Computer Security

1- Passwords

Briefly:
To have a strong password, you need to do the following:
Include at least one of each of the following: lowercase, uppercase, numbers, and symbols.
Make your password at least 12 characters long.
 Write down your password on a piece of paper and save it in your wallet or somewhere safe.


Why is it important to know how to create a secure password? 

I cannot stress this enough. Your password is the key to your cyber life! It is imperative that you have a strong password. Nowadays, many membership providers won’t let you type a password unless it has at least a capital letter, a lowercase letter, a number, and sometimes a symbol too. It might strike you as annoying. However, the reason why they enforce that variety is that it makes your password secure. The more possibilities each character of your password has, the harder it is to guess it, or brute force it.

For example, let's say that your password was six characters long and composed of only numbers, then there are 1,000,000 possible combinations. However, when you add lowercase, and uppercase letter, as well as symbols into the mix, then the possibilities, jump from 1,000,000 to 567,869,252,041. The point is, always have lowercase lettersuppercase lettersnumbers, and symbols in your passwords. That number gets much higher the longer your password is.
But how am I supposed to remember it?!
You write it down, that’s how. Trust me, the first few times you might not be able to remember it, but as you continue to use it, you will inevitably end up memorizing it.

2- System Security

Briefly:
To keep your operating system healthy and secure:
 Make sure to install all the updates available as soon as possible! Examples of critical updates that you should NOT delay would be Windows updates, anti-virus updatesWindows Defender updates, Adobe updates.
 Get rid of the programs that you no longer use or need.


Why update? 

Updates in general are a good thing! Often times they introduce new features to the operating system or the software and fix known bugs. However, another greatly important thing updates do is fix security holes in the operating system or a program. These security vulnerabilities can allow hackers to compromise your computer just by viewing an infected web page, or opening an email.

To avoid a great deal of malware, I strongly suggest that you set your set updates on "automatic" or install them as soon as you're aware of one. Usually, a software or an operating system will alert you if there is a newer version.

3- Connection Security

Briefly:
If you need to access your primary email, pay a bill, shop online, etc., I highly recommend the following:
Use an Ethernet cable that connects your PC/Laptop to the wifi router instead of using wifi.
Whenever you must enter sensitive data, make sure you're on the right website and double check for the "https" in the address bar, the emphasis is on the presence of the "s."


Safe Passage:

In the previous point, we discussed how WiFi is composed of electromagnetic waves, and that they travel in an expanding motion. Similarly, to avoid WiFi sniffers around your house, you should use an Ethernet cable because it doesn't broadcast your connection, rather it transfers it through the wire.

Have you ever tried to find your home WiFi among a list of WiFi names? If your WiFi adapter on your computer can pick the signal of, say 10 WiFi routers around your, then your connection can also be picked by someone in control of any of those 10 WiFi routers. It only takes one malicious person of the residents in those ten different homes to compromise your information. However, if your payments and critical online interactions are done through an ethernet cable, then you drastically increased the security of your login credentials, only because your computer didn't broadcast them through the WiFi.

 

4- Virus Protection

Briefly:
This is a must:
Install an Anti-Virus on your computer!


Why an Anti-Virus?

Everyday, there are thousands of malware spreading through the internet. Without a virus protection, it's only a matter of time before your computer is infected!

Keep in mind that it is critical to always keep your anti-virus up to date, considering the large number of malware discovered everyday! It is recommended that you set it up to automatically update itself.

5- Surfing Security

Briefly:
Similarly with the previous point, if you need to access your primary email, pay a bill, shop online, etc., I highly recommend the following:
Whenever you must enter sensitive data, make sure you're on the right website and double check for the "https" in the address bar, the emphasis is on the presence of the "s."


HTTP VS HTTPS:

As a rule of thumb, anytime that you are entering sensitive data (username, password, credit card #, SSN, etc.) you must make sure that the page address in the address bar starts with HTTPS (Hypertext Transfer Protocol Secure), such as this link to our website: http://cyberthread.org/

I highly advise you to NOT enter any sensitive data on an HTTP (Hypertext Transfer Protocol) web page because HTTP transmits the data as plain text and anyone can read it. However, when the web page is HTTPS, that means that the data you're entering will be encrypted before they are transferred making the data abstract to read and very difficult to decrypt.

Keep in mind, browsing the web pages that are HTTP is fine, as long as no sensitive data are being entered.

6- Email Security

Briefly:
There are many email security tips, and we will be covering many of them going forward. For the meantime, here are a few of them:
Have the main email address for your money related subscriptions, such as bank accounts, online shopping sites, and streaming services.
Have an additional email for other free subscriptions.
 Do NOT use your main email address on public WiFi. Instead, use your second email address.


Why is it important to know how to create a secure password? 

First, of, they are free! But you might ask, why the notion of having two emails is among email security tips? Well, you need one email that will be your primary email address that links to your bank account and other subscriptions that involve your billing information such as Amazon, or your gas bill company, … etc. The second email address is for other non-payment memberships, such as social media, forums, and such.

