SECURITY OF DEVICES
How to use little precautions for building a strong defense?
What’s the lesson about?
Finding out sensitive information from a phone preview and misusing it without the owner knowing. Infecting an outdated computer to commit cybercrimes. Losing intimate photos due to an unsecured device. We are not exaggerating, this is reality. Either accept it in the form of preventive measures or deal with the consequences.
This module contains two parts:
EXTRA 15 MIN
5 CHALLENGES
1 tutorial
1. How to get by with effective little things?
The following six minor measures share one thing: they are simple and at the same time effective. Take a look at our checklist and assess which items you could not yet tick off.
Do not delay available updates ⏭️
Lock the screen ⏭️
Use antivirus on PCs and also on Android devices ⏭️
Limit notification previews to the name of the person only ⏭️
Back up your files ⏭️
Increase vigilance when downloading apps and files ⏭️
Remember, prevention costs you almost nothing (neither financially nor time-wise), whereas dealing with the consequences of neglected measures is often impossible.
2. Prepare all devices at hand, it's time to secure!
-
#1 Do not delay available updates
🟡
Learn not to delay updates. This applies to both computers and mobile phones. Unupdated software has about as much chance of defending against an attack as a Trabant has of winning a speed race against a Ferrari.🟡
Whenever possible, use the option to set up automatic updates. At the end of the day or during breaks, turn off your devices, which can also secure updates during the time off.
Challenge: Never postpone installing offered updates, especially operating systems and browsers.
-
#2 Lock the screen
🟡
Locking the screen significantly reduces the risk of your device being misused. This applies to phones, tablets, e-readers, computers – basically anything.🟡
If possible, choose a biometric lock (fingerprint, face recognition) in combination with a strong password (about passwords in this module).
Challenge: Learn to lock your computer
🟡
The basic rule is – every time you want to move away from your computer, lock it. This applies even at home because it creates a habit. Similarly to how drivers use blinkers even on deserted roads.
🟡
You can use the locking feature through the main menu, but after some time it becomes quite cumbersome.
🟡
We recommend using keyboard shortcuts. Pressing them leads to the immediate locking of the computer. At first, you will have to think about it, but gradually using them will become an automatic action that takes no more than a second.For Windows, press the Windows key and the letter L simultaneously.
Using a MacBook? Press Ctrl + Cmd + Q at the same time.
Challenge: Say goodbye to unlocking gestures
🟡
Avoid unlocking your device's screen with a gesture – connecting dots on the display. Compared to a PIN, they can be easily observed, are predictable, and repetition leaves a visible trace on the display.🟡
Moreover, there are databases of most commonly used gestures – there's a good chance that a potential thief of your mobile might guess your gesture sooner or later.🟡
For the reasons above, newer devices no longer even offer this option. -
#3 Use antivirus
🟡
Antivirus acts like a sieve for the worst things you can encounter on the internet: its task is to identify suspiciously behaving files and malware (including known viruses that gave these programs their name).🟡
Each operating system has its specifics in terms of antivirus solutions, check out yours.Android🟡
On an Android device, antivirus software can protect you from malware and malicious apps. Additionally, it can alert you to fraudulent websites and block them.🟡
Securing mobile devices is often not something we are used to solving, therefore they become an attractive target for attacks – their number grew by 50% in 2023 compared to the previous year.
🟡
Problems are often caused by users thoughtlessly downloading apps and games – 600 million malicious apps from Google Play were downloaded by users during the year 2023.Apple🟡
At computers and notebooks, we have long had good experiences with antivirus software from ESET.
🟡
Traditional antivirus for a mobile or tablet from Apple basically does not exist. Why? Security on an iPhone or iPad is enhanced by restricting apps that do not have access to sensitive information from other apps.
That applies to both malicious apps and antivirus. Therefore, an antivirus app for iOS could only scan itself.🟡
To ensure your antivirus serves you correctly, do not ignore its warnings about detected threats and available updates; the rule of not delaying applies to updates of all kinds. For more complex threats, the programs will guide you through the solution. -
#4 Limit notification previews
🟡
Incorrectly set notifications reveal much more information than you would want – and no one even needs to steal your phone.🟡
A compromise between quick previews and security is to set previews to show only the person's name. How to do it?
