Today we would like to present another 10 tips to increase your Internet security. This is the second article in this series, where we will explain in detail what good practices are online, how to avoid being scammed, and how to maximize your security. First part you can find here. We encourage you to share this article with your technical and non-technical friends!
11. Do not use free VPNs.
Remember that there are no free services, and if there is one, it means that they are making money from something you don't see. In the case of VPN services, this could be the sale of your data to advertisers, so they can offer you the right product on your social media. A worse scenario may be becoming an exit node, which means that the VPN provider routes traffic of unknown origin through your computer. If the routed activities are illegal, the authorities will see your IP address at the exit, which may result in a visit from law enforcement to your home and legal problems.
12. The green padlock does not mean you are safe. It only means that the connection between you and the service is encrypted.
If someone sends you a fake website, it may have a correctly installed (matching the fake domain), free certificate from Let's Encrypt. It confirms that the identity of the website is correct, although the user may not notice that the domain differs by one letter in the link (mbank.com vs nbank.com). To verify whether a particular domain is incorrect, click on the green padlock and analyze the certificate. If you are unsure about the site, you can always ask your IT friend for an opinion.
13. Set DNS to force the use of TLS encryption via DoH, DoT or DoQ.
Using TLS in DNS prevents DNS attacks by encrypting queries and responses, making it impossible for attackers to intercept and modify DNS traffic. Because DOH traffic is encrypted and authenticated, attackers cannot inject fake DNS information into the DNS resolver cache or modify DNS response data during transmission. DOH can be enforced, for example, from your Internet browser settings.
14. Regularly update your software.
Produced software is not free of errors and may have vulnerabilities that can be exploited by cybercriminals. These vulnerabilities can be easily fixed with software updates released by the developers of these applications to improve security, performance, and add new features.
Regularly updating your software helps to ensure protection against threats. Cybercriminals are always looking for ways to exploit software vulnerabilities, and outdated software leaves us vulnerable to attacks. Updating software is a simple way to protect against cyber threats and maintain the security of our data.
15. Do not use illegal software.
For computer users, it is crucial to understand that using illegal software can expose you to cyber threats. Illegal software is often modified and distributed by unauthorized sources, which can introduce deliberate vulnerabilities or unwanted functionalities that can be exploited by cybercriminals. For example, illegal software may contain hidden malware that can steal your personal data or expose you to criminal liability for using your computer as a proxy for illegal activities on the internet.
16. Limit clicking on suspicious links sent to you by other people.
It is worth noting that in today's world, simply clicking on a link on an updated, modern system with an updated browser is 99.9% unlikely to compromise your computer. Such attacks do occur, but they are used on a very small scale, for example, by special services. They are expensive, so if you are the CEO of a multimillion-dollar business or a politician, your competitors may be able to carry out such an attack. However, if you are an ordinary Internet user, you are likely safe even if you click on a suspicious link. It is worth noting, however, that while clicking on a link itself is not dangerous, installing software downloaded in this way can compromise your system.
17. Be aware of the threat posed by email attachments.
Be aware of the threat posed by email attachments - doc, docx, pdf, exe - as they may contain viruses or malware. These file extensions - doc, docx, pdf, and exe - are common file formats that can be used to transmit viruses or malware. To protect yourself, it is important to only open attachments from trusted sources and scan them with antivirus software before opening them, or with Windows Defender if you have any doubts. It is also worth forwarding such an email to a trusted IT specialist who can verify the authenticity of the message. In such cases, look at the consistency of the email header fields, the content, and whether there are any links or redirects to other sites, as well as attachments.
18. Word or Excel files (doc, docx, xls) may contain malicious macros that infect your computer.
Word or Excel program files (doc, docx, xls) may contain malicious macros that can infect your computer. When opening such a file, you may be asked to enable macros, which are programs that automate tasks in the document. Malicious users can embed harmful macros in these files that can infect your computer with malware after being enabled. Ask if macros are used for anything in your company and if not, never accept this option when opening a Word/Excel file.
19. Use popular email providers like Gmail or Protonmail.
Big players have more resources for additional email security mechanisms, as well as anti-spam filters. They work more precisely and in multiple stages, making it so that most suspicious messages never even reach your inbox. Gmail also caters its offerings to businesses, so it's worth checking out.
20. Be aware of the risks associated with SMS messages.
There are several security issues related to SMS, due to the fact that the protocols used to handle them were implemented a long time ago.
Firstly, SMS messages are transmitted through cellular networks and can be intercepted or even modified by attackers using specialized equipment. This can allow passwords to be retrieved from messages or conversations to be recorded. If you're interested in the topic, you can search for the term "LTE 2/3G downgrade attack" - this is a type of man-in-the-middle attack.
Secondly, there is the possibility of SMS spoofing, which involves sending a text message with a false or misleading sender ID, such as InPost or yourBank. Such a message, due to the forged sender ID, will be attached to your conversation with your bank/package provider in your smartphone. This can be used to trick users into revealing personal information or even fraudulently extorting money while masquerading as a trusted brand.
Regarding SMS, we recommend this presentation from the NDC conference:
- Link to the presentation: https://www.youtube.com/watch?v=DEeOFE_DreU