Latest Issue

Glitch 2021  •  18 May 2021

Phishy Business: A Guide to Cyber Security

By Vanessa Love

Our societies now run on new technological infrastructure that‭, ‬if compromised‭, ‬could result in frustration‭, ‬extreme loss or even the destruction of‭ ‬our civilisation as a whole‭.‬ In this article‭, ‬we’re going to teach you some basic security measures you can implement to avoid identity theft‭, ‬being hacked‭, ‬and the loss of personal data and accounts‭.‬

#Implement 2FA

2‭ ‬Factor Authentication‭ (‬2FA‭) ‬is offered by most websites‭ ‬as a way to keep your account secure‭. ‬This involves‭ ‬downloading an app on your phone and connecting it to your account‭. ‬When you next log into your account and provide your password‭, ‬you will also be asked for a token‭ ‬from the app on your phone‭. ‬Entering this code as a second method of authentication prevents bad actors‭ ‬from being able to access your account if they crack your‭ ‬password as they don’t have access to your 2FA token‭.‬

#Beware of Phishing Emails

Phishing emails are sent by bad actors in an attempt to‭ ‬get you to reveal sensitive information about yourself‭. ‬Often these look like legitimate emails you would receive‭ ‬from companies‭, ‬however‭, ‬when you click on links‭, ‬download attachments‭, ‬or respond to these emails‭, ‬you’re actually sending your data to the hackers‭. ‬There are‭ ‬some ways to identify these emails‭. 

‬First‭, ‬check for any common spelling mistakes‭. ‬A poorly drafted email could‭ ‬be a phishing attempt‭. ‬Second‭, ‬look at the company that’s‭ ‬sending the email and ask yourself questions‭. ‬Do I have‭ ‬an account with this website‭? ‬Have they ever contacted‭ ‬me before‭? ‬They’re asking for my bank details‭; ‬shouldn’t they already have them‭? ‬Third‭, ‬go into the properties of‭ ‬the email and check the address in the reply field‭. ‬If the URL is not correct and redirects to a suspicious domain‭, ‬this is a phishing email‭. ‬Fourth‭, ‬even if you think the email is legitimate‭, ‬always go to the actual website to‭ ‬log in as you usually would‭. ‬There’s no need to click the link they provided you when you can go to the website online yourself‭.‬

"The fewer accounts you have‭, ‬the smaller your digital‭ ‬footprint‭, ‬and thereby the smaller your attack surface is‭.‬"


When storing data on hard drives or USBs‭, ‬you can encrypt those devices first to help protect your data‭. ‬Using a tool like‭ ‬Veracrypt‭, ‬you can format the drive with a password that needs to be entered every time‭ ‬you plug the device in‭. ‬This ensures that even if you lose‭ ‬the device‭, ‬you don’t have to worry about other people accessing your sensitive information‭. ‬A word of caution though‭, ‬make sure you write down the‭ ‬password or use‭ ‬a password manager‭. ‬If you lose your password‭, ‬you’ll be the one locked out‭.‬

#Password Managers

A password manager is essential in today’s world as people usually have a variety of different accounts for services they use or have forgotten about‭. ‬A free‭, ‬open-source password manager like Bitwarden can help protect‭ ‬you online by generating strong‭, ‬unique passwords for each website you visit and storing them securely in the cloud to ensure access on multiple devices‭. ‬This helps‭ ‬avoid password re-use which can dramatically reduce‭ ‬your online safety because if hackers crack your password‭ ‬on one site‭, ‬they have your password for every other‭ ‬account you’ve used it for‭.‬

#Data Collection

Every account you sign up for‭, ‬will collect some kind of data on you‭, ‬and start to establish a profile of your online‭ ‬presence‭. ‬Reading the terms and services of websites can be a very tedious process that no one really does‭, ‬but there is a handy browser extension for that‭. ‬It’s called‭ ‬‘Terms of Service‭: ‬Didn’t Read’‭ ‬and allows you to discover‭ ‬at a glance how intrusive a website’s data collection and‭ ‬privacy policy actually are‭. ‬Also‭, ‬note that browser extensions themselves might not always be safe‭, ‬so do your‭ ‬research before installing anything on your computer‭. ‬Avoiding some services altogether isn’t really an option for most people‭, ‬so it’s important to remember that you are being tracked across the web and the data collected‭ ‬on you is being sold to other companies without your‭ ‬consent‭. ‬Spoofing your details for accounts and deleting‭ ‬old ones that you no longer use is a good way to help‭ ‬reclaim some of your privacy and digital safety back as‭ ‬the fewer accounts you have‭, ‬the smaller your digital‭ ‬footprint‭, ‬and thereby the smaller your attack surface is‭.‬

Even something as simple as going through and changing‭ ‬your browser settings can help to improve the privacy‭ ‬and security of your browser‭. ‬The landscape of cybersecurity is constantly changing‭, ‬and with it‭, ‬the recommendations and courses of action you should take for‭ ‬your online protection‭. ‬Be vigilant‭, ‬not fearful‭, ‬and‭ ‬you’ll have the best chance of staying safe online‭.‬


© 2024 UTS Vertigo. Built by