Tech Security

Why is tech security important?

Technology is heavily ingrained in our lives and it will only increase even more as time goes on. Because society is progressing into a more technology dependent population, it pushes others to keep up in order to remain competitive. Today, technology is incorporated in our lives because it makes our lives much more convenient than ever before. For example, back in the old days before electronic communications existed, it would take weeks, even months, for messages to get through because technology wasn't as advanced. So relaying information would take forever and delays occurred because of how long it took to receive and send information. Whereas today, information can be instantaneously received, which means decisions can be made much quickly than ever before. This had a huge impact on the economy and social aspect of life since businesses and people can now communicate and get information instantly rather than weeks or months--the overall process of communication is instant. This instant transfer of information is why computer technologies are heavily used today.

Everyday people like you and I use computers because it's a useful device and has nearly everything we need. We can send messages, video chat, purchase a product online, submit forms--basically everything! But this is where the problem arises.

Since we use computer for nearly everything, this means it's very likely that it's also used to handle personal, private, or confidential information. These information are sent over technological devices by millions of people all over the world everyday--and this attracts the bad guys. The bad guys would do whatever it takes to gather and steal these information so they can use it for themselves or even sell it on the black market.

Method of Attacks

These attackers use different method of attacks to get your information. Methods include: Phishing, Malware (Virus), and Hacking.

Phishing: "is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication" (Wikipedia)

Malware: "is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software" (Wikipedia)

Hacking: The term 'hacking' wasn't always a bad thing, but it has become associated as one (there are good and bad hackers). Good hackers, known as 'white hat' in IT world, purposely look for security vulnerabilities in order to fix it. Whereas the bad hackers a.k.a 'black hat', look for security vulnerabilities for malicious attacks. "In the computer security context, a hacker is someone who seeks and exploits weaknesses in a computer system or computer network. Hackers may be motivated by a multitude of reasons, such as profit, protest, challenge, enjoyment, or to evaluate those weaknesses to assist in removing them" (Wikipedia).

Why they do it

Once they steal the information, they either use it for themselves or sell it on the black market. Information theft like credit card #, bank account information, and social security occur daily worldwide due to its demand and value.

How can you secure yourself?

There are several things you can do to protect yourself and keep your technology secure.
Check them out below.

1.) Keep your operating system (Windows, OS X, iOS, Android, etc.) up-to-date. One of the reason why companies 'update' your operating system is because they are trying to fix any security vulnerability/holes they have found.

2.) Keep your web browser and other programs up-to-date. Your web browser (Google Chrome, Firefox, Internet Explorer, etc.) and other programs need to be updated for the same reason as the operating system.

3.) Purchase a reputable anti-virus program. Purchase a very reputable anti-virus program such as ESET or Kaspkersky (I recommend either one, they are very good). They cost around $20-$30 and after one year you have to renew your yearly subscription which costs only $30 or less. The free antivirus aren't as good as these ones, but free antivirus is better than none. Although be careful, some free antivirus programs can be malware in disguise.

If you do have an antivirus program, be sure to keep them up-to-date also. Keeping them up-to-date also updates their watch list of new malwares to look out for.

A good anti-virus program can keep your computer running smoothly and fast for years.

4.) Scan every file you download. If you have an antivirus program, you can make it scan any files you download. This is so that you can detect any malicious malware before opening the file which can activate it.

5.) Don't open fishy/shady emails. If you receive an email from someone you don't know, don't open it! The email may contain virus that can activate once open (although this is rarer since email security these days are tough). The same goes for email attachment files. One thing that may happen is someone on your email contact list might have been compromised and send you an email with an infected attachment asking you to open it--don't. If you weren't expecting an attachment from someone you know, contact them to confirm if they sent it.

6.) Be diligent on emails and its content. Watch out for phishing: There are emails out there that pretend to be from a bank, IRS, insurance, and other important places in order to trick you. There are easy ways to detect these types of email and one of them is to look at the sender's email address. For example, if you receive an email from Chase bank that your bank account was compromised and they need your social security # to make sure you are the owner and it was sent from an email address "iamnotabadguy@gmail.com"-- chances are it's not from chase. In this case, emails from Chase would use their own Chase email account and NOT from Gmail. However, there are attempts in making their email look legit, a simple Google search of that email might show you if it's real or not.

Also, real companies that you are a client in will very likely refer your name in the beginning of an email (Ex: "Dear John Doe") instead of "Dear Customer".

Chase and Wells Fargo have an example on their website of what suspicious email may look like. Wells Fargo has great description and information to what you should look out for.

Chase (Look at the sender's email address in these examples): https://www.chase.com/digital/resources/privacy-security/security/suspicious-emails

Wells Fargo: https://www.wellsfargo.com/privacy-security/fraud/recognize-email-scams/

7.) Don't visit suspicious websites. There are malicious scripts/files that start downloading in the background the moment you visit an infected/malicious website without you knowing.

8.) Use https:// instead of http://. When you visit a website, make sure it starts with https:// because the 's' at the end means secure. Any website that has https:// means your connect to the website is encrypted and secure. So if anyone attempts to eavesdrop in, they won't be able to see what's going on due to encryption. Websites that only have http:// (notice the 's' is missing) means it's unsecure, so anyone on the same network (especially in public wifi's) as you can eavesdrop. You can manually input https:// in websites that only have http:// and become secure, but it won't work 100% of the time on some websites since they don't support this feature.

However, if the website doesn't have https:// and it isn't something you submit confidential information through (Ex: online news website), then it should be fine that it's not secured since you are not sending sensitive information.

9. Be diligent on public WiFi. When you are connect onto a public wifi (Ex: coffee shop, outside wifi, etc.), you are basically connected in a public network where anyone can connect to (including malicious people). This means anyone can listen in and eavesdrop on the information you send over the network. Unless you are encrypted, I would avoid handling important information on a public wifi.

10.) Don't jailbreak your smartphone/tablet. Your smartphone/tablet operating system is very secure because it was engineered and programmed from the ground up. People jailbreak their phones because it gives them more freedom by removing restrictions, but at the cost of security. Your smartphone/tablet becomes very vulnerable in being remote controlled by an attacker, getting malware, and other malicious attacks since restriction that once prevented them no longer exists.

11.) Use secure passwords. Use secure password that contains combination of letters, capital letters, numbers, and symbols. The reason being is simple password can be easily cracked by brute force password cracking programs (these cracking programs can input and test out multiple passwords per second, they start with easy popular passwords which can crack them within minutes). The longer the password, the harder it is to crack.

Don't use popular passwords like 'password' and etc. because they are the first thing an attacker uses.

If you have any questions or tips that you think should go in here, feel free to message me through contact above.