Internet 101: Overview of security basics

Internet 101: Overview of security basics

Recently, Wombat Security Technologies surveyed 2,000 adults in the U.S. and U.K. to see how secure their online habits were, and measure the average level of knowledge about online risks. The results were disappointing (though perhaps not to companies who specialize in online security training, like Wombat Security). Wombat vice president of marketing Amy Baker states, “We often find that those of us who work in cyber security overestimate the knowledge the general public has on cyber security risks and basic secure behaviors.”

Two-thirds of those surveyed didn’t know what ransomware is, and nearly one-third didn’t know what phishing is. Half of the U.S. group had been victims of identity theft. Considering the abundance of online threats that have sprung up seemingly overnight, including the unprecedented WannaCry attacks and the Petya virus in May, maybe a refresher of online security terms and best practices is in order.

First things first. There is no need to panic. Most of the attacks are targeted at large corporations. Most, but not all. There are still plenty of scams and threats for those who are vulnerable. Online criminals are just like real-world criminals: opportunists. If you leave your valuables in plain sight in an unlocked car, they probably won’t be there when you come back. If you hide them and lock the doors, chances are good that thieves won’t bother you.

Keeping your online accounts and files secure is never a sure thing, but there is plenty you can do to lower your risks. If you at least make yourself a difficult target, thieves will most likely move on to easier pickings.

Basic security terms

Malware

Malware is an umbrella term to describe any software or program designed to damage computers or files. Viruses, trojans, spyware, and ransomware are all malware.

Ransomware refers to software attacks that take your files ransom: your files are encrypted, and you get a message with instructions to send payment to an untraceable account to regain access. Most attacks have been to companies and government servers, and individuals are at a low risk of attack. Unencrypting the files rather than paying the ransom hasn’t been successful and even paying does not guarantee you will get access to your files back. The best protection is prevention. Backing up your important files in a separate location (an external hard drive or a password protected cloud account) is already something everyone should be doing, but that many do not. Windows has issued a patch to secure the breach that was being exploited, so if you have a computer running Windows and have installed all available updates, you are not vulnerable to WannaCry.

Viruses are malware that spread rapidly by attaching themselves to other files.

Trojans are malware that looks like normal software. A Trojan lets other malware in.

Spyware doesn’t interfere—it records what you do, including passwords, account numbers, and other sensitive information.

Adware isn’t inherently malicious, though targeted ads, spam, and popups can make you feel attacked. And adware has to get through your security, leaving holes for other malware.

Phishing

Phishing refers to any scam where the scammer contacts you to try to get information or money. It could be on the phone, through email, through social media, or a website. It may be obvious (asking for information or to wire transfer money), or more subtle (clicking a link or installing/downloading a file, which then collects the information or transfers the funds).

To see examples of phishing, visit Microsoft support.

Facebook hackers

Sometimes your friends are not your friends: Facebook accounts regularly get hacked, and then the hacker can trade on the trust between friends to spread scams. Often the owner of the compromised account doesn’t even know what is happening. If a friend is posting links that seem out of the ordinary or making offers that promise free money or goods, it may be worthwhile to contact your friend offline to see if they are really behind the posts.

Mobile devices

The term “mobile device” doesn’t just refer to your smartphone. The growing “Internet of Things” includes smart watches and Fitbits, tablets, home networks and security, smart TVs, cameras—even refrigerators; anything that is connected to the internet or a network and isn’t an actual laptop or desktop computer is a mobile device. The problem with mobile devices (especially older ones) is that security updates are often neglected, or non-existent. Software companies are stepping up their security game with these smaller devices as attacks increase, but as with any new technology, it takes time to work out the kinks. Meanwhile, it is better to save your information sensitive transactions for your more secure devices.

Firewalls

According to Microsoft, “a firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.”

What can you do?

Use passwords. This should go without saying, but I’m going to say it: use passwords.

Choose a secure password—use numbers, symbols, and capital letters, and for the love of Pete, don’t use your name, birthday, or “password.”

Use different passwords—if a hacker does get into one of your accounts, that’s bad. If they have all of your accounts, that’s worse. Don’t make it easy for them.

Don’t share your password. Just because you trust someone doesn’t mean they are trustworthy. But it also doesn’t mean that they will be as careful with your accounts as you would be.

Only conduct business on secure Wi-Fi connections.

Public connections (hotels, coffee shops, airports) aren’t secure just because the business is one you trust. Places with a password that you need to get from the clerk (or that is printed on a receipt) are a little better than those with an open network (no password needed), but it’s better to wait till you are in a secure connection to send sensitive emails or do your online shopping.

Regularly update your software.

