It it hard not to be baffled by the amount of cyber attacks that are happening day in and day out. When even nations are struggling to cope with attacks that are targeting innocent lives, it really has become necessary for us to fortify our regular computer usage. Macro level measures will never be able to cover the micro level completely. At such a moment, having a personal security framework is no less than necessary.
You are most vulnerable through what you don’t check
Have you lost a USB? Does it have anything sensitive? Is there any sensitive account you did not log into for a long time? Are there old unused applications on your phone? Were they still updated while you never checked?
Cyber criminals work using the non-obvious. We think they gain access and do everything immediately and very fast. Sometimes they don’t. They simply sit on the access and try to learn how sensitive it is. Afterwards they build the attack strategy. The actual attack usually happens all of a sudden when you least expect it. This makes us think it happened too fast. But in reality the attacks are sophisticated designs built using deep analysis over a long time.
Your unchanged passwords are already being cracked
Password cracking is getting easier day by day. Even a regular bruteforce approach can be executed in a matter of days against really strong passwords. To put this into perspective, you can think about Crypto Currency Mining. With the use of Graphics cards, people are solving complex math problems and gaining Crypto Currency. Bruteforcing your password only takes trying every single possible character. Using parallel execution and multiple processing units, it is becoming easier.
We also have access to powerful cloud computing. If a password is really that much valuable, somebody can use such services to make the process even faster.
There are also techniques for cracking passwords using Hashes. So MD5 isn’t a life saver. With the emergence of ChatGPT, there is no doubt there will be more sophisticated attack designs in near future.
Most deleted data is not deleted
In simple words, nothing is actually deleted unless you zero fill the storage. These days you should not casually give your USB storage devices to someone you know. I personally keep a separate drive that I share with people. I never copy my personal information on the drive. I ask people not to paste anything personal in the drive.
Additionally cloud storage solutions almost always have a recovery option. And if you share a folder with anyone, consider it public and take necessary measures. If the cloud service provider got hacked, consider your data gone public.
If you forget a password, it better be uncrackable
Or make sure you change the password right away. Passwords themselves are not safe. But they are here to stay until a more convenient yet reliable method is invented and widely used. If you forget a password, you probably do not use the account as much. It’s best to get rid of the account in the first place. But we all have accounts we rely on but never actually log into. For these cases, use caution to keep the the password simple but protect it using a second factor.
Do not handle sensitive information in hurry
If you are in a hurry, do not handle anything sensitive. It’s not always easy but make it a habit to have a second thought about whether you really want to handle what you are handling right now. Can it be done later? If so, be it.
There is alos risk that you might act lazy to get things done faster and expose your secret to a third party. It’s best to do it later, when you have time to be careful.
Conclusion
I have been following many such rules of my own while growing up experiencing increasing number of computer viruses. From the Chernobyl to the USB based infectors. I will keep sharing more ideas around personal cyber security as I gather more of these. Having a good practice of cyber security is essential with so many cyber crimes happening all around.