SECURITY OF DEVICES
How to use little precautions for building a strong defense?
What’s the lesson about?
Copying the entire hard disk content within ten minutes, without you even noticing it. Retrieving data from a turned-off smartphone via a USB cable – and using them against you. Losing private pictures because of an unsecured device. We’re not exaggerating; this is the reality. You may accept it either in the form of preventive measures or consequences.
In this lesson, you’ll find handy tricks for the security of smartphones, which is often overlooked. Nevertheless, the recommendations apply for mobile devices (laptops, tablets) and PCs as well. Are you scared of words like authentication, encryption, or data backups? Sounds like a job only for “the IT people”? We will show you that you can best protect your data and devices by yourself, and that most precautions will take like five clicks. Get ready, prepare all your devices; we are going secure!
EXTRA 20 MIN
7 CHALLENGES
2 tutorials
An ounce of prevention is worth a pound of cure, right?
We all carry a smartphone, tablet, or laptop with us all the time. The risk of loss, theft, or another attack is therefore rising, and the consequences are usually fatal. Not to mention malicious code, which, of course, can attack your device wherever you are.
Remember that when it comes to cybersecurity prevention, the investment is minimal (both financially and in terms of time). On the contrary, handling the consequences of underestimating security precautions is often impossible. Small, but powerful precautions include installing programs that work hard instead of you, such as data backup or antivirus software. Another useful preventive measure is changing bad habits, the dangers of which are often unknown to the user. In the next part of the text, you will learn how to use seemingly small precautions to avoid the worst online hazards.
Antivirus software* works as a filter of the worst things you may encounter on the Internet. Its job is to identify suspicious files, software, or malware. We consider it a necessity on computers, so why do we hesitate on smartphones or tablets – small portable computers?
We're not used to securing our mobile devices, so they're becoming an attractive target – the number of attacks doubled in 2018. Problems often occur because of the careless downloading of random apps and games – users unintentionally downloaded 32 million malicious apps from Google Play in July 2019. You can't decide solely based on the number of downloads or reviews. Try to do a brief background check on the authors of the application. Does their portfolio include a dozen of highly-rated apps? Then its credibility increases. Nevertheless, the antivirus software protects your device in most cases. For maximum effectiveness, don’t ignore its informative reports; the golden rule “never hesitate and never postpone” applies to all kinds of updates anyway. Should you be facing more sophisticated threats, the program will guide you through the solution.
On Windows, you can get by with the built-in Windows Defender. For macOS, we have long had good experience with ESET's antivirus, which also offers products for mobile devices with Android OS and iOS. However, you'll have to pay extra for those.
*Antivirus and anti-malware are often used interchangeably. A virus is only one of many types of malware, so the term antivirus is less accurate (but more common). You don't have to worry about it; the only important thing is to install it. :)
Are you ready to finally deal with data backups?
If you don't believe that attackers care about your data, think of the comfort of having the data always available for you, on any device at any time – like on the new device when the old one stops working, gets stolen, or when you spill coffee all over it. So, how to get started?
- Step one: when choosing storage, consider data limits (which aren't infinite, at least in free versions). Back up the files that are critical to you. To illustrate, a typical user can produce up to 1 TB of data (500 GB on average) annually – and only one-fifth of it is important. So, don’t worry, you need to back up only a small portion of your files. Google Drive users will undoubtedly confirm that they’ve been trying to fill up the “small” free 15 GB limit for the past several years.
(Have a look on interactive infographic about data size.) - Step two: choose the right storage. At MUNI, the preferred solution is OneDrive; an alternative could be Google Drive or iCloud for Apple. OneDrive makes uploaded data available from anywhere via the online Microsoft Office 365 interface.
Extra tip: You can combine multiple data storage services. For example, you can use OneDrive for work and study purposes only and Google Drive for pictures and videos. For big files like movies, we recommend saving online space and buying external disks. - Step three: use the ICS tutorial for installing OneDrive into your computer. Thanks to the mobile application, it’s available on your portable devices as well, which is handy for backing up pictures and videos.
- Step four: consider setting automatic backups (tutorials for OneDrive, Google Drive, iCloud) so that you won't have to think of files you should back up. Say, there's a difference between a thesis you're currently writing and pictures from 2017, which remain unchanged.
Handy 3–2–1 rule for back-ups
Three copies in total, on two media, each at a different place (at home/at work). Yep, it might sound a little bit overdone. But let's look at a concrete example. When writing a paper, save it on your computer, flash disk, and a cloud (OneDrive, Google Drive, iCloud). All of it once per day; it's not that hard. You should use the 3–2–1 rule primarily for currently critical data but also on irreplaceable data, especially if their loss would harm you (financially or emotionally).
How to use little precautions as effective defense?
The following list of seemingly small precautions might seem a bit long, but it has two major advantages. First, implementing them is usually a simple one-time job. Second, it takes only a moment before you incorporate them into your everyday workflow.
Locking a screen
Lock screens highly decrease the risk of data misuse. If the device settings allow it, choose a biometric lock (fingerprint, face recognition) combined with a strong password (you’ll learn about passwords in the next lesson). Gestures are popular on smartphones, but, contrary to a PIN code, gestures are easily recognizable, predictable, and they leave a visible mark on the screen. For computers and laptops, you should use a manual screen lock (in Windows, the shortcut is the Windows button + the L key). Lock the device whenever you leave it unattended (the only exception is a home computer).
Notifications preview
Notifications reveal much more information than you’d like (not only if your device gets stolen). What kind of messages do you usually receive or send? And how many of them would you rather keep to yourself? A compromise between handy notification previews and security is setting the notifications correctly. Let them show you just the name of the person, for example, not half of the text. On smartphones, you can find something like Notification Center in Settings. On computers, you can solve the problem with the already mentioned screen lock.
Available updates
Neglected update notifications warn you that the chances of your current software thwarting an attack are the same as Trabant beating a new Tesla in a race. Do not delay updates – consider them an opportunity to take a little break from work. Also, many devices and services offer automatic updates. However, be aware that updating systems like Android or Windows can slow down the startup of the device.
Encryption
Encryption protects data: it complicates their misuse or theft. On mobile devices, you can allow encryption in settings (usually in a section like Securing the device). The same applies to the encryption of SD cards. Encrypting your PC or notebook is more complicated; we'll discuss it in the bonus materials at the end of this page.
But remember: if your device contains any data other than personal (e.g., corporate), encryption is a must. At MUNI, specialists from CSIRT-MU can help you with encryption.
Anti-theft tracker
The tracker app will take care of your device remotely. It can delete data, safeguard the phone, let it ring, and show it on a map. Type “Google Find My Device” into a browser, log in to your Google account, and confirm the search. This function is available for all Android devices; Apple provides a similar service via iCloud.
Anonymous browser mode
Use private browsing on devices that you don't fully trust but sometimes have to use anyway (shared PC at work, public PC at a library, a friend's notebook). The anonymous browser mode eliminates digital traces like cookies, cache, and browser history (including form auto-completion). However, your Internet provider, school, or employer can still see which websites you visit. Therefore, we can't talk about real privacy, but everything you'll do online in the anonymous mode won't be linked to your identity. The amount and type of information you always leave behind in cyberspace should be your choice. This way, you can avoid personalized ads, for example. (So, the next time you'll search for a gift for a partner, neither the browser autocompletion nor the ads will reveal it to him/her.) Let's try to open the anonymous mode by using the keyboard shortcut Ctrl + Shift + letter N or P. Alternatively, you can find this option in the upper bar of your browser.
Closing the browser windows
Eliminate the unwanted sharing of personal information. When switching the browser windows and tabs, everyone can catch some piece of your private data, so keep closing browser windows and logging out of services. You don’t have to worry about this at home, once you set all the precautions (like encryption, password, etc.).
Remember that betting solely on convenience pays off hardly anywhere – and it is not the case of cybersecurity, either. You can stay ahead of attackers by little precautions like antivirus software, device encryption, and data backups. These don’t require additional effort once they are correctly set up. Don't forget about small everyday details either: locking the screens or installing updates. Stay away from unnecessary trouble!
Bonuses for curious users
Permissions required by apps
Does a weather radar need access to your contacts or a flashlight to a photo gallery? We’re not saying, "stop downloading apps," we're saying, "if the apps require nonsense permissions, find an alternative (and have an antivirus installed)". There are plenty of apps to choose from, so don't let the first one you bump into steal your data or money. Choose wisely. The current trend is to download apps without them requiring permissions in advance (as already mentioned access to, e.g., photos, messages, or location). You permit or deny the permissions once the app needs them. Have a look at the permissions of your currently downloaded apps. We bet that half of them could be revoked!
Real-life consequences of unencrypted devices
We guess that you don’t know many people who encrypt their notebook. At the same time, you’ve never heard them saying stories about stolen data or accounts. Isn't that weird? Is encryption overestimated, and are we making you panic for no reason? We don’t think so: look at real-life examples from healthcare or dirty business called revenge porn.
Computer encryption in detail
We won't lie to you: encryption is not completely easy. Remember: if your device contains data that need protection (e.g., business data), you must encrypt them, whether on your own or with the help of the IT department. Especially when storing business data on the device, familiarize yourself with your company's policy on data flow. Otherwise, you risk even your job. We recommend the official tutorial from a device manufacturer since the specific steps differ based on the manufacturer and the OS. Don't use trial and error method or anything random. We are not joking; unprofessional manipulation could cost you the loss of data or at least access to them (e.g., when losing the encryption key).
Superpower called Secure Boot
Secure Boot can deal with cases when an attacker gains physical access to the device or implements malware into the system core using other malware. Secure Boot then won't let the unsafe system core work. On Windows systems with encryption, Secure Boot must stay turned on – all the time.
Advanced users, try Comodo anti-malware
Apart from standard tools (firewall, preventive protection, malware scanner), Comodo includes automatic sandboxing for installers and programs from unofficial sources. You can configure Comodo better than standard tools, too.
Icons made by Smashicons from www.flaticon.com.