I’m as guilty as the next person of putting off that “update required” notification, but procrastination can get you in trouble: security teams who are keeping up with weaknesses in their software need you to install their patches, or you don’t benefit from their services., and it is usually something the software developer has developed and update to fix, meaning that those not updating regularly are at risk. The patches to stop the WannaCry attacks were available in March. “This isn’t rocket science; it’s an oil change,” comments David Venable, a former intelligence officer with the US National Security Agency.

If something seems too good to be true, be suspicious and do your homework

Don’t call me, I’ll call you: Don’t share personal info with anyone who contacts you; tell them you will contact them with the deets. This includes spam emails: if you didn’t solicit an email, or don’t know the person who sent it, don’t open attachments. This is how many viruses spread. Even if you do know the person who sent it, exercise caution. Email accounts can get hacked.

Never, ever wire transfer money to someone you don’t know in person, and can’t talk to on the phone. The same goes for giving out your credit card number. When shopping online, companies like eBay and Amazon offer protections and refunds if your goods never show up, and PayPal does too—not to mention that the payment can be can be tracked if something fishy happens, and individuals don’t have access to your account information.

Only download files from trusted sites. Your anti-virus software can only do so much.

Make sure you have firewalls and antivirus software installed and updated

AVG currently has some of the best free antivirus software. Or you can pay a little for more advanced security. You can even get security for your smartphone.

Cat has picture taken by phone security

I can haz credit card number?

Cat tries to unlock phone: https://imgur.com/ZfFg47qIf you have a computer that runs Windows Vista or newer OS, you have a firewall installed and running by default. For other operating systems, you should check with the provider to see if you are protected.

Backup

An external hard drive or secure, password-protected cloud storage should be a regular part of your internet security plan. If your computer files do get corrupted, either maliciously or not, having separate copy means you won’t lose everything. But the key word is “separate”: leaving your external hard-drive connected to your computer network defeats the purpose.

The heavy price we pay for ‘free’ Wi-Fi

Benjamin Dean, Columbia University

For many years, New York City has been developing a “free” public Wi-Fi project. Called LinkNYC, it is an ambitious effort to bring wireless Internet access to all of the city’s residents. The Conversation

This is the latest in a longstanding trend in which companies offer ostensibly free Internet-related products and services, such as social network access on Facebook, search and email from Google or the free Wi-Fi now commonly provided in cafes, shopping malls and airports.

These free services, however, come at a cost. Use is free on the condition that the companies providing the service can collect, store and analyze users’ valuable personal, locational and behavioral data.

This practice carries with it poorly appreciated privacy risks and an opaque exchange of valuable data for very little.

Is free public Wi-Fi, or any of these other services, really worth it?

Origins of LinkNYC

New York City began exploring a free public Wi-Fi network back in 2012 to replace its aging public phone system and called for proposals two years later.

The winning bid came from CityBridge, a partnership of four companies including advertising firm Titan and designer Control Group.

Their proposal involved building a network of 10,000 kiosks (dubbed “links”) throughout the city that would be outfitted with high-speed Wi-Fi routers to provide Internet, free phone calls within the U.S., a cellphone charging station and a touchscreen map.

Recently, Google created a company called Sidewalk Labs, which snapped up Titan and Control Group and merged them.

Google, a company whose business model is all about collecting our data, thus became a key player in the entity that will provide NYC with free Wi-Fi.

How free is ‘free’?

Like many free Internet products and services, the LinkNYC will be supported by advertising revenue.

LinkNYC is expected to generate about US$500 million in advertising revenue for New York City over the next 12 years from the display of digital ads on the kiosks’ sides and via people’s cellphones. The model works by providing free access in exchange for users’ personal and behavioral data, which are then used to target ads to them.

Yet LinkNYC’s privacy policy doesn’t actually use the word “advertising,” preferring instead to vaguely state it “may use your information, including Personally Identifiable Information,” to provide information about goods or services of interest.

It also isn’t clear the extent to which the network could be used to track people’s location.

Titan previously made headlines in 2014 after installing Bluetooth beacons in over 100 pay phone booths, for the purpose of testing the technology, without the city’s permission. Titan was subsequently ordered to remove them.

But the beacons are back as part of the LinkNYC contract, though users have to choose to opt in to the location services. The beacons allow targeted ads to be delivered to cellphones as people pass the hotspots, but their use isn’t spelled out in the privacy policy.

After close examination, it becomes evident that far from being free, use of LinkNYC comes with the price of mandatory collection of potentially sensitive personal, locational and behavioral data.

This is all standard practice in the terms of use and privacy policies for free Internet-based products and services. Can we really consider this to be a fully informed agreement and transparent exchange when the actual uses of the data, and the privacy and security implications of these uses, are not clear?

A privacy paradox

People’s widespread use of products and services with these data collection and privacy infringing practices is curiously at odds with what they say they are willing to tolerate in studies.

Surveys consistently show that people value their privacy. In a recent Pew survey, 93 percent of adults said that being in control of who can get information about them is important, and 90 percent said the same about what information is collected.

In experiments, people quote high prices for which they would be willing to sell their data. For instance, in a 2005 study in the U.K., respondents said they would sell one month’s access to their location (via a cellphone) for an average of £27.40 (about US$50 based on the exchange rate at the time or $60 in inflation-adjusted terms). The figure went up even higher when subjects were told third party companies would be interested in using the data.

In practice, though, people trade away their personal and behavioral data for very little. This privacy paradox is on full display in the free Wi-Fi example.

Breaking down the economics of LinkNYC’s business model, recall that an estimated $500 million in total ad revenue will be collected over 12 years. With 10,000 Links, and approximately eight million people in New York City, the monthly revenue per person per link is $0.000043.

Fractions of a cent. This is the indirect valuation that users accept from advertisers in exchange for their personal, locational and behavioral data when using the LinkNYC service. Compare that with the value U.K respondents put on their locational data alone.

How to explain this paradoxical situation? In valuing their data in experiments, people are usually given the full context of what information will be collected and how it will be used.

In real life, though, a lot of people don’t read the terms of use or privacy policy. Those that do are not always able to understand what these documents are saying owing partly to the legalese used and partly to the intentionally vague wording of some passages.

People thus end up exchanging their data and their privacy far less than they might in a transparent and open market transaction.

The business model of some of the most successful tech companies is built on this opaque exchange between data owner and service provider. The same opaque exchange occurs on social networks like Facebook, online search and online journalism.

Part of a broader trend

It’s ironic that, in this supposed age of abundant information, people are so poorly informed about how their valuable digital assets are being used before they unwittingly sign their rights away.

To grasp the consequences of this, think about how much personal data you hand over every time you use one of these “free” services. Consider how upset people have been in recent years due to large-scale data breaches: for instance, the more than 22 million who lost their background check records in the Office of Personnel Management hack.

Now imagine the size a file of all your personal data in 2020 (including financial data, like purchasing history, or health data) after years of data tracking. How would you feel if it were sold to an unknown foreign corporation? How about if your insurance company got ahold of it and raised your rates? Or if an organized crime outfit stole all of it? This is the path that we are on.

Some have already made this realization, and a countervailing trend is already under way, one that gives technology users more control over their data and privacy. Mozilla recently updated its Firefox browser to allow users to block ads and trackers. Apple too has avoided an advertising business model, and the personal data harvesting that it necessitates, instead opting to make its money from hardware, app and digital music or video sales.

Developing a way for people to correctly value their data, privacy and information security would be a major additional step forward in developing financially viable, private and secure alternatives.

With it might come the possibility of an information age where people can maintain their privacy and retain ownership and control over their digital assets, should they choose to.

Benjamin Dean, Fellow for Internet Governance and Cyber-security, School of International and Public Affairs, Columbia University

This article was originally published on The Conversation. Read the original article.

Wiman helps you find free WiFi and more

Wiman helps you find free WiFi and more

You love your Unlimited High-Speed Internet from Easy Internet Now – especially with your free Wifi modem – but what about when you leave the house? You’re stuck trying to find free WiFi to avoid your mobile carriers ridiculous data caps and speed throttling. It’s a mess of guessing which fast food restaurants or coffee shops will offer free public WiFi, made increasingly difficult by a growing number of places that are opting to be a “WiFi Free Zone” because they believe it will improve the atmosphere of their establishment. So what’s a traveling EIN customer to do when trying to find some free Internet on the road? If they’re using an Android phone (sorry Apple) there’s a new app available to help make things much easier.

More than Maps

Wiman is a service that conveniently maps out free public WiFi locations in cities around the world. You can use their website or their Android App to find locations close to your location or search in advance in a city that you plan to visit soon. One of the best features is the ability to save the WiFi maps for offline use – letting you find WiFi in places where you have no cellular data at all. At this time Wiman claims they have over 70 million free WiFi locations mapped around the globe. The app also gives you more detailed information about the type of connection you should expect and even has a built-in speed test that’s compatible with Android Wear, letting you check your connection speed right on your watch.

Business Use

The Wiman service isn’t just for roving WiFi bandits – it’s also for businesses to use to share their WiFi with the public while maintaining their internal network security. Businesses can get stats on their public WiFi usage and help drive more customers to their location just be being shown as available in the app. People are always looking for WiFi, no matter how much data their mobile plan offers, and if you’re a business owner you generally want them to choose you.

Interested in trying out Wiman?

Visit their Website

Download their App in Google Play (Android Only)