do not share share medias like USB flash drive if possible
  • Keep antivirus and all other software up to date
  • Be careful when installing apps, specially free ones

6. Be Human Firewall Against Social Engineering

Social engineering is a term refers to scamming or tricking people to get information out of them. It is about getting somebody from inside of an organization which acts as a starting point. It makes a hacker’s job lot easier if he could trick someone from within the organization using social engineering. Social engineering comes in many different forms.

  • Let’s imagine a phone call to an employee and caller claims to be from “tech support”. If he convinces that there is some technical problem in the account and asks for the password, lot of people surprisingly fall in this trap.
  • An email claiming from IT department requesting to run a script or asking for password. Email might contain a malicious link as well.
  • Hacker might pretend as a delivery person from some courier service and need to access the building. Once they get in they can do whatever they wan tot do

You need to be aware of common social engineering tactics, such as shoulder surfing, and what they can do to protect yourselves and your data.

It is really difficult to have a single solution because social engineering can come through many different ways. So you need to be little careful and act like a human firewall for your organization.

For example if somebody calls you claiming to be from IT and asks for your password, that is suspicious and you should be careful. If you get email and looks a little bit different, verify it before just following the instructions. You can involve IT person if you think you need help.

7. Be Aware of Phishing

Phishing is a type of attack where an email is sent to a lot of recipients. This email message contains some sort of mechanism designed to infect victim’s system and steal the information. It might be a malicious attachment like key logger which logs each key stroke and send it back to the hacker. It can be used to steal user data or login credentials.

There is going to be something thats going to try to trick the person to opening up the email message. The key is to send it to million people so that at least few of them clicks on it.

Spear phising attck is a targetted attck that focuses on specific company and only to key people.

Social engineering and phishing are still the most prevalent attacks used by hackers. Normal users and company employees need basic phishing awareness training to know what makes an email suspicious and what to do if one is received.

Summary

This is not a complete list of all security measures and we know there is no silver bullet as such! Security awareness and defense in depth is the key in today’s modern web world. What we have discussed today are the important security tips for a normal internet user which can save him/her from being a victim of some security incident or a financial fraud.

Thank you for reading! Stay Safe, Stay Secure!

Similar Posts