How to prevent loss and misuse of data

Thanks to the internet, we can now do almost anything – shop for clothes or groceries, accept orders from clients, or deliver a finished translation to the end client. It also means we share a lot of delicate information. How can you protect this, and make sure that the data and information of your client in your computer, e-mail, or smartphone are truly secure? The following article is a closer look at this.

Secure Communication

Almost all our communication on the internet could be monitored. This also concerns our work communication, which shifts from conventional mail communication to chat apps, and they’re not as safe as we may think. Many protection experts recommend avoiding apps like WhatsApp, Messenger, Skype, and Viber. Instead, they put their trust in apps like Signal, which has versions for smartphones and computers.

But what makes Signal so different? The answer is in how it’s encrypted. Although all the above apps encode message content, Signal encodes the metadata too. WhatsApp or Messenger may not know the actual content of your messages, but they can see with whom you chat, when, how often, and other relevant information, in other words metadata. Signal doesn’t learn any of this. Additionally, communication in Signal doesn’t happen via any third party, but rather occurs directly between those participating in communication. Only the devices of the participants have the key to decode the communication. This key is destroyed right after the communication ends.

No matter which app you use, don’t forget to update it regularly. The new version not only improves the old one, but also repairs errors which may be abused by hackers.

Securing your devices

There are some things that don’t depend on the app. The app is only as secure as the device on which you use it. If your phone or computer doesn’t have a password to secure it, or if the password is too easy, even an app with the best possible encryption won’t save you.

A smartphone password protects all the data in the device. It’s not recommended to use pattern lock. Choose a 6-digit PIN instead. And what about Face ID function from Apple, or fingerprint? They certainly work, for instance when you’re travelling by public transport and don’t want anyone to see your PIN. But the 6-digit PIN is always a more secure option.

The same goes for the computer – it is necessary to choose an adequately secure password. Your computer should not be left unlocked at work, not to mention public spaces.

Secure Passwords

Many people use the same one or two passwords for every website. On top of that, their passwords are far from secure. People also tend to log in to websites through Facebook or Google accounts, so that they don’t have to create a new account and remember a new password. But doing that gives an even greater opening for the hackers. In this case, the hacker only needs to break through a “smaller” website with poor security. This tells him the password, and then all he has to do is try it on other websites.

That leads us to the question: What does a secure password look like?

First of all, the secure password must be sufficiently long. It should consist of at least 20 characters. If you find it too long, know that programmers in large international corporations use passwords of 100 or even more characters, in addition to changing them regularly.

A password should contain not only lower-case letters, but also capitals, at least one numeral, and ideally one punctuation character (question mark, slash, etc). To remember your password more easily, you can choose a sentence. Simply join words of the sentence, e.g. "WheredidSnowWhiteandthe7DwarvesLive?", and your secure password is complete.

Now you may ask how to remember so many complicated secure passwords. The answer lies in memory exercises, or in a password manager app like 1password, where you can save all your passwords and simply copy them when logging into individual accounts. The manager itself requires a password to unlock it, the so-called masterpassword. All the other passwords are encoded by the masterpassword. There's no need to emphasize that by inventing this ultimate masterpassword, you should do your best and - first of all - remember it. 🙂

Two-factor Authentication

Choosing a secure chat app won't completely secure you against attacks. And the same goes for passwords. It’s important to use two-factor authentication. Two-factor authentication means that when you log into an app on a new device, you’ll have to enter a code which is sent separately to your phone. The code is delivered by SMS, or shown in the authentication app, like Google Authenticator. This will make a hacker's work much harder. Apart from the password itself, he’d also have to have access to your phone.

Antivirus software

Perhaps you think you don’t need any antivirus software because you’re always very careful on the internet. But being careful is not enough. Today, the biggest threat come from malwares, i.e. harmful, literally malicious software that can delete or misuse your data in many different ways.

If you use Windows, the good news is that the Windows 10 version includes the integrated Windows Defender, which can protect you from various threats. When you search for terms or phrases, you may often be redirected to suspicious websites. Therefore it’s also recommended to get a full paid version of an antivirus programme. The paid version of an antivirus is updated sooner than an unpaid one, and often includes plug-ins for email or browsers to warn you about potentially dangerous sites or attachments. In addition, many of them include a password manager, which will certainly come in handy. The best paid antivirus programmes include Bitdefender, Norton, Eset, and Kaspersky, and their prices run between 45 and 90 dollars per year.

If you are a Linux fan, the good news is that malwares for Linux occur only rarely, since it is not as widespread among basic users as Windows. Despite this fact, there was a case in 2016 when hackers added to one of the Linux versions a keylogger: malware that tracks every stroke on the keyboard, giving the malware all the passwords and payment data of the user. If you’re considering installation of a Linux antivirus programme, the best include ClamAV, Comodo, and Sophos, and most of them are available for free.

Data Backup

While we’re discussing protection against misuse, the question arises of how to hold onto your data in case of damaging or losing your device. The most important thing is to backup important data. Nowadays, most people backup their data in so-called cloud services. This saves your data on the servers of technological giants like Google or Apple. Many people consider it unsafe to entrust documents or photographs to anonymous hands. Paradoxically, the contrary is true. Your data is similar to your money, which is more secure in the bank than in a drawer back at home. The data could get lost even from servers, so the most secure solution is to save them not only through online storage but also right in your computer. As the second rule of Guardian editor Jack Schofield goes: data doesn't really exist unless you have two copies of it.

Apart from backup, cloud storage offers another important advantage. They make it easier to share information with your colleagues. To boost protection, it is recommended to password protect shared files (going back to the choice of the secure password), and provide your colleague with the password through a secure communication channel.

Disc Encryption

If you’ve saved very important information in your computer, such as documents or other data from clients, we recommend adding another level of protection: encrypt the disc. We recommend this even more if you’re storing personal data in terms of GDPR. Thanks to this encryption, all the information in your computer will be converted into unreadable code that can’t be deciphered by a user without the key. And if you lose your computer by some misfortune, or it gets stolen, you can be sure that no unauthorized person will get to your sensitive data.

If you have Windows 10, you also may have disc encryption integrated in your operating system. You can find this out by going to Settings, and clicking on "Update and Security" and then on "Device encryption". If there is no such option, your computer doesn't have integrated disc encryption. In this case, you can use the Bitlocker free app from Microsoft.

Public Wifi

For the sake of your computer’s security, you should limit connection to public Wifi. Why? The first reason is that a Wifi network named “Bratislava – centrum” might not be the city’s public network. It could be operated by a hacker.

The second reason is that the Wifi that doesn't require a password is not encrypted. Everyone can track what you’re doing while connected to the network. For example, an attacker can easily acquire login data to your email account. So it’s much more secure to use your mobile data instead of public networks, especially when it comes to sensitive data such as internet banking. But if you really have to open internet banking, or enter personal data, then connect to public Wifi via a secure VPN connection (virtual private network). This functions as a secure tunnel between two servers, through which all communication runs. Even if a hacker tries to track what you are doing, he’ll only see that you’re connected to a VPN that encodes all your activities.

When working from home, and using your private Wifi, you also have to remember to use it securely. You should definitely change the original password. If you don't, a hacker can just look it up in a manual and gain control over your router. It is also recommended to change the name of the network, such that the owner remains anonymous. When you set up private Wifi, be careful with the type of encryption. The most secure option is WPA2 encryption.

Machine translation

And finally, the topic of protection on the internet also includes the famous Google translator and other machine translation tools. An infamous case of what can happen after using an online translator was an incident of the translate.com translator from 2017. Its users included employees of the Norwegian oil giant Statoil. In September 2017, they found the texts which they had entered through this website interface were displayed among results when searching on Google. It turned out that the website published all documents, including sensitive data, the users uploaded for machine translation. That is another reason why we at Lexika avoid machine translation via free public services.

Prevention is important

If this article leaves you feeling a bit paranoid, please don't panic. In most cases, basic users are not targeted by sophisticated hacker attacks. The real targets are bigger institutions with huge amounts of data. Still, it’s better to secure your data thoroughly, at least as a prevention. And most of the suggested prevention measures can be relatively easy and quick.

Using secure passwords in your computer or smartphone, or setting two-factor authentication for important online services, will take you only a couple of minutes. But your sensitive data will then stay secure much longer.

---

Sources:
www.howtogeek.com
www.medium.com
www.nytimes.com
www.slator.com
www.dennikn.sk
www.techadvisor.co.uk
www.techradar.com
www.theguardian.com
www.vice.com
www.windowscentral.com