Password manager

If you are attacked from all sides by the message "DO NOT USE THE SAME PASSWORD IN MORE THAN ONE PLACE" then... you better follow it. Leaks of databases from inadequately secured websites, break-ins on a larger or smaller scale or simple human mistakes – this is the daily stuff on