Cyber Security - Guide and Tips

News on cybercrime keeps making shockwaves now and then. As per media reports, a staggering amount of Rs.7000 cr has been looted by cyber thugs in just one year! The rampant increase in cybercrime can be estimated from the number of complaints received by police this year alone, which is around 7.5 million vs 1.5 million complaints last year.*

Cybercriminals catch up and match with the advancement in technology at a rapid pace. On one end we feel upbeat about the internet penetration in rural areas as it brings progress and development, on the other hand, some people are exploiting it for a shorter route to wealth.?

Below are the screenshots of live data on the cyberattacks happening worldwide (https://threatmap.checkpoint.com/). These are enough to percolate the gravity of the situation -?

The paradigm of ‘‘jaan maal ki suraksha’ (safety of life and belongings) has changed and taken a different form with the advent of cybercrime. Along with the material things now the safety of your unseen yet tangible wealth; ‘our identity’ is a crucial aspect that makes you, ‘YOU’. Someone steals a digital identity and wipes out a person’s bank account, can commit fraud by impostoring an innocent, can steal critical data, and blackmail; the list is endless of financially and psychologically devastating crimes.?

Understanding how these crimes transpire and the vulnerabilities of our devices will help in bringing a mind-shift. In the era of easy-to-use and adaptive technology, the means of crime are also easily available. Criminals like anyone else have access to free open-source platforms, no programming knowledge or deep technical know-how is needed to perform these malicious acts. Simple commands to create a clone website, to start the probe for hacking the open ports, or for any other such malicious activity, are available on open-source platforms.

Looking at the modalities of these crimes, it is evident that cybercriminals do a lot of preparation before the actual attack. Personal information like your address, age, family details, lifestyle, immediate plans, etc are collected to choose the target and plan the crime. All this information is available explicitly (if shared it on social media) or implicitly on personal devices. Therefore, it is crucial to increase awareness about the modalities of such crimes. Awareness will bring the responsibility for practicing safe measures while using the internet and digital devices.

The purpose of this article is to provide some insights and share a few practical tips one can adopt to stay cyber-safe. The given points must be considered as basic hygiene practices and not mere optional precautionary measures:?

1. Device hygiene-?

• Purchase and install a reliable anti-virus on your PC/laptop. It will protect against phishing, malware, ransomware, etc.??
• Clear browsing history regularly - Browsing history is your trail and makes you vulnerable as the hacker can access your whereabouts. They can find out many implicit personal details about you through your internet activity. It is a scary proposition. As a best practice for housekeeping, clear your browsing data regularly.?
• Never allow any website to save your credentials for auto-fill. Other malicious websites can extract this information from those cookies.?
• Disable the sync option on your mobile device, if any one of the apps is compromised, all others too can get compromised.??
• Uninstall apps from your mobile that are encroaching on your device. For example; These are the apps that would start some advertisement which you wouldn't be able to stop even when you quit (close) the application. This means these apps are taking control of your device and can manipulate your data.
• Always ensure your software is updated with all upgrades. This is to avoid missing the latest and important security fixes or updates, which could potentially put your device at risk.
• Be careful about the source of accessories like pen drives, chargers, cables, etc, always buy from authorized dealers and ensure company seal. Don't buy them from the roadside, or fly by night shops. These devices can be deceptive. Spoofing devices can be easily camouflaged in the form of these simple devices. So don't even use or allow to use such devices which may be owned by another person, known or unknown to you, on your laptop or phone.
• Do not hand over your device for repair to any person, always get them checked and repaired at authorized centers only. There are cases where the repair person installed a spoofing device like a Wi-Fi camera on the mobile and the owner came to know only after three months and then they could never find the culprit.
• Never leave your laptop open and unattended. Avoid giving your device to anyone including your friends, as it could be risky. A hacker does not wear a hacker batch. A short command which might take less than a minute is enough for a hacker to open the gate (ports) of your device for them to take remote access to your device or for any other malicious activity. If this happens, the attacker will get full control of your device!?
• Cover the webcam when you are not using it. This will prevent mishaps in case the device gets compromised.?

2. Password hygiene-?

Passwords are like strong locks that we put on the entrance door of the home or the safety vault. Below are three basic safe password practices one must follow:?

I) Password strength - A strong password cannot be hacked easily. You can check the strength of your current password on the website? www.passwordmonster.com. If the result shocks you, here are some of the best practices for a strong password -?

1. The first guideline is to create a password using a combination of the alphabet (both lower case/upper case), numbers, spaces, and special characters.?
2. Password generators can be used to generate strong and safe passwords. But, not everyone might find them easy to remember.?
3. A personalized phrase or sentence is the strongest form of password. Use the combination as mentioned in point ( a.) to form your sentence. Eg: I wake up @ 5 am every day or I have? #3 games installed on my PC. Use any phrase that you can remember easily.??
4. Personal information, like your name, family name, pet name, pet’s name, kid’s name, any family member’s name, and date of birth must not be used in passwords.?
5. Never note your password on paper or any device.?

Note - It would be interesting to know what was your password strength and what it is now if you used any of the above tips. Do share it in the comments box.?

ii) Securing passwords -?

1. It takes a few seconds to type a password so why risk your safety.? Saving passwords on devices or websites like Google or any other portal is like hanging the key on the door. - Never use the option of saving the password. Malicious websites or hackers can extract this information from cookies.???
2. Change your passwords regularly.?

iii) Use double door lock feature - Wherever available use two-factor authentication (2FA) to access the site. The one where an OTP is generated and messaged you or sent to your email.?

3. Browsing hygiene -?

• Your device is most vulnerable in public places - Never use public/ free wifi for transactions or video calling. Hackers can intercept easily on public networks and steal your voice samples/ videos. There are cases of gross misuse of such data using AI. A case was reported where the child’s voice was cloned using AI and money was extorted faking the abduction of the child.?
• Clone websites - There are many sources available that create clones of popular websites like those of banks or even Google. When you log into any application you notice that as you type in your credentials, the page is refreshed and the page is loaded again. In most probability, you gave your login credentials to a thief! In such a case, change the password immediately.
• Never click on links or attachments given in emails or messages. These may appear as coming from known sources like your bank or any known vendor, but in reality, these are like bait. It could be a clone website as discussed above.?

Most browsers indicate the authenticity if the website by giving the information in the padlock. Click on the icon (padlock) appearing at the left corner, as shown in the pic below. You can check if the website belongs to the authentic source that you intend to visit by checking the about page and the security certificate.

Alternatly you can use the https://transparencyreport.google.com/safe-browsing/ to check the website. There are few other such tools available for use.

• Your personal information is available on the internet freely not just to your friends but to people who you wouldn't want to know. Avoid posting personal details and whereabouts.
• You have no control over who can access the information. Any information once on the internet remains forever on the internet, even if you delete your account.? Hence be very cautious about what you post on social media.?

Other safety rules to follow -?

1. Do not pick up calls from unknown numbers. If you pick up any call from an unknown number, do not share any personal or any kind of information. A lot of scams are happening where callers pose as government authority or police. They may set their name and dp to give the impression they are calling from CBI/ Police etc and tell the receiver how they have seized a packet with drugs having their name and address or they have caught someone doing fraud on their name etc. They can make any story... all to extort by taking personal details or directly forcing the person to transfer money. One thing people must remember is that any government authority will not ask you to transact online. In such cases - a. Simply hang up the phone in such cases. b. Block the number.

There are cases where spammers use certain schemes of words to psychologically hack your brain and then the person on the receiving end just follows their instructions. There are many more dangerous ways to hack the brain digitally*. It is scary though, but precaution through awareness is the only solution at the individual level.?

Safety at ATMs -?

Above mentioned measures may not be the complete list, but the idea is to create sensitivity toward our vulnerability. It may sound like paranoia but we cannot close our eyes and live with ostrich effect. We cannot even give up using digital means either, these are part and parcel of our day-to-day lives.?

Conclusion

In conclusion, we can say the digital world safety lies in the hands of the user. It is important to continue dialogue about cyber safety with children and elders at home.? Schools and colleges can play an important role. They must invite experts and organize awareness sessions. Organizations must run awareness campaigns from time to time to sensitize their employees. I suggest short courses on cyber security should be made compulsory at schools and workplaces. Knowing the pitfalls can keep us alert against any type of cybercrime. Lastly, in case a person becomes the target of cybercrime/ cyberbullying they must immediately disclose it to friends and family without fear of being judged and report the crime to a cyber security cell.?

Stay cyber-safe stay healthy and happy! must be the new slogan now.

https://www.indiatvnews.com/rajasthan/rajasthan-police-cracks-down-on-cyber-crime-in-mewat-launches-operation-anti-virus-arrest-cm-bhajanlal-sharma-latest-updates-2024-06-18-937611

*If you are interested in knowing more about brain hacking you can read this article;

https://www.bbvaopenmind.com/en/technology/digital-world/cybersecurity-to-guard-against-brain-hacking/