Ransomware is an example of Cyberthreat that had been in the limelight for causing disruption and data loss to individuals and organizations, and extorting victims to make Bitcoin payments to unlock their data. The exposure by Snowden highlighted US National Security Agency, the mass surveillance of conversation and every form of behavior infringes on personal privacy.
In light of this backdrop, ITG organized a talk with our ITG Excos, Mr Lim Wei Wah and Mr Lo Khin Marn presenting on reasons why, as law abiding citizens, we should be concerned about security and privacy. At top of mind is the assurance of freedom of speech, this is no different from a class of students who is being supervised, and become boisterous once the teacher steps out.
Here, we give you an overview on what was presented, so that you are aware of the various methods, which you can implement, for detecting and securing data and protecting your privacy:
1. Backup – is the foundation of data protection, if you are not concern data loss due to hardware failure or malware attacks, be prepared to lose it.
2. Identity and authentication – protect your personal information such as birthdate, IC number, mother’s maiden name which can be gleaned off social websites and employing 2FA and One-time Passwords (OTP) for securing email accounts including using Microsoft or Google 2FA Authenticator.
3. Network controls include firewall to limit specific application from accessing internet and VPN to prevent data leak from Man-in-the-middle attack and to use TOR to secure your location and digital trail from your browsing habits.
4. Encryption – Microsoft bitlocker for encrypting data at rest for hard disk content should your computer be stolen, or using iOS keychain to secure account names, passwords instead of browser password vault which are largely insecure if it falls into the wrong hands.
5. Patching – The importance of regular OS and application patching is vital to prevent any emerging threats that exploits integrity in systems such as buffer overflow attack to crash system or to execute a piece of malicious code.
6. Wei Wah expounds the Microsoft Security by Design incorporated in Microsoft including policies with control mechanisms at device and file. Windows Defender Advanced Threat Protection is an endpoint detection and response (EDR) which is capable of detecting malwares and Advance Threat for network protection, reputation analysis, application control, behavior monitoring. While this may replace antivirus, it is always good to perform scans using virustotal.com which incorporate results from >70 antivirus scanners for detecting the more elusive strains of malwares.
In summary, personal security is about sacrificing convenience for enhanced security. One needs to outweigh the value of services offered by social web sites. Where they offer applications deemed worthy in exchange for vital pieces of information about yourself, your family and friends. This, in turn, may lead to identity and information theft, which ultimately leads to the compromising of personal security.
Image Credit: leowolfert/123RF Stock Photo