Is your online “trip” secure?

If you haven’t read our previous blog, kindly take a few mins and check it out before proceeding >>>HACKED WE CAN HELP!

Did you know anything that connects to a network can be compromised? Thats right, anything from humans to devices.

Massive data breaches, marketers tracking your every step online, shady people exploring the photos you shared in social networks - the list of digital annoyances goes on and on.

We often hear about cyber attacks, disaster events such Wannacry, NotPetya among others can’t be forgotten easily and are able to seriously damage even the biggest and well-prepared firms. Obviously, we are not just talking about huge cyber attacks against corporations and official institutions, but even of online frauds and data thefts to the detriment of small, medium-sized enterprises and individuals. However, it’s not completely hopeless.

Here we shall highlight some of the extra checks you need to perform to stay safe online.

1. Safe password and PINs
Everyone who has ever used a computer, a phone, digital device, or visited the internet has a username and password to login to something. Have you ever taken a few minutes of yourself to think about the passwords or Personal Identification Numbers (PINs) you use?. We use a lot of accounts with simple password, easy to recall, never changed, Usernames share the same password or format, saved them in favorite web browser, your friends know the logins, no second step verification, no Two-Factor Authentication (2-FA) or Multi-Factor Authentication (MFA) in use.

If you meet the above, then you either need to unplug your internet cable, take the next 15 minutes to add a layer of security to your online accounts (create different and complex passwords for each account i.e. a mix of numbers, capitol and lowercase letters, special characters and avoid sequences of only numbers or letters, as dates or names. If you find difficult to remember all those passwords, you can use a password manager) or call/email us for assistance. Otherwise the eagle Man In The Middle (MITM) is preying on you.

2. Attachments and shared links.
Care must be taken on email attachments, external files and shared links, in particular when the sender and/or the subject seem suspicious. Some even seem simple work documents or file received from friends. In that case its recommended not to open it rather trash it directly. Be careful also to all the email communications seem to be coming from banks, postal services or similar, which ask you to confirm your credentials: never do that, because no institution would ask something like that through email (See our previous blog for more details).

3. Secured websites and Online payments
Most of the time we open a browser and head directly to the URL or ask Google search for assistance in getting to the URL. Afterwords we enter login credentials and hit that submit/login button and patiently wait for the information to be presented to us. Depending on the response, we might press F5 key.
But how often do you check on the URL if it matches the actual domain name?, if the URL is secured with an SSL certificate (responds on https rather than http)?, What are the details of the SSL certificate?, Are there any redirections from the website you have visited to other websites?
When we make online purchases is better to use a prepaid card instead of a traditional one, especially if we don’t consider the website 100% safe, use double check mechanism (password plus sms code) to authorize the transaction, monitor our bank accounts using mobile and email notifications, so we can immediately notice if it was made a suspicious transaction.

4. Stay Private on Public connections
Public Wi-Fi networks usually do not encrypt traffic, and that means anyone on the same network can snoop on your traffic. Avoid transmitting any sensitive data e.g. logins, passwords, credit card data, and so forth over public internet. Always use Secured VPN to encrypt your data and protect it from preying eyes.

5. App Permission settings, Terms and conditions
Always check the app settings and especially control the authorizations you gave to your apps. Applications often request the access to camera, contacts and even microphone. Be careful about these details and avoid to give authorizations that apps don’t really need to function properly. Always read the terms and conditions and understand them. Additionally, use messaging apps with end-to-end encryption.

6. Social media
Social media are tools which expose our life to others but not always safely. We need to be aware of that and keep an eye on which contents we publish online. At all times control what kind of information is available through your platforms and change the privacy setting to protect better sensitive data where possible.

7. Don’t use public storages for private information
Oversharing is not limited to social networks. Don’t use online services that are meant for sharing information to store your private data. For example, Google Docs isn’t an ideal place to store a list of passwords, and Dropbox is not the best venue for your passport scans unless they are kept in an encrypted archive. Key point here is, Don’t use apps meant for sharing to store your private data.

