fresh no ads
Top 4 security tips for Internet users amid rising cyberattacks | Philstar.com
^

Gadgets

Top 4 security tips for Internet users amid rising cyberattacks

Deni Rose M. Afinidad-Bernardo - Philstar.com
Top 4 security tips for Internet users amid rising cyberattacks
The Internet might feel safe because it is fast and personal when you are alone with your computer, but it really isn't. Infographics by Parisa Tabriz of Google.

MANILA, Philippines — In light of the recent international cyber attacks, such the “ransomware” that reportedly crippled about 200,000 computers in over 150 countries over the weekend, a global cyber security expert gave pointers that if you follow, “you will be leagues ahead of other people in terms of Internet security,” she said.

Parisa Tabriz, security expert at Google’s California headquarters, recently revealed to the Philippine press her “Top 4 security tips for people on the Web.”

1. Don’t reuse or share the same password.

Using the same password is dangerous “because hackers know best,” said Tabriz, who has been working for over 10 years with Google's 500-strong cybersecurity team.

“They know that people use the same password. So, what they will do is that they will target a especially weak website to extract passwords from all users of that site. They will get a full database of passwords and based on that, they will try those passwords across multiple accounts, things that are probably more sensitive. It’s possible to buy databases of passwords from other attackers. So, when you’re using the same passwords in multiple places, it’s sort of a secret. The more people you tell, the more likely it is to be known more broadly,” she explained.

She knows how difficult is to remember a different password for every single site, so what she encouraged people to use is a password manager, which remembers those different passwords for you. Chrome, Google’s browser, has a built-in password manager.

A sample of what a password manager looks like. Infographic by Parisa Tabriz of Google

2. Don’t login on shared computers and verify your account security settings.

“Think of shared computers as something with a lot of germs,” Tabriz said.

Attackers know that a lot of people log-in to shared computers, so these computers are more likely to have malware in the form of a key logger, she noted.

She defined a “keylogger” as something that “actually sniffs off all the keystrokes that you type in and sends off those keystrokes to an attacker.”

“So, obviously, if you’re logging in and there’s an attacker, your password is actually being sent off to some other attacker,” she warned. “Strengthen your account because if you’ve already typed in your password in a shared computer, you have already risked your password into being leaked.”

What she recommends to people is to check out their account security settings. If you have a Google account, you can go to Myaccount.Google.com or look for the My Account button, where you can view the different places that you logged in into your accounts and which devices you used to log in into your account. For example, if you do not have an iPhone but someone with an iPhone has logged in into your account, then that is suspicious, Tabriz said.

She recommended adding a second layer of authentication to your account by first, using a short message system (SMS) code, installing an application on iOS or Android, or using a hardware key.

3. Be mindful of all software or applications you install on your computer or phone.

Tabriz admitted that even if you are a security expert, it is really hard to tell a legitimate software from an attacker trying to fool someone on that software.

Hence, Google developed Safe Browsing technology, which regularly scans virtually all websites on the Web and randomly opens them using a special machine. If a website makes your computer try to download an .exe or an executable file, that is definitely a malware, so Google sends that website on the blacklist depending on the site’s behavior.

The Safe Browsing tech, said Tabriz, comes for free and is available in Firefox and Chrome. It also sends warnings against phishing sites, though she confided that it is also still possible for people to ignore these warnings and put themselves and others at risk.

4. Keep your software up to date.

Manually updating a computer is something people usually see as annoying, so they typically keep it off for a while, said Tabriz.

But generally, what updates do is to perform security scans on critical bugs, so not installing these updates will leave yourself vulnerable to attackers that could exploit your data, Tabriz cautioned.

Chrome, according to her, has auto update that starts as soon as you restart your browser.

Tabriz prescribed visiting and using websites starting with “https://”  as the “s” stands for encrypted security.

“By default, the content that goes over the Web, over http, is all clear text and there’s no real protection for it,” she revealed, adding that Http cookies can be sent on open-WiFi networks.

“The solution is https://, which is encrypted but not widely deployed. Over half of the Web is still not using it, so we’re promoting it. Without Https, you don’t have a guarantee of safety as a user or as someone building a website application.”

According to her, last year, Google published a transparency report on Https and the report revealed that even Google has not 100 percent adopted Https, so slowly, the company has been increasing the number of Https users.

Infographic by Parisa Tabriz of Google

Besides hackers that destroy passwords, she revealed that other security threats people face daily while on the Web are telephone companies selling people’s private information that enable private companies to insert ads into connections, as well as intelligence gathering by big nation states such as Iran.

“The Web really feels secure to most people. It feels like you’re talking to them directly because it’s so fast and immediate. And people think that by default, there is some security when you’re accessing the Web. But in reality, you don’t get security by default. And the Internet doesn’t look like a direct connection to a website, but it’s really an interconnected mess of machines and very typically, you’re connected to multiple, different intermediate points when you’re accessing a website,” Tabriz elucidated.

“Now, any of those intermediate points can actually be a potential place where a person can snoop in under your connection either by logging the traffic and looking at it later, or looking at it as it’s happening, or actually tamper with the connection, and this is actually adding in content to the connection that you or the website is not expecting to happen. This is called the ‘man in the middle attack,’ which has been a threat for a very long time but as we’ve seen, there is an increase in incidence.”

Hence, whether you are an ordinary Joe or an Internet security pundit like Tabriz, who has worked at the White House with the Obama administration to make government files more secure, Tabriz urged everyone to make it a mission to protect the Internet and its users.

“The web is really incredible in terms of being able to share information around the world, enabling people to access information around the world,” she enthused. “Even with just a simple knowledge of coding, you can share information around the world with just a link. That’s a really powerful tool.”

Infographic by Parisa Tabriz of Google

 

vuukle comment
Philstar
x
Are you sure you want to log out?
X
Login

Philstar.com is one of the most vibrant, opinionated, discerning communities of readers on cyberspace. With your meaningful insights, help shape the stories that can shape the country. Sign up now!

Get Updated:

Signup for the News Round now

FORGOT PASSWORD?
SIGN IN
or sign in with