Android
1. Go to Settings, under the Apps and notifications section, and select Notifications on the lock screen.
2. Choose the option to Show but hide content or similar.iOS
1. Go to Settings > Notifications and select the app (e.g., WhatsApp, Messenger, etc.),
2. Tap on Previews and select When Unlocked.🟡
And what about computers? There, you can manage with locking the screen, which we have already discussed. -
#5 Back up your files
🟡
People are said to be divided into two groups, those who back up and those who have not yet lost data. We recommend that you do not verify the truth of this saying the hard way.🟡
Having backed-up data is a good and practical safety net, even if you think no one would want to steal your data. There are still malicious programs or just plain unlucky accidents that can destroy your device and the data stored on it. Challenge: Consider automatic backup.
Challenge: Consider automatic backup
🟡
Automatic backup simplifies the situation because it removes the decision-making on how often to back up which files. We include links to guides.🟡
However, if your automatic backup occurs once a week, back up your thesis, or anything else you work on every day, in another way. How to do it? The following challenge can help you.
Challenge: Master the 3-2-1 backup rule
3
Make at least three copies of your data.2
Two of the copies are on different devices.1
At least one copy is offsite or outside your office.🟡
Example: When writing an important paper, save the current version daily on a flash drive, the computer, and the cloud (OneDrive, Google Drive, iCloud). Rule fulfilled and no suffering occurs.🟡
Use the "three-two-one" primarily for really important current data (ongoing thesis, research data, etc.), but it doesn't hurt to apply it to your irreplaceable data, especially those whose loss would cause you harm (financially, emotionally). -
#6 Increase vigilance when downloading
🟡
Deciding just based on the number of downloads is not enough. Before you download an app or file, consider the following principles:1.
Consider whether you really need the app. The fewer apps, the fewer risks. Be especially cautious if someone else motivated you to download.
2.
Download files only from official and verified sources. But be aware that even in official stores there can be dangerous apps, especially this applies to Google Play, where you commonly encounter such apps.
3.
Monitor app ratings to help you decide whether the app is safe. However, be aware, reviews on app pages are easy to forge. If you are unsure, use the internet to learn more about the app.
4.
Before granting app permissions, carefully read what access they request. Allow only those that are necessary for the app to function. Does a weather radar really need access to contacts and does a flashlight need access to photos? Be cautious when allowing access to the camera, microphone, contacts, or messages.
- Remember, betting purely on convenience rarely pays off – definitely not in cybersecurity.
- Measures such as installing antivirus software or setting up backups give you a big head start against many attackers, and these settings require no significant care after installation.
- Don't forget everyday little things: locked screens or installed updates. Don't give a chance to unnecessary troubles!
Bonus for curious users
Finding a lost device (anti-theft tracker)
Remotely erase data, secure the device, make the phone ring, and display it on the map. Just enter Google Find My Device into a web browser, log into your Google account, and confirm the search. The function is valid for all devices with Android, an analogous service for Apple is available on iCloud. Apple has also introduced Stolen Devicece Protection, available on all iPhones supporting iOS 17.3.
Do not connect found memory media to your devices
Found a USB drive, SD card, or other memory media? Definitely do not connect them to your devices due to the risk of malicious software. Ideally, hand the media over to the IT department or an IT technician for checking. You never know if a sophisticated attacker planted the media.
Encrypting devices
Encryption protects data: it complicates their misuse and theft. For a mobile phone and tablet, just enable "encryption" in the settings (usually under "Device Security"). Encrypting SD cards also needs to be enabled separately in the settings.
For PCs and laptops, it is a more complex process. If you have data on the device that needs protection, you have no choice but to tackle encryption (yourself or with the help of a company IT specialist). Especially in the case of organizational data, it is appropriate to find out the requirements of the internal policy. For bold and responsible users, we recommend proceeding step by step according to the official manufacturer's guide, which varies slightly for each device and operating system. It is not advisable to play with data encryption or try a trial-and-error method. Without exaggeration: such behaviour could cost you the loss of your data or access to it (for example, if you forget the encryption key).
Real impacts of unencrypted devices
You don't know many people who encrypt their laptops. At the same time, you've never heard those scary stories about stolen data and accounts from them. Strange, isn't it? Is encryption unnecessary, are we scaring you? We don't think so: look at examples from healthcare or the nasty area of so-called revenge porn.