In March the PEW Research Center published a quiz given to over 1,000 adults about cyber security issues. Only 1 percent of the adults understood every issue and answered each question correctly. Less than half of the people give the quiz were able to answer even six out of the 13 questions correctly.
Cyber security expert and former government cyber security consultant Shaun Murphy, CEO of sndr.com, put together the following list of security topics every adult needs to learn about and understand this year to protect their digital privacy and security.
HTTP vs. HTTPS
When you see this chain of text in any URL that means information entered into the site is protected between you and the website. Your ISP or any entity in the middle of the connection will only know that you are connecting to that website and how long you’re interacting with that website but will have no details on what you are viewing or submitting. The National Cyber Security Alliance’s maintains a list of current links to privacy/security settings for popular devices and services. This does nothing to protect your sensitive information from the website itself;to achieve that end you’ll need to use services that have “end to end” encryption.
The reality is private browsing does not prevent ISPs from tracking your online activity. What it does prevent is the browser itself (or any browser extensions you have) from keeping a record of the websites you visit, the data you enter into forms, or any searches you submit, and it won’t record any of your downloads in the browser’s download history.
So is private mode really that private? The plain truth is, no it isn’t. Your operating system and ISPs can still track your online activity, and if you think it’ll make any questionable browsing activities discreet, you’re wrong. Despite this, private browsing does have good use cases. If you’d like to log in to multiple email accounts, or you’re making surprise plans for a loved one, private browsing will help keep your activity quiet. Just don’t assume you’ve gone “off grid” by using private browsing.
Encryption is the process of converting information into a code for the purpose of transmitting or storing (or both) data securely without exposing it to unintended third parties. Decryption is the reverse operation that converts that code back into useful data. Encryption/Decryption can be utilized to protect data that is stored on a device (at rest) or being sent to another location (in transit) by preventing nefarious hackers from accessing private information shared between a sender and recipient (end to end.) Encryption is just one operation in a broad spectrum of securing data, however. Encryption and decryption also must be paired with cryptographic signatures and authentication codes to make sure the encrypted data has not been tampered with and the keys used during these operations must be secured and verified.
Encryption and decryption are made possible with the use of key pairs, or cryptographic signatures, that authorize interpretation of encrypted data. Encrypted messages are sent by addressing them with the recipient’s public key, which is a code they can openly share with contacts. The communication can only be decrypted with the respective private key. Encrypted messaging is also designed such that private keys can not be duplicated or easily deduced by the public key.
In order to securely store information on your devices, be sure to turn on encryption. For desktop users on Windows and Mac, you need to turn on encryption. It is not the default setting. Here’s how to turn on Bitlocker for Windows 10, and how to turn on FileVault for IOS 10.
VPN Stands for Virtual Private Network, which redirects your traffic through someone else’s servers, like a tunnel that masks your internet usage from your local Wi-FI or ISP. VPN does not guarantee secure transmission of data to the sites you’re browsing or apps you’re using, and often VPNs are under less scrutiny and regulation than ISPs and may be in the business of selling your information to third party advertisers (or worse). Even with an ideal VPN there’s chance for data leakage. Be sure to read the fine print because some VPNs can come in handy when traveling by providing an additional layer of security on free Wi-Fi networks that are unsecure.
App permissions/Location Tracking
The more you allow apps and devices to take over responsibilities, the more access points you create for companies and criminals alike. Recently Unroll.Me was found to be copying all of your gmail to their own servers. While it isn’t necessary to avoid these services or connected devices altogether, because they do have many benefits, it is important to make smart decisions about what information you share, including what information you are granting by default, what could be granted later, and what is subject to change.
Ransomware is a type of computer malware that installs covertly onto a victim’s device and locks out the owner. This grants a hacker the ability to either hold the victim’s data hostage or to mount a leakware attack that threatens to publish the victim’s data, until a ransom is paid. Cyber criminals use phishing methods to trick victim’s into downloading the malware.
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. Phishing methods have long evolved beyond the generic “Prince of Nigeria” email scam. Cyber Criminals execute email or instant messaging spoofing which then directs victims to enter personal information on a fake website that looks almost identical to legitimate sites.