We follow the developments in these extraordinary times with great interest. However, we also need to be more mindful about cyber attacks

Today, many people join websites and forums and conduct e-commerce. However, our passwords can be disclosed when these websites are hacked due to insufficient cyber security. And if you are one of those people who use the same password for different websites, your other accounts also expose to risks. We follow the developments in these extraordinary times with great interest. But we need to be more mindful about cyber security.

Keep Your Computers and Phones Updated

Security gaps are constantly discovered in the operating systems and apps of computers/smartphones. You always need to install security updates to prevent this gap. Cyber criminals rely on users to neglect updating their computers and phones. Because programs and apps usually close their security gaps in their latest versions. For this reason, you need to regularly update the apps in your devices that you use in your homes or offices. This way you can avoid %80 of the attacks.

Use Antivirus

Antivirus security is another important point in institutions… The e-mails reach you after being inspected by an antivirus program. However, it can sometimes be difficult to control especially in video conference apps. It is very important for cyber security not to open the files that reach you through video conference programs which also allow you to share files. My suggestion is to use e-mail to send your files. An updated Microsoft Windows 10 operating system comes with sufficient antivirus protection for your computer. You can still use a separate antivirus software even for free. For corporate uses, I recommend antivirus programs with central protection. These programs can inform your company’s IT department even when you are working from home for them to take the necessary measures. Apart from these, Android users must definitely install an antivirus program for their phones.

Pay Attention to Access Permissions

Free programs developed by cyber criminals can also pose great risks. So, it is essential to download all your mobile phone apps from official libraries such as Google Play Store and Apple App Store. You need to check if a program is original before downloading it into your phone or computer. Because fake apps can mislead users with original/old logos.

And apps require certain access permissions while being downloaded into your phones. That is where we need to be extra careful. We need to be careful if, for example, a pedometer app requests permission to read texts, access contacts, make calls, and use the camera or microphone. You can avoid falling into cyber criminals’ traps by checking the points/stars of the app and whether it has been confirmed by Google/Apple.

Secure Your Internet Connection

A secure Internet connection starts with a device called modem or router that establishes the connection. You need to use the default password given to you for modem settings and then change it before starting to use it. Modem devices used for many years can lead to vulnerability in the operating systems called firmware. So, it is very important to use the latest version of your firmware. Meanwhile, you should never share your wi-fi password with anyone and use WPA2 or WPA3 encryption algorithm. Another suggestion would be to include upper/lowercase letters, numbers, and characters in your password and disable WPS.

How to Secure Your Personal Accounts?

We see that passwords are constantly leaked because of cyber attacks. That is why we cannot trust access with password only. Today, every social media and cloud account allows two-step verification. You should activate two-step verification of your accounts for your security. It can also be dangerous to click on the links in social media messages. You should use corporate VPN apps when connecting to your company from home. Two-step verification is again important for increasing VPN security.

Be Careful About Malicious Messages

Sadly, you can receive extremely convincing e-mails in your corporate e-mail address that are in fact nothing but malicious phishing messages. Therefore, you need to read your messages with great attention and not rush to respond. Check to see whether there are any typos in the sender’s e-mail address. To be sure of the URL link sent in the message, verify it by bringing your mouse over it and never click if you don’t trust the sender at all.

Don’t Forget Backups

Valuable data can get lost for many reasons such as human error, physical damages in the device, or cyber attack. And malicious software for ransom, virus, or other reasons can delete your critical files without even detecting it. You can back up your data in external discs and USB memories regularly.

Cover Your Cameras

I think it would also be a good measure to cover the cameras of computers and smartphones with a tape. We even see some people covering the audio inputs of their computers.

Stay Safe on Your Internet Trips

You should always approach any website link with suspicion. Otherwise, you can lose your information by being directed to a fake website whose name resembles the original one. Another point is the password selection… When you join a website, you entrust your username and password to the website admin. Thus, you should use different passwords for each website you join. Make sure that the address of the websites starting with “https://”. Because on the sites that start with “http://”, your password information can be stolen in a shared internet environment.

Boğaziçi University Management Information Systems Cyber Security Center    Assoc. Prof. Bilgin Metin