8. Evade tracking
Browsers discloses a bunch of stuff about you and your surfing history. Marketers use that information to profile you and target you with ads. Incognito mode can’t really prevent such tracking; you need to use special tools like private browsing.

9. Keep your main e-mail address and phone number private
Your reward for sharing your e-mail address and phone number? Tons of spam in your e-mail inbox and hundreds of robocalls on your phone. Even if you can’t avoid sharing this info with Internet services and online stores, don’t share it with random people on social networks. And consider creating a separate, disposable e-mail address and, if possible, a separate phone number for these cases (please see our previous blog).

Back in the 80s and before, our parents would keep confidential documents including money in the following order:
1.Verify the documents and put them in a clean sealed envelope.
2.Put the envelope at the bottom of a drawer and place other items on top of it.
3.Lock the drawer with a key and place the key in another drawer of another cabinet.
4.Wrap the key of the drawer of the second cabinet in a polythene bag and hide them beneath a huge bathing rock.
5.A chain of trust would be done on the keys whenever documents access is required.

To find out how we can help you email us on info@myisp.co.ke or give us a call on 0730911000

Previous Blog >>>HACKED WE CAN HELP!

Email Security Protection

Well, if you are like me, before taking my Certified Ethical Hacker class, probably maybe not as much as you should and for some, I know it’s never. If you have never taken a class or have some basic knowledge of keeping yourself safe online, you might as well consider yourself hacked. In this digital age where most of our communication is done online, we are always at risk of losing our most precious asset, our Personal Identifying Information (PII). This is the information that we usually guard and keep close to ourselves such as, PIN numbers, email passwords, your bank account login credentials and the like.

What if I told you that I would make you give me this information willingly and you would actually be smiling as you do it. What, you don’t believe me, well you probably already did give it to someone other than me.

We’ve all at one time or another received a phishing email. It goes something like this, Your mailbox is full, click here to add more space, we noticed some irregular activity on your bank account, click below link to confirm, You have won the lottery, click below to redeem your prize. This will usually lead you to a similar site to what you are used to, for instance your bank’s site or your email login page and you will proceed to enter your credentials. Guess what, you’ve already been hacked. The sites you visit by clicking on the links in the email are usually fake sites that are used to harvest user credentials which ultimately let the crooks gain access to your account. I see you, “smart guy” asking who in this day and age still clicks on such emails, well of all phishing emails sent, there is a success rate of 30%, meaning that there are still so many users who are not aware of this kind of scams. I still see you brushing me off there, well guess what, internet giants Google and Facebook got duped out of $100 million through an email phishing scheme when a hacker impersonated a computer-parts vendor.

Phishing is still one of the most successful hacking techniques used to this day categorized under social engineering attacks.The hacker always tends to pose as someone you can trust and often tricks you to clicking on a link in the email. This kind of attack has been used to gain access to government institutions, and corporate organizations.

So what can you do to keep yourself safe online even with the hackers and crooks getting better at it everyday?

  1. Always be suspicious
    My wife’s motto on trust is, “You have to prove you can be trusted, before I trust you”. This is what I would advise when it comes to emails. This is even with emails you think you know the sender.
  2. Pay attention to the email/web address
    If you look keenly at the email and web address on a phishing email, you will see a lot of similarity but there is always something that will let you know the site or email address is not legitimate. E.g. wilson.muroki@myisp.co.ke, aghrt68uej@myisp.co.ke, https://www.myis.co.ke https://www4.myisp.co.ke
  3. Urgent action required
    Phising emails will most of the time have a sense of urgency on the action they want you to take. Always stop and ask yourself, why the urgency? You will more likely than not see phrases like, “Your account will be closed”, “Your account has been compromised or “Urgent action required”.
  4. Seek professional consultation
    MyISP offers user training to sensitize staff members on security issues and things to look out for when conducting their everyday duties. You can get in touch with us for more on this.

To find out how we can help you email us on info@myisp.co.ke or give us a call on 0730911000

Article Written by: Wilson Muroki
Service Delivery Manager - MyISP Ltd
BSc Information Systems Technology
Certified Ethical Hacker (CEH) ~ Institution: EC Council