Sercan Azizoğlu's Personal Website
June 8, 2021

Some Proactive Measures for Personal Cybersecurity

Posted on June 8, 2021  •  6 minutes  • 1142 words
Table of contents

Where do we begin with digital privacy?

Identifying the personal or classified information that should be protected can be a good starting point. If you are writing a thesis that takes months of study and work, the draft file is essential to protect. We may classify any file that is important to us or someone as confidential. The common media are computers, off-line storage devices, and online systems. This may include, but is not limited to, email service providers, cloud storage services, social media platforms or the websites that we create content.

After the classification, what might be next?

Any file we open without a key or a password is likely in a readable format. Encryption is hiding data with a curtain to avoid being seen by anyone else. To open an encrypted file, there is a verification step to ensure that only the file owner or someone with a predetermined key can access to it. We can arrange file-based or for the entire disk encryption. There are many open-source encryption tools. The fact is that tools develop regularly. Staying up-to-date on this point will intensify security on the software side. If a hard disk is not encrypted, it can be easily accessed through physical access. If an encryption process exists, somebody will need the key to read it. The most commonly-used operating systems offer encryption options for storage devices. While organizing the encryption as always long and complicated passwords make it more difficult for others to decipher. When connecting online, encrypting files before sending is also a necessity to prevent the confidentiality of files while communicating.

Staying up to date

If we look at personal computers, there are two common steps that are easy to take on a regular basis:

  1. Receive & Implement Updates: Updates from vendors correct vulnerabilities or problems in operating systems. This is applicable for any application and software.

  2. Investment in certain security software is always a good policy: Conventionally, they are antivirus, anti-malware and firewall utilities. There are also browser extensions to prevent the leakage of personal information to web sites. Both points are applicable to any device that connects to the Internet.

Protection of Online Accounts

What suggestions do we have for protecting online accounts? How can we enhance their security to prevent unauthorized access?

When we want to access an email account, we write a password to the system to prove that we own that account. That is user authentication. There are other more secure ways to authenticate. 2 Factor Authentication is standard in many online banking platforms. To access online banking systems, we enter our password, then we get a second code on our smartphone, for the second step of authentication. As a new aspect of authentication, biometrics for example fingerprints, facial recognition or vein patterns in our palms, are new and secure options. Because they’re difficult to copy and steal. There is an email provider called ProtonMail . There can be three authentication stages for accessing an account in that service.

Since the provider informs during the creation of this code, if you forget it you cannot access your mailbox even if you know the account password. Although we might have multiple accounts, using a password manager will be useful to set them up.

What’s the significance of a virtual private network (VPN)?

As we access any website and social media or email platform, our device connects through other devices. If we’ve connected to our router or a public hotspot, we use these ways to reach our destination. This means that if those routers present a vulnerability, our data can be exposed or detected. If we access a bank account while connecting to such a public access point, there is a risk of losing confidential information during access. To avoid such a leak on public networks, implementing VPN is a proactive measure. We will always use the same method for accessing the Internet but with the VPN the traffic and information we send will be encrypted during the network. VPNs are also good options for bypassing banned internet websites to access in certain countries. However, an important point should be made about these services. They may have access to network traffic, Internet history, and information we sent while we connected to them. Due to that reason, reliability is essential to trust those providers. As always, it is better to have a paid VPN service.

How about backing up our files?

If we cannot tolerate the loss of a file, we need to prepare. Because we are going to lose it. Having routine backups both online and offline are major solutions for data loss. At least two different external drives could be required. This appears to be easy, but it may require some effort to implement.

What type of information can a website access when we visit it?

There is a demonstration website called 'webkay' prepared by a researcher Robin Linus . When we click a link, the web site gathers information about us. Some of these include:

  1. The location of our device through our Internet protocol addresses.
  2. Information about the operating system, browser, and certain browser plugins that we use.
  3. Hardware information such as central and graphical processor model and vendor, screen resolution, battery charging status and current battery level.
  4. Internet bandwidth speed and public and local IP addresses.
  5. If we log on to some common platforms, such as social media websites, this website may detect that we have logged on to this platform.
  6. If we have used especially portable devices, such as smartphones, they are able to access certain sensors to detect the orientation of the device. Like, it is just lying on a table or in our hands.

There are a couple of browser extensions to prevent such leaks. One more thing to mention is that there are fake extensions in browser stores. Before installing them, checking the number of downloads or user comments will help that no fakes are installed.

How can we place the importance of education and training to increase the protection of digital privacy?

Advancements in technology can create a breakthrough, and yesterday’s understanding may no longer be applicable. Attackers also create new types of attacks, and human error continues to be a usual option for exploitation. We need to know potential privacy violations for the long term. Most importantly, cyber security and privacy protection are not a sprint run. It is a marathon that takes an entire life long term.

This paper was prepared for a podcast series in the University of Padova.

Cover Credit: 'Defending a Digital Ecosystem: the Estonian Way' EU Cyber Security Conference 2017

Social Media

LinkedIn