The goal is that when you need to subscribe to other sites and need to log into your email to confirm the membership and you happen to be on public WiFi at a coffee shop, then you avoid the risk of having your login information stolen. Why is public WiFi a risky business?

WiFi electromagnetic waves

Two words, WiFi Sniffers. Also known as packet sniffers, and they behave like the routers of the public WiFi. Meaning, they will catch the information that you’re sending the public WiFi’s router, such as your login information! That is because WiFi operates on electromagnetic waves and they spread around. Sure, that way, they will reach the WiFi router wherever it is, as long as it is within its range, but they will also reach the hacker’s laptop if it’s also in range.

As they say, better to be safe than sorry. To ditch WiFi sniffers, all you need to do is use a second email that if you happen to lose, it won’t inflict any stress or financial damage to you.

7- 2 Step Authentication

Briefly:
The goal of enabling your Google 2 step verification is to ensure that just because a hacker acquires your login information, it doesn’t mean that they can access your email, which improves your cyber safety. It is a second password in the form of a code that will be sent to your phone. Therefore, if a hacker compromises your username and password he or she won't be able to log into your email because he or she has to have access to your phone for every log in attempt.


How Does it Work?

Most 2-step authentication services will send you a pin number as an SMS to your phone or via a phone call, and that pin number is like a second password. Afterward, you have to enter it to log into your account after entering your username and password. Also, the pin number changes every time you log in. Therefore, if a hacker wants to hack your email account, then he has to intercept that pin number or has to have physical access to your phone.

Here is a screenshot demonstration of how to set up a 2-step authentication on your Gmail:

Screenshot of step 1 and 2 for Google 2 step verification tutorial picture

First, you want to be logged in your Google account, and be on google.com, then from the upper right corner click on your picture or the icon, as shown in the following screenshot. Next, you want to click on “My Account.”

Screenshot of step 3 for Google 2 step verification tutorial picture
Now you want to click on “Signing in to Google.”
Screenshot of step 4 for Google 2 step verification tutorial picture
You will see something similar to the following screenshot; now you need to scroll down.
Screenshot of step 5 for Google 2 step verification tutorial picture
Locate the “2-Step Verification” and click it.
Screenshot of step 6 for Google 2 step verification tutorial picture
You want to click on “Get Started.”
Screenshot of step 7 for Google 2 step verification tutorial picture
Enter your password again.
Screenshot of step 8, 9 and for Google 2 step verification tutorial picture
Afterward, enter your phone number on this page. Then, choose the preferred method of verification, whether “text message” or “phone call.” I recommend “text message.” Now you need to click “Next.”
You Now you will have a code sent to your cell phone.

Screenshot of step 12 and 13 for Google 2 step verification tutorial picture

Next, and depending on the method of verification you chose, you will get a confirmation code, usually a 6-digit number. Next, enter the digits in the field. Now, you want to click “Next.”
Screenshot of the 14th step for Google 2 step verification tutorial picture
Next, you only need to click “Turn On.”
Screenshot of the final step for Google 2 step verification tutorial picture
Congratulations! Two-step authentication has been activated for your Gmail account!

The next time you sign in, you will have to enter a code that you will receive on your phone before Google lets you get into your email.

8- Data Backup

Briefly:
To avoid losing the data you care about:
 Make sure you have at least one copy of your important data on an external hard drive or a USB stick.
– Make sure that the device that has your data backed up is not plugged in the computer or Laptop all the time.


Data Backup:

In May 2017, the biggest ransomware attack in the world was unleashed. The ransomware name was WannaCry. Utilizing a vulnerability in Windows computer it spread like wildfire. What it did was encrypting user data, making those files (pictures, pdf files, word documents, etc.) inaccessible by their owners, unless the victims transferred money to the hackers in the form of Bitcoins.

Now, let's personalize this example with you. It's May 2017, and the final project for a class of yours is due, and all of the sudden you can't access the file! You have the option to pay the hackers or get an F.

I think, using a copy of your project that you already had saved on a USB stick sounds like a more appealing idea!

Isolation

Unless you're backing up your files, you shouldn't have your external backup device plugged in. If you do have the device connected, and your computer gets infected by a ransomware, then the malicious malware will encrypt your backup data too, and now you're in a pickle!

9- WiFi & Router Security

Briefly:
Securing your home network is one of basic things that you need to do to have a healthy online experience:
– DO NOT use the default WiFi password of your router. It's too weak, and often a ten digit number.


Why not the default WiFi password?

Often times, the default password for a WiFi are composed of a 10 digit number, and a password that is composed of only numbers is extremely easy to crack! Sometimes, it only takes less than 10 minutes to crack a 10 digit WiFi password!

You wouldn't want someone to log into your home WiFi and commit cyber crimes, would you? The FBI would be knocking on your door!

Thus, I strongly suggest that you change your WiFi password to something more comprehensive by adding uppercase, lowercase letters, and a symbol or two.

Here is how you can change your WiFi password: