Anastasiia Apetyk, an expert on information rights and digital security at the Expert Center for Human Rights, cited top mistakes of social and corporate network users during an online webinar for Pro Bono Lab and Legal IT Hub.
Leakage of personal data
$1 is enough to know your home address, passport, bank and other data. Most often, such information becomes available on the Internet through store employees whose discount cards you have. Remember how many questions you answered about yourself before getting this plastic?
Of course, no one offers to completely abandon discount cards, yet before filling out a questionnaire of any company, you must read its information security policy, and then think a hundred more times whether it is worth answering certain questions at all.
Make sure your password is strong
The password must include at least 16 characters, uppercase and lowercase letters, numbers. Ideally, you should come up with a code phrase with characters that is understandable only to you. For example, table+sobaka = T@813+Soba4ka.
You can check the reliability of your code word on the website: https://howsecureismypassword.net/
It is recommended to change the password at least once every three months and prefers once a month.
In the future, users may be deprived of this procedure. Google and Windows have already officially announced their intention to give up passwords in favour of biometric identification.
E-mail security
There are also convenient resources on the Internet to check your mail. They allow you to understand whether there is public access information about your name, surname, phone number, email address, bank data. If, as a result of the verification, you find out the mail was hacked, you must immediately change the password to it and log off all sessions.
Services for checking the security of a bank card
There are no such services. But there are a lot of gullible users in Ukraine. They leave their card number and CVC2 on sites that allegedly offer similar services. As a result, after a while, the money from the account disappears.
Also, online scammers can create a website identical to some online store.
“Just a week ago, a friend wanted to buy things on OLX. She sent an unknown link to a messenger with a jump to a website that looked like OLX. She entered her card number and CVC2 code there, and after 15 minutes all the funds, including credit (about UAH 20,000), disappeared,” – an expert on information rights and digital security presented an example a real story.
In order not to get into such a situation, you need to check whether the site is safe and secure. This is easy to do – the address bar of the site should be located a character-snap!
If you still have no money from the card, immediately contact the cyber police and technical support service of the company whose website you ordered the product on.
Two-factor authentication
It is usually used when providing bank information. For example, when we buy something online, we enter the card number and СVC2, as well as confirm the transaction with the code that comes to the mobile phone number. Also, two-factor authentication can be configured to protect email accounts, Facebook, Instagram, Telegram, WhatsApp, Signal, other messengers and social networks: Google, Facebook, Instagram.
It should be noted that the possibilities of two-factual protection are usually written in the security policy of any service and application. But, admit it, you never read this document.
SIM security
One of the important tips for every Ukrainian from Anastasiia Apetyk is to link the SIM card to a document confirming the identity of the number holder, set a secret word and block the possibility of remote SIM card recovery.
The fact is that if you do not attach a SIM card to the identification document, it is often enough to list a couple of numbers you called to duplicate (restore) it. Accordingly, the fraudster can dial you from several numbers at different intervals and reset, forcing you to call him back, and then call back these numbers, as well as the numbers of your friends (they are easy to find on social networks) and get access to the bank account, messengers and social networks that are tied to it through a duplicate SIM card.
So three years ago, one lawyer, who simply had to win in court, because in his hands were reinforced concrete evidence of the innocence of the client, lost the case. It happened because the other side fully knew the line of defense. how? It turned out that the opponents duplicated the defender’s mobile phone number, went into his messenger and read all the correspondence with the client.
Therefore, it is also important to distinguish between SIM cards: one number is intended for communication, the other – for banking data and transactions.
Can I use a VPN?
If you use a free VPN (a virtual private network), then through it, you can accidentally transfer some personal or even corporate information to the companies to have created this network. Therefore, the expert advises using a paid private network or the VPN that you created yourself if you have such skills.
Data encryption
You can encrypt information on hard drives and removable media. This can be useful if your computer or hard disk is stolen. Without entering a special password, you will not be able to access the information.
Information on iPhone, iPad and new Android is encrypted by default, on old ones – you can enable this feature manually in the “Privacy” /”Encryption” section. On IOS computers, the INFORMATION rights and digital security expert advised you to use the FileVault app, with Windows BitLocker (built-in) and VeraCrypt.
At the same time, Anastasiia Apetyk recommends using cloud storage more, since in this case, since in that case if you lose the gadget, you would not lose important information.
As for the use of flash media. The specialist noted that in Europe, their use has long begun to refuse. Therefore, in the corridor of the USB flash drive, do not insert it into the computer under any circumstance. It may contain malware.
Unsafe emails
Modern emails filter emails. Malicious ones go to Spam, however, users still open them and follow the link, buying on promises of a big win or inheritance. As a result, fraudsters receive the necessary information, delete or block all data from the computer.
Accountants and lawyers who send letters as if from a bank or from a court should be especially attentive. In this case, you need to carefully check the sender’s address, whether it really belongs to the court or bank (note that the discrepancies in the address may be insignificant – extra dash or lower underscore).
Phishing emails often have the wrong grammar and spelling.
Rules of conduct in social networks
According to Anastasiia, today a lot of personal data may be learned through social networks. As an example, she cited an experiment conducted at one of the webinars, when participants of the event were invited to find information about each other on social networks. Just eight minutes later, everyone learned the phone number of the husband of one of the participants of the webinar, the place of her residence, the address of the kindergarten to which her son goes, and even the address of the hairdresser (according to the specified geolocation)!
The expert notes that if you have an open profile, and you publish as rest somewhere, then this information can be used to rob your apartment.
Some people in the profile have a mother’s maiden name or pet nickname, thanks to which you can access a bank account (often these words are code).
Therefore, the specialist recommends not to post a lot of information about yourself on social networks, not to write that you are going on vacation, if the house is not under proper protection, as well as read the privacy policy.
Be careful, follow the advice of our experts to protect yourself, your loved ones and colleagues from information threats. And we, in turn, will continue to provide you with useful content.
The Pro Bono Lab program is managed by the Ukrainian Legal Aid Foundation. The activity is implemented jointly with experts of the international organization PILnet, ZMINA. Center for Human Rights and IRC Legal Space, supported by the International Renaissance Foundation