This post is the beginning of a series of posts about online security where I'm going to guide you, step-by-step, towards how to improve your online security. The idea of this series is, going from zero and without any security knowledge, to help you adding a new security layer per post π
I've decided to build this series in this way, because security nowadays is a very individual topic. You should avoid trying to reproduce exactly how someone protects him/herself. Instead you should try to understand where you're vulnerable and be able to adopt the security measures that make sense for you π€
For example, if your work is manaing the cloud infrastructure of a large company, chances are that you should worry about security way more than someone that doesn't have a role without those privileges.
Also, it is important to comment that, a while ago, I've created a small thread on Twitter showing a little bit about how I currently protect myself. I was really impressed by the amount of people that asked for help, so that is also one of the reason that led me towards creating this series. The security measures on this series are going to be harder upon each new post, so I suggest you to keep reading until you feel comfortable.
Articles in this seriesβ
Why online security mattersβ
I've started to use the internet on the late 90's. I remember clearly that I used it for three things:
- Play with my friends
- Search for scholl projects
- Talk with new people over ICQ and online chats
Also, I've remember that I didn't knew a thing about computers. Everytime I created a new account I used my birthday as my password, because when I created my first account my cousin (who teached me to user computers) told me:
"You should juse an easy password, to avoid the risk of forgetting it"
Every account that I had (which weren't many) were created with that password.
So, one day, while I was playing, I met a guy who promissed to give me an award. I was a small inocent child and the guy only asked me a few dumb questions: my favourite color, my birthday, my name, lastname and e-mail. I've answered all his questions and, in the next day, when I opened the game again I noticed that everything I had there was stolen.
It took me a while to figure out what happened, but it was pretty obvious: with just a few info about me, he was able to hack into my account, stealing everything I had.
Now I say, what would happen to me if this happened nowadays?
At that time, I just lost a few game stuff. But what about now? What would happen if someone enters my e-mail account? It wouldn't be only a few game items that he would stole from me, but basically anything that he wants. Nowadays, our entire lives are on the internet. If someone hacks you is the same thing as someone having access to your entire life.
Nowadays, our entire lives are on the internet. If someone hacks you is the same thing as someone having access to your entire life.
For many people this is already pretty clear. The rising number of people being hacket, friends and family suffering from scams, scarying news about people that lost a huge amount of money. All of those makes us to be really worried and thinking about securying ourselves even more. But, yet, many people are still not properly behaving when it comes to online security.
Some of the most common passwords in Brazil are:
123456,Brasil,senhae10203.β Fonte
How much damage would you cause?β
I think that many people are still not behaving properly when it comes to online security for the following reasons:
- Adopt security measures is worky
- Think that the risk of something happening is low
- Think that, even if something happens, the damage is not that big
And, I've highlited the last one because this (at least on my point of view) is where most people are wrong. In fact, adopting security measures is indeed worky and, yes, the risk of something happening with you can be low depending on how much you're exposed. But, even if you're not that rich, or even if you don't have anything really important in your accounts, hacking you doesn't mean that only your stuff was stole, it means that your identity was kidnapped.
A common kind of scam in Brazil happening over WhatsApp makes it pretty clear. The hacker gets access to your WhatsApp account and, with it, starts to ask money borrowed from every friend and family that you have as a contact. This is pretty effective since Brazilians are very friendly and like to help each others. Depending on how fast and the context of the situation, some people that you like can be tricked into giving money to a criminal that was passing as you.
This kind of coup is also well-know for being used to hack companies. Think like this: if someone wants to hack your workplace, what is easier? Trying to hack the company servers? Or hacking you and them, passing as you, the company?
If someone wants to hack your workplace, what is easier? Trying to hack the company servers? Or hacking you and them, passing as you, the company?
When you start to realize this, it becomes pretty clear that hacking you doesn't mean only losing what you have. Having your bank account and money stolen is already bad, know imagine adding also using your identity to stole your friends, family, and workplace.
How far should I protect myselfβ
Another common thing I see is people thinking that protecting yourself is worky, or people that are scary, do a lot of stuff to protect him/herself and them, afterwards, give up because it is too hard. This is really common, because implementing and keeping security measures is something that is hard to do and deal with. It reduces your comfort. That's why I always suggest that you should be your own ruler. You should avoid implementing security measures that are beyond your limit.
You should avoid implementing security measures that are beyond your limit
Each new security measure you add will, for sure, remove a "comfort layer" from your life. Using two-factor authentication (don't worry, we'll get into that), for example, will make accesing your account harder for not only the hacker, but also for you. That's why I'm writting this series like this, with one tip per post. This way you can follow it, step-by-step, applying whatever makes sense for you.
Where should I improve my securityβ
Finally, this is the question you'll need to make to yourself on every new post: "should I apply this?". Understand what you're giving up and how much security you're getting in return.
Each new article on this series will be a idea of improvement. They'll be written progressively, in a way where the first post will be the easiest to implement, what I suggest for everyone, while the last one will be the hardest, that would only make sense for anyone that is willing to care very much about security. This order to completely personal, based on what I judge as the most relevant for security, so don't worry if some people disagree with me π
See you soon! π€