By SevketUyanik, firstname.lastname@example.org
As technology becomes more integrated with society and economics, security becomes an increasing concern. The first thing we can say about internet security is that 100 % security cannot be provided. Malicious software are constantly being developed on the internet and measures against it are frequently updated. But we can take some general steps to protect ourselves. Just like thinking about what should be protected against the possibility of a thief breaking into our house, we should make a list of “what, why and who” we should protect on the internet as a priority.
First of all we should give preliminary information about “personal data” that we need to protect in terms of internet security.The security of our personal data shall be placed near the top within the priority list covering the most important issues because there are a lot of people who can use it to gain ground from it and use it for different purposes. Let’s try to take what the personal data is and which data we can protect in consideration.
Personal data are any and all data that make a person be determinable both directly and indirectly. Personal data primarily refers to details such as date of birth, blood type, phone number, etc. Apart from that, protection of personal data is intended for protection of human dignity, the protection of rights and freedoms, and the protection during the processing of personal data.
Here, “encrypting the information is easier to solve the password”, a quotation from Julian Assange of Wikileaks will guide us. Malicious software is constantly evolving and is coming up to levels to break your short digit passwords (up to 4 or 6 characters in length) in seconds. For this reason, the first thing to do is to choose long passwords. Of course, an insecure password still has a high potential of being broken no matter how long it is. So, how do we create secure passwords?
- Use passwords that do not constitute a “meaningful whole”
- Use both upper and lower case letters, numbers and signs
- Create unique separate passwords for all online services used
- Passwords renewed every 3 or 6 months
- Answers for security questions should not be real
What do you mean by “a password not constituting a meaningful whole”? It refers to any information associated with you such as plate number, date of birth, name, surname, company name etc. and which do not have a meaning when combined. An example of a good password is “k/1i2*H3-a4*N5-“. Anyone who sees this password may think that “how can I keep such secure passwords and how can I remember them separately for each service I use?”. We have some tools to help you, but let’s first look at how to create these unique passwords.
First select a word that you can remember, for example, I will select the work BILGISAYAR as my password word. We can add numbers and characters so it looks like this “8i1gi$@y@r”. To make it unique to each site, we can use a code based on the name or function of the site. For example, I use the word “post” for email sites, personal email can be “8i1gi$@y@rPpost” and work email can be “8i1gi$@y@rWpost”, “p” representing personal and “w” representing work. Create a pattern that you will not forget by classifying it according to the sites and functions you use.
There are also many tools you can use to remember your passwords. Here are two tools named Keepassx and Encryptr that I personally use. Both of these tools allow you to securely save your passwords via a single passphrase. Both of these tools operate as “Open Source Code/Free Software”. Again both applications are free.
Keepassx is available for Linux, Windows and Mac OSX and accompanying apps for IOS and Andriod phones. Encryptr is a program produced by SpiderOak, a cloud system that Edward Snowden also recommends. It can run on all platforms and operating systems, including Android and IOS. Both of these tools can create “safe passwords” for you.
How are the accounts attacked?
Your accounts can be attacked by phishing. This method operates through unsecured fraudulent web page links, fraudulent web sites, private messages from social media platforms, fake e-mails and fake login requests. You should be attentive and not click on links in the messages coming from the unknown sites or messages from unknown individuals. It is useful to do phishing tests frequently. You can find tests online if you do a search for “phishing test”. One of the other hacking methods is Keylogger-like tools. These are applications that track every key you press and every operations you make on the computer. Please note it is commons for public computers to have these tool installed for other reasons. Therefore, you should generally stay away from public devices when inputting personal or sensitive information.
Security of social media accounts
Often accounts are hacked via social media platforms. For this reason, it is very important to secure our social media accounts. We highly suggest using the Two Step Verification service that is offered on most social media platforms. It works like this: when you login to your account with your username and password, you will get a code customized for you on your mobile phone registered in the service and you can log into your account by entering this code. Even if malicious people guess your password, they can never enter your account unless they have access to your mobile phone. It is possible to use this method in platforms such as Twitter, Instagram, Facebook, Microsoft and Google.
Privacy, anonymity and messaging
I am going to talk about a few tools that I personally use frequently in the Turkey context.
Signal: This application allows you to send secure SMS, secure messaging and securely making phone and video calls. The technical experts say that, it is the safest application for the time being. Signal can be preferred instead of using separate tools to make secure phone calls and send encrypted SMS.
