If even Bill Gates has suffered an attack orchestrated by hackers, you are not immune from being the victim of cybercrime. The coronavirus pandemic has proven that the increased volume of digital activities also increases attacks and fraud attempts. And, it seems, Brazilians have been falling like ducklings in the hacker’s tale.
A global survey by Kaspersky showed that one in eight internet users in Brazil accessed, from April to June this year, at least one link that directed them to malicious pages. This gives 13% of the total – an index above the world average, which is 8.6%.
The percentage placed Brazil in the fifth position in the world with the highest proportion of users attacked. When it comes to companies, however, our country led the ranking of companies that are victims of ransomware — where the criminal can steal your personal and banking data and install malicious programs (malware).
Kaspersky’s report, released in August, deals only with spam and phishing, but there are “n” scams on the market and criminals are just waiting for you to hesitate to take advantage. Have you ever heard of what scams your biometrics by making room to access your bank’s application?
It seems a bleak scenario, but there are simple measures that will help ensure the security of your data, avoiding a lot of headaches. Tilt list here ten valuable tips to make life difficult for cybercriminals.
Passwords and security
1) Strong passwords: Use them in all your personal or professional accounts and never repeat the password for more than one account / service. A strong password must contain at least 12 characters, mixing upper and lower case letters, numbers and symbols, avoiding referring to known words or common numerical combinations such as birthdays or addresses. If possible, periodically change passwords for frequently used services. These are the recommendations of the National Cyber Security Alliance. Start now by updating your Facebook or Instagram password.
2) Two-factor protection: Enable two-step authentication whenever the site or system allows it. This is essential. This way, even if your password is compromised, extra confirmation will be needed to access your account. In the case of WhatsApp, authentication includes a PIN password that protects your phone number. For your Google account, you can require confirmation on your phone with each new login.
As a general rule, it is not recommended to leave your passwords saved in your browser or recorded in unprotected applications (without a password), as they may be compromised by some malware or invasion. There are services that help you create and manage strong and unique passwords, like Mozilla’s Lockwise, Dashlane or Bitwarden, free and open source.
Browsing the internet
3) Click only on links with trusted source and destination. Be aware of senders of emails and messages in general. Be wary when any message indicates urgency of any action or measure on your part. Also be wary of shortened links (like goo.gl/——-, bit.ly/——- or ow.ly/——-).
Pay attention to the security certificates of the websites visited. A secure website will have https: // before the URL. When placing your cursor over a hyperlink, check the bottom of the browser for the destination it will take you to – only click if the destination is reliable. For more tips, Tilt has prepared an anti-phishing manual.
4) Sign up only on trusted sites and services. Pay attention to the personal information that is requested and consider whether it is worth it. The data provided will be stored in the database of these sites. If the registration asks for information unrelated to the benefit offered, it can be a trap. For the same reason, do not use corporate or professional email on social networks or personal websites.
5) Give more protected browsers a chance. Browsing Chrome and using Google for your searches can be the easiest, but it’s not always ideal for your privacy, as Google stores your data and helps websites track you over the internet.
Increasingly, there are options for browsers and search engines that put privacy and anonymity first. Firefox is a popular browser option, simple to use and with the default configuration a good protection of your data. Tor is a browser that guarantees total anonymity, although it sacrifices some features in its most secure way. DuckDuckGo is a search engine, browser and application for browsing and anonymous searching.
As for your Google account, there is an entire session where you can learn more about your privacy and your data.
Also consider having an extra email account so you don’t have to provide your primary email address for all services and sites you want to register with.
If you want to boost protection in your browser, you can install ad blockers and “trackers” (trackers that help you identify and record your activities on the internet, commonly used by advertisers). We suggest uBlock Origin for Chrome or Firefox, or the DuckDuckGo security extension for Safari, Chrome or Firefox.
6) Do not use your corporate or professional email on social networks or forums. According to the Zurich insurance company, “criminals can use your email to send phishing messages or they can impersonate you to trick the people you work with, to gain unauthorized access to the company’s systems and networks”.
7) Be careful what you share: avoid mentioning or commenting on your place of work or study and be strict about what you post. Imagine that what is being shared could be accessed by strangers and that sensitive information can be used against you.
8) Review the privacy settings of your social networks and try to put as much information as possible as private, or just accessible to trusted friends and contacts. As a quick exercise: review your privacy preferences on Facebook or LinkedIn to make sure you agree with who can access your information, photos and posts. On Facebook it is also worth checking which third-party applications (such as games or tests) may be accessing your data. A suggestion? Erase them all.
9) Basic: use a password or lock pattern on your phone. This is a direct way to protect your applications and the data in them. The stronger and more complex the password, the better. Patterns – those drawings you make between nine dots – are less recommended by experts.
Using TouchID on your iPhone or similar locking mechanisms also works. To do this, go to Settings -> Touch ID and Code. On this screen you can activate the access code or configure the Touch ID.
On your Android, go to Settings -> Security and location -> Screen lock, to see the types of lock available.
11) Install only trusted apps from official stores (App Store for iOS or Play Store for Android). Stay tuned for the permissions given to already installed or new apps, be wary of applications that ask for access to your contacts, camera or files without the need for it.
To review the permissions on your Android, go to Configure -> Apps and notifications. On this screen, you can choose the desired application and click on Permissions, or you can scroll down and select Advanced -> App Permissions, to view the permissions by type.
On iOS, go to Settings and scroll down until you see the apps. To check which ones are accessing your location, go to Settings -> Privacy -> Location services. It is also recommended to delete applications that you do not use, as they may be collecting or storing your data.
12) Keep applications and operating system up to date. Updates often include fixes for security holes.
13) Do not use public or open Wi-Fi networks. Only access them as a last resort, if there is urgency and you have no other way to communicate. We have already talked about the dangers of these networks.
14) Set up a method to remotely lock or erase your data to prevent them from being accessed if your device is lost or stolen. The measure is drastic but in some cases it can be useful.
Using the iCloud Find My iPhone function, you can lock your phone or erase your data remotely. Android has similar functions that can be accessed through your Google account or in the app. To minimize the damage, have an updated backup of your data and photos.
15) Encrypting the device as a whole is also a good idea. If you use iOS, the lock code also works as a password for the data.
In the case of Android, content encryption must be manually enabled. Once activated, the phone will ask for a password or unlock pattern upon startup. Go to Configure -> Security and Location. Scroll down and click Advanced -> Encryption and Credentials. Select the Encrypt phone option and follow the instructions. Keep the phone with the charger and plugged in during the process and have some free time for it. The process can take up to an hour and the device will switch on and off several times in that time.
16) Watch out for permissions and information given to purchasing applications and websites and the reliability of the channels you’re using. Do some research before using a new website to see what the consumer experience has been like. Remember that your data, as well as your money, is very valuable. Think carefully before releasing personal information in exchange for promises of offers or benefits.
17) When making a purchase on a website, use a virtual credit card. The service generates a new number so that the data on your physical card does not need to be shared. Consult your bank, activation in general can be done through your internet banking or the application on your cell phone. Also activate your bank’s app warnings and notifications to be able to monitor any suspicious movements.
18) Change the access configuration of the router in your home, which is already pre-set at the factory, and enable WPA2 encryption. For added security, segment your network with independent passwords and connect different devices to those networks. We’ve already given you some tips on how to make your Wi-Fi more secure.
19) If you have children, create exclusive accounts for the little ones and try to monitor, as far as possible, your online activities. Check here how to do it on Netflix or Spotify.
In the street
20) Only use open or public networks as a last resort and if you need to charge your phone or tablet, don’t use public USB stations – they can carry malicious software. Alternatively, use a portable battery or take your cable with the plug adapter with you. So you can charge directly and not to an unknown USB port.