Hello again folks!

In this post I am going to talk about how we are often in the false assumption of being safe from online frauds, data breaches, spams, malware, ransomware and what not. Just because we have bought that best cyber security product does not provide a full-proof protection. The topic is not a discussion on whether security products work or not, rather about how secure are you, even if it works to its promises. Cyber security products definitely helps you keep secure but it can not protect you everywhere. In todays technology driven world there are so many more ways beyond your cyber life that can compromise your digital security. Social engineering, trusted contacts, accidental mistakes, physical data theft etc. These are to name a few examples where, no matter how potent, your cyber security product can not protect you.

Let’s talk about how some of these techniques exploits your cyber resources.

Social Engineering

This one is no more a secret. But let’s just get into it. This is a technique where a person with malicious intentions lures you into a social trap. Say for example, an attacker with the help of a carefully curated talk makes you blurt out secrets or give out your personal device to them. The attackers are smart enough to make his/her intentions un-obvious to you. If you get into the trap of this enigmatic magic trick then the magic is done, it can be your bank account, social sites or anything else.

The power of this trick is that no matter how aware you are you can still be fooled. It’s about how skilled the attacker is and how much they know about you. The information that they know about you is skill-fully used to take out the information they need. In my opinion this is one of the most dangerous technique. These attacks are not going to die out any sooner in-fact it has far more potential to grow exponentially.

The social engineers are getting smart and to defeat them you need to be smarter. Often they follow a modus operandi that is out in the public domain, you need to be aware. Spot the un-obvious intentions. If it sounds too good to be true then may be it isn’t.

Trusted Contacts

Trusted contacts can be employees, partners, friends etc. A rogue employee leaking out sensitive information such as credentials and passwords to public domain forms a considerable ratio of total data breaches. More often than not, by the time culprit is identified, they would have moved out. The more of these people you deal with the more vulnerable you are. Suppose that you have just one contact who has access to critical data or personal information then the probability of breach is limited to this person. As this list grows the risk grows.

You have very limited options to safeguard yourself against malicious trusted contacts. Only engage with people you can trust. More importantly, engage to the level you can trust. Your ability to do so will define your success against these kind of attacks.

Human Errors

Have you ever left your digital devices, physical drives etc. unattended and unlocked. Threat actors are often in the look out for such jackpots. An attacker, by stealing/accessing your device, can very easily transfer data by planting a simple software that goes unnoticed known as spyware. These softwares are designed to silently upload the information to a third party server. If you have a habit of storing passwords or sensitive information on your local devices then it can be easily compromised. Your cyber security product may protect you from spyware but they can not ensure the physical security of your devices.

Always set passwords to your devices, keep them locked, be more mindful in public places and if you have sensitive information to protect, never connect to public networks .

Mobile Apps

Your mobile devices have a lot of sensitive information about you that you probably may not know such as location history, close contacts, payment methods, transaction histories etc. As these devices are getting more integrated to our daily lives both personal and professional, it has access to even more sensitive data. In this situation the apps installed on your device, even if it is a legitimate one, can read all these information very easily. The problem arises when these apps may be carrying a vulnerability either in their server or in the app itself. Attackers can make use of the vulnerability to gain plethora of sensitive information about you at their finger tips. These information will then find their way into dark web where cyber criminals can utilise it to inflict damage to you either financial or not.

Do(s) and Dont(s) for Mobile Apps

As mobile phones have become integrated part of our life, it has become very difficult to safeguard us from these. Few things one can do to minimise the risk are:

  • Do not save your credit card info into apps, without knowing the security standards that they follow.
  • Install well known apps. Always look out for a more secure app in the market place which does the same thing.
  • Do not grant all the permission that they ask for. Be on the lookout for permissions that an app may not need but are still requesting.
  • Usually legitimate apps will not request unnecessary permissions so be on the hunt and safeguard yourself from such apps.
  • Any sensitive data such as credentials should be stored in encrypted format. Using password encrypted documents are not full proof but it is better than not using any encryption at all.
  • Always treat your personal devices as public data store, in that way you will be wary of storing sensitive data to it.

Conclusion

Cybersecurity companies, privacy laws, governments can only protect you till an extent. What would determine your digital well being and safety is the cyber defence that you have to build within you.

You can also read how to protect yourself from tracking cookies here.

Last modified: November 21, 2021

Comments

Write a Reply or Comment



Your email address will not be published.