The Internet is not a safe place. We see that more than ever with the security breaches of businesses and individuals in the news on a daily basis. As Internet citizens, we need to take our protection into our own hands, as obviously most online services are not doing their best to protect us.
There are many user activities that put us at high risk for malware infection, system compromise, social engineering attacks or information disclosure. You need to recognize these actions in your own behaviors and work toward reducing them.
Opening email attachments
Attachments can make the exchange of documents and other files convenient. However, due to the inherent insecurities of Internet-based email, there is no guarantee that a message you have received is actually from the source email address or that the attachment was not modified in transit. The only secure options are to use a third-party file service (such as ShareFile, DropBox, Box, OneDrive, Google Drive, etc.) or use email encryption and digital signatures (such as S/MIME or PGP).
Clicking on hyperlinks from social networks
Social networks are rife with compromised accounts or fake accounts. When a message or posting entices you to click on a hyperlink, resist. Especially if a URL shortening service is in use. Clicking on links could land you on a malicious site. There is no absolute means to confirm that an offered URL is safe to click on, so just don’t. If the item seems so important that you must see it, then use a search engine and search for the name or title of the item. Do not click on hyperlinks shared through any social network.
Downloading files from third-party sources
Obtaining a file of any type from any location other than the original provider, vendor or seller is putting you at risk. Using third-party file hosting sites or transfer services/protocol can cause you to download compromised or infected versions of a file. Always seek out the original source. This will greatly reduce the risk of being hit by malware delivered via a Trojan horse version of a file, image, document, audio file, video, driver, plug-in or software update.
Using portable/removable media
Portable media, such as USB drives and flash cards, are convenient. But they put you at risk. If you place important personal or business-related materials on a portable drive, your data is at risk if you lose that drive. Additionally, if someone else uses the portable storage device before you or you connect it to multiple systems, there is a chance of malware infection spreading to your computer from that portable drive. Use a secure Internet-based file exchange service (see first risky behavior), or use on-device encryption on portable media.
Using open wireless networks
An open wireless network or a Wi-Fi hotspot is the most likely place you will be compromised. There are numerous fake or rogue wireless access point attack methods that can be used to fool you into connecting into a hacker-controlled wireless device. You might also be tricked into a man-in-the-middle attack, a DNS spoofing attack or a simple eavesdropping attack. Most users are unable to determine whether such attacks are occurring and often find out afterward that they have been compromised. Wireless attacks could plant malicious code on your portable device, steal private information or even compromise your identity or online credentials. To avoid the problems with open wireless networks, you can either get your own portable Internet service or use a VPN.
Most of the mobile phone providers offer either a portable access point or a tethering plan for your smartphone. This would give you a private Internet link that you take with you, rather than depending on open wireless networks. I use a portable hotspot from Freedompop.
Another option is to use a VPN across any wireless network you connect to. Advanced users can set up their own VPN running on their home system, but typical users might need to find a free or paid VPN provider. Good options to consider are privateinternetaccess.com and proxpn.
Sure, if you follow these guidelines, some of the fun of your online experiences will be diminished. But you will greatly reduce the chance of being harmed by the malicious elements online. If nothing else, I hope that at least knowing these actions are risky will cause you to be a bit more thoughtful and cautious while online.
Related Courses
Security+ Prep Course
CISSP Prep Course
Systems Forensics, Investigation, and Response