Online security is a constant concern to many companies that collect, manage information, and the people who do so, the safeguard of such details is of utmost importance during the booming age of technology. The handling of personal information requires careful cooperations between parties, which makes the fundamental aspects of data privacy and security, lest our PII (personal identifiable information) falls into the wrong hands and leave serious consequences, e.g., stolen credit card credentials, loss of confidential documents, data misused for criminal activities,…
1. Understanding online security?
Online security, or Internet security, “is a branch of computer security specifically related to not only Internet, often involving browser security and the World Wide Web, but also network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet.The Internet represents an insecure channel for exchanging information, which leads to a high risk of intrusion or fraud, such as phishing, online viruses, trojans, worms and more. Many methods are used to protect the transfer of data, including encryption and from-the-ground-up engineering. The current focus is on prevention as much as on real time protection against well known and new threats” – Wikipedia
Needless to say how serious online security is taken to by individuals and technology experts. While most websites and platforms do what’s best to keep our information safe from unauthorized access, the internet’s linked and accessible nature means that no security system can be completely protected.
So it has become everyone’s responsibility to keep not only theirs, but their involving organization’s data secure and confidential. In 2020 only, European companies have invested millions of U.S dollars to improve their cyber security system.
2. Data privacy and security
There are two notable terms when addressing aspects of online security, they are data privacy and security, though can be seen interchangeable to each other, these are two different things.
As the title suggested, data security concerns securing sensitive data, preventing unauthorized access or online breaches from external sources, while data privacy ensures that only the information provided by customers to a company is used for its sole intended purpose. Data privacy also dictates individuals’ rights to have control over how their personal information is stored and used, so it’s more about the responsibility to handle data following a set of agreed terms between two or more parties, which is different from the threat prevention that makes data security.
3. Social engineering in cybersecurity
In terms of information security, social engineering is the manipulation of others into disclosing their private data. Attackers will take advantage of loosely managed websites or breaches in online systems. Attack methods are indeed many, yet some common examples of social engineering, or also known as “phishing,” are email phishing, link manipulation, the use of fake websites, malware/malvertising implementation, tech support requests and session hijacking.
3.1. Email phishing
This is one of the most common phishing methods on the internet. They are usually designed to look similar to a trusted source, usually well-known names like Google or Microsoft. Subtle changes to the sender’s URL are made to trick the victims into giving out their data, thinking it’s a legitimate business process.
3.2. Link manipulation/Fake websites
When contacted by a phishing email, users can find attached links to what seems to be the trusted brand’s website, however these are fake sites that can usually be noticed by the difference in the URL or domain, compared to the originals. Here they will be asked to put in their passwords, credit card information, along with other important credentials. These sites are designed to fetch whatever users submitted, hence the violation of privacy.
Each interaction on an unknown website or unverified program can leave room for a malware attack. Hackers have been known to put malwares in pirated/cracked contents online, upon installation, they will infiltrate the computer system and lock people out of their important data, which can only be unlocked by paying the attacker an amount of ransom. Similarly, malvertising uses online pop-ups, ads containing a valid-looking link that would install malware on computers.
3.4. Tech support scam
Scammers might call you on the phone directly and pretend to be a tech company’s support advocate. They can also spoof the caller ID so that a valid help phone number from a trusted company is shown, then ask for permission to install apps that give computers remote access to them, misinterpret normal machine messages as risks by using remote access. The process of stealing personal information takes place during this part.
In other cases, scammers can initiate contact by displaying fake error messages on some websites along with a support number to entice users, seemingly making the pop-ups not going away. When contacting them, your other info will be asked for their phishing purposes.
3.5. Session hijacking
An advanced and direct cyber attack method with which hackers can gain access to a company web server and steal confidential data which is stored there.
3.6. Importance of online security
In 2019, over 32,000 cyber security incidents were reported worldwide, moreover, one of the largest data leaks as of January 2020 was the early 2018 security breach of India’s national ID database Aadhaar, with over 1.1 billion records lost. On average, the cost of a single data breach across all industries worldwide stood at nearly 4 million U.S. dollars. This was found to be most costly in the healthcare sector that so many people rely on everyday, with each leak reported to have cost the affected party a hefty 7.13 million U.S. dollars.
Along with the advent of the internet, online attack methods have evolved over the years and become more intricate. Without proper means to protect private data, anyone can be prone to cyber/social engineering attacks, which cause considerable damage to businesses’ reputation and revenue loss worldwide each year. It’s imperative that each individual is equipped with the knowledge to protect their info while going online.
4. How to increase online security
4.1. Use strong passwords
Strong passwords prevent the chance of your secret passwords being found out by unknown hackers. An example of this type of passwords is one set with both uppercase and lowercase letters, then added up by extra numbers or special characters like “*”, “#”.
4.2. Be mindful of suspicious emails
Emails are an ideal place for phishing mails to be set up, whenever receiving new notifications, we need to check some of the basic info such as the sender’s address and their inquiries to see if sensitive data is being asked on an insecure/suspicious platform. Phishing emails are usually written in a welcoming manner in forms of ads, a certain special prize notice followed by links to fill out confirmation details. That is how many people have been tricked into giving away their data.
4.3. Don’t disclose private information
As dictated by the EU’s General Data Protection Regulation (GDPR) and global organizations’ security policies, all personal information is to be handled with utmost consideration, followed by official statements that can only be given out in specific circumstances. In layman’s term, nowadays, business has been following some principles in protecting users’ info, notably Purpose Limitation, Data Minimisation and Storage Limitation, so personal information won’t be asked out in the open, especially passwords or credit card number, without a secure communication channel and proof for all presenting personnel. If you’re approached by a request for private info via email or phone call, it could be a cyber attack that can be prevented by simply ignoring, or checking your digital footprints if possible, in case any data breach put you in the aim of cyber criminals.
4.4. Check for website legitimacy
Hackers can design websites that trick people into typing their passwords or any type of information. Once done so, the details will be “logged” and sent directly to the perpetrators. What can be done is check for any slight differences in the URL, UI, content distribution format to determine if the website is a fake. In more complex cases, they can even go as far as setting up sites that look almost like our everyday Amazon or Google sign in portals.
4.5. Only install programs verified by trusted sources
On one hand, using unverified programs taken from the internet can pave ways for pre-installed trojans, malwares into our computer to steal the data. On the other hand, trusted built-in or verified antivirus features like Windows Defender, Kaspersky are recommended to help take security levels up a notch.
4.6. Don’t use public storages for private information
Public storage can be shared in some cases, also constantly saved online, so it’s not a really good idea to have our info backed by a public cloud-based server, lest any security incident happens to the service provider and expose sensitive details of millions of users. Throughout the years, many companies, even big names like Ebay, LinkedIn had been put to challenge by cyber attacks like this.
4.7. Stay private on public networks
In many cases, a public network like wifi is not set up with proper security configurations like those of a corporate, office, home environment to service the needs of many people at once. If a hacker can find their way into this network, all data transmitted via it will be visible and put others at risk of losing their personal information.
4.8. Use two-step verification for login credentials
Two-step verification is a neat feature that almost any application has. When logging into an account, it requires the direct authentication from one’s own device like a phone for most cases, so as long as you keep that phone at your side all the time, no one is able to request password changes or access accounts and data from afar.
4.9. Review permissions for mobile apps and browser extensions
Mobile apps and browser extensions sometimes have the ability to collect user’s info to improve experience, their permissions should be checked frequently to make sure that the process is not intrusive and can pose risks to one’s data if a breach incident happens.
4.10 Check social privacy settings
In the modern age, it is all too easy for hackers to get a hold of our personal information, it is from this compromise that they can take over our online profiles. So it’s best that information is received by just the right number of people we know. As photos and contents uploaded to the social media platform are not always secure. Known platforms like Facebook, Instagram or Twitter all have their own settings tab where users can choose what to share, how to target audiences, etc.
The internet has shaped the world we’re living in today, it brings friends together, connects nationalities, families from all around the globe, it keeps children educated online, helps adults secure their jobs while working from home amidst the sweep of COVID-19 pandemic . However, the rapid digitalization has its own dark sides, everyone’s data is always the target of cyber crimes due to its ever increasing exchanging value, by keeping safety protocols and tips in mind, the threat list is shortened and people would have more time to focus on their online priorities.