Telegram: Telegram can encrypt and delete your individual correspondence. Whilst it is possible to bring back the very old correspondence, which you have deleted, on Whatsapp – which is also encrypted – it is possible to delete encrypted conversations in the telegram forever. It also includes a two-step verification feature.
Cryptocat: Cryptocat is an application that also encrypts group conversations. With Cryptocat you can talk securely on Windows, Linux and Mac systems. It is also possible to install and use it as an add-on for browsers such as Firefox, Chrome, Opera. You can transparently access all the codes of Cryptocat which has features like offline message sending and secure file sharing. If you want to have a secure conversation, you can create a “channel” to securely chat and share files.
IRC: Most commonly used in Turkey and the preferred platform abroad for secure communication and file sharing
Chatsecure:With Chatsecure you can encrypt your Facebook and Google Hangouts conversations from your mobile phones with Android and IOS operating system. Chatsecure is also a free software.
TOR: TOR is a browser that is widely known against censorship and spying in Turkey, and it helps you hide your open identity. In short course, it changes your IP number and hides you and allows you roam the internet without being tracked. The equivalent of TOR on Android phones is an application called ORBOT. The new version also gives you free VPN service.
VPN: VPN (virtual private network) is a network commonly referred to and often misused in Turkey. Misuse refers to “free” and unknown services. Malicious groups can also set up VPN companies to track you and keep your log records. For this reason, you should often look for reliable VPN tests and make your choice from the paid ones. I recommend you to use PIA (Private Internet Access), VyprVPN and AirVpn services that I personally use. For a low monthly fee, you can safely use the internet and know you are protecting your privacy.
Mobile Phone Security
After the events between Apple and the FBI, mobile phone security has become a matter with increasing importance and discussions on it, both against the state and malicious intentions. Yes, the protection of personal data begins with our mobile phones. A person who has physical access to you device should not be able to access your personal correspondence, photos, and registered private data. If he/she does have access, he/she can use these data against you.
- Set the Require Passcode section to Immediately
- Turn off the Simple Passcode feature in order to create a longer, more reliable password
- If you see Data Protection Enabled at the end of the password page, the process is completed
If you use iCloud to back up your data on iPhone, it may be a risky in term of security. This is because; the Apple Company may share this data with institutions because of legal obligations. For this reason, you can choose secure cloud systems (such as Mega, Spideroak).
Security for Android
- Go to the Security section in Settings (on some devices, it says Lock Screen and Security) and find Data Protection
- You can also encrypt your card, which is an important storage resource, by enabling SD Card Encryption from the same section
Disabling the Auto-Connect to Wi-fi Network feature prevents you from connecting to unsecured and unencrypted internet networks and getting harmed. One last thing, both systems (iPhone and Andorid) have the feature of Find My Mobile. Thanks to this feature you can delete your data remotely. However you location information should be enabled for this.
Antivirus and Security
Recently, the biggest cyber problem of world history has been experienced because of WannaCry (Ransomware). Malicious people who exploit certain system vulnerabilities have produced software that has taken over “unprotected” computers and encrypted the files. They hold data “ransom” until the owners pay a specified amount.
In a nutshell, the virus is the name given to malicious software that infects computers and replicates itself. Since these viruses usually run in the background, it is not easy for us, as the end users, to detect them. As mentioned above, you can use some anti-virus software to get protected against cyber-attack situations and viruses, basically to keep your computer safe. Bitdefender is the first of software that we will talk about. Bitdefender, which offers products for institutional, corporate and individual users, offers solutions for Windows and Mac operating systems. These solutions are applicable in the areas of mobile security, cloud security and virus security. If you want to use Bitdefender as an institution for your Non-Governmental Organization, it might be available to qualified organization through the TechSoup donation program. Within the scope of this Donation Program, a total of five different packages are offered for both Windows operating systems and Mac operating systems. In the same way, also Symantec, one of the world’s largest security companies, has comprehensive solutions for Internet security. Symantec is the founder of Norton, one of the world’s most widely used anti-virus software, and offers services in the areas of e-mail, messaging, cloud and network security outside of virus security. Within the framework of the Techsoup Donation Program, you can purchase three packages of Symantec that will provide benefit to the NGOs. We especially recommend NGOs, using Microsoft Exchange institutionally, to use Symantec Mail Security 7.0 software for e-mail security.