The web isn’t a safe place to be. One has to be really careful, even though it might apparently look fine. Everyday we hear stories about how some famous website got hacked, or someone losing their twitter account, and we wonder why this happens. Some of us have also been victims of hacking. And if we look closely, the question arises as to why it mostly happens to our friends, why is there a high frequency of hacked accounts and scammed people in Pakistan? It’s time to learn how to stay safe online, and how to avoid getting hacked, scammed, or having our privacy breached. This guide serves as a security and privacy 101 lesson; and while it may not cover everything, we’ll focus more on what YOU need to do, because let’s face it- there seems to be a lack of tech sense in Pakistan, and we want to promote it.
It isn’t as easy as it sounds. You might’ve heard the proverb “charity begins at home”. It’s pretty much applicable in this case as well. Online security begins offline, then you secure your online link, and finally work on improving your online presence. To put it in simpler words, there are 3 channels through which your online security can be compromised.
- Your computer
- Your connection to the internet
- The online service that you’re using
So let’s go through these items sequentially.
Securing your computer
Although we’re almost half way through 2014, most of us are still afraid of getting our computers infected with viruses and malware. Over time, the operating systems have become resistant to viruses, because of regular updates and patches. It’s really important to be up-to-date in terms of the OS that you’re running on your computer, whether it’s Windows or Mac OS X. That’s because there usually are some loopholes in the OS, which can be exploited by the ‘bad guys’ to get access to your computer. Regular updates ensure that these bugs and security flaws are patched and you’ve got maximum protection against viruses and malware, which might get into your computer via the internet, LAN, or even from an infected USB flash drive. So here’s a friendly reminder. Keep your operating system up to date, and use a good antivirus just to be safe. Oh and if you’re still running Windows XP, please switch to a newer OS, for God’s sake.
Having a good browser is also essential. We’re not against Internet Explorer, you’re totally free to use whatever browser you like. Browser-level security becomes an issue when you install third party add-ons/extensions. Always install extensions or add-ons that are trusted and reliable. Some extensions may be untrusted and can track your browsing online, or even get access to your online accounts. That’s pretty much what’s required to have a secure computer. However, if you’re on a public PC, or using someone’s else computer, you have to practice extra precaution. Avoid logging in to sensitive accounts, especially your bank account, on a computer that’s not yours. You never know what resides inside that computer- viruses, malware, keyloggers and what not. If you’re in the dire need of logging in on a public computer, try to enable private browsing mode on whatever browser you use. And if you’re an über geek, you might as well carry your OS with you, if you tend to use public computers a lot (yes, you can install Windows 8 or Ubuntu on a USB flash drive or an external hard drive). In short, make sure your computer is a safe and clean machine. And all of these precautions are also applicable to your mobile device as well, though mobile devices aren’t as prone to viruses and malware, but you should just be sure.
Your connection to the web
So you’ve secured your device. Now it’s time to ensure that your connection to the web is safe. When you’re connected to the internet, you’re sending and receiving data via a connection from your device to the internet. If your connection is weak, it is possible to intercept the communication, and it may include lots of information that you wouldn’t want to get leaked. The way to avoid this is to make sure you’re using secure browsing (look for the ‘https’ in the address bar), most social networking sites always support https, since that’s the secure protocol, all the data transfer (to and from the server) is secure and encrypted. Secondly, always ensure you’re connected to a protected Wi-Fi network. Oh sure, open networks which aren’t password protected sound really good in this age of recession, but trust me, they are a real threat to your privacy. You never know who set up an open Wi-Fi network intentionally in order to sniff people’s web traffic. There are exceptions though, like in case of cafés and restaurants. But in any other case, you should avoid connecting to an unknown Wi-Fi network. And if you have your own Wi-Fi network at home, that’s great- but be sure to have it password protected too (WPA2, ideally). That’s because of two reasons; one is that you don’t want anyone else (like your neighbors) to be using your Wi-Fi. But the other concern is more crucial, and that’s when someone can connect to your network and start sniffing your internet traffic. So the rule of thumb is, try to have your own Wi-Fi hotspot (like PTCL’s EVO or any other one) at hand, so that you don’t have to rely on other (untrusted) Wi-Fi networks.
This is perhaps the most crucial part of the whole experience, i.e. your online presence, and how you use the web in a way that’s safe and secure. Let’s also go through several parts of this one by one. Starting with your online presence and privacy. All of us use some kind of social networks (Facebook, Twitter, LinkedIn, and the list goes on). If you really want to stay safe, you should never reveal too much about yourself. Only the essential info, that you want the world to know. That’s what privacy is all about. Of course, you might expect the social networks to protect your privacy, but you might have heard of NSA (and we’d rather not explain what it is- just google it), they know it all. Once your information goes online, it stays there, and no matter you delete it, it’s going to be somewhere in the cloud. So the bottomline is, share only what you think is share-worthy. And who are you actually sharing with? It is seen that people sometimes add others as friends on facebook just because they liked their comment (or display picture, for that matter). Here’s a word of advice. Don’t add any stranger as a friend. It could be a suspicios person who might be spying on your activities by constant stalking, you never know.
Another very important factor is to use strong passwords on all your online accounts. It is always advised to use different passwords on each site, though you might have a hard time memorizing them all (but you can use something like LastPass to store them in a safe place). The reason behind using a different password for every different site is simple: if someone gets to know your password on one of the sites, they can try to access your other accounts using that password too. And in case you had the same password for every site, consider your accounts hacked. So using a strong, and unique password for every site is essential. A strong password should be a combination of upper & lowercase letters, numbers, and even symbols, for added strength. On top of that, you should use two-step verification on all accounts that support it. Two-step verification is simply a site’s way of determining that YOU are the one logging in, by sending you a verification code via text message, and you need to enter that code after entering your username and password. That’s to ensure that even if someone gets to know your username and password, they still have one blocking layer of security which they cannot bypass unless they get access to your phone as well. As of now, all major services like Facebook, twitter, and Google provide two-step verification, and while it may seem like a hassle, it actually is a life saver.
The other thing that most people fall for, are online scams. Just to remind you, there’s no way you can make $8012 per month just by working from home with a laptop. And anyone publicly boasting about such a job is clearly a scammer. Don’t fall for all the spam emails that you receive, because no Nigerian prince would die and leave $300,000 in your name. Also beware of impostors. You might receive an email that looks like it’s from Facebook, but always check the email address from where it is coming from. An official (yet unexpected) password reset email from Facebook wouldn’t be from a gmail or yahoo email address, right? It’s common sense! But even if you click some link in an email like this, you might be taken to a page that looks pretty much like the real site itself- except that it isn’t. it might be a fake login page where you might accidentally enter your real login details, and they’ll get sent to some hacker. Always be sure to keep an eye on the address bar to see if you’re on the appropriate site or not, and as explained earlier, look for an https connection while giving out passwords or other sensitive information.
Finally, be very careful while downloading anything from the internet. While most official downloads are safe (you may download a browser from the official site, or a trial version of a software), but let’s be honest; most (if not all) of us download pirated TV shows, movies, and software, and that’s because there are no particularly effective anti-piracy laws in our country. Downloading pirated or cracked software isn’t always safe (not considering the legal or ethical aspect of it). Who knows it might be infected with a virus, malware, keylogger, or anything that might get into your computer and take over all your stuff (it happens, really). It is always better to be safe than sorry, and the best way is to avoid downloading from torrents. A friendly message from our side: Buy software and support the developers :)
So that brings us to the end of this brief guide. Yes, there’s still a lot more to be covered, but this guide served as a security 101 lesson for the tech users of Pakistan who haven’t figured out how crucial it is to stay safe online. Keep looking forward to another similar guide focused on keeping our kids safe online, because it’s the age when kids don’t play with lego bricks- they rather build castles in minecraft. Stay tuned, and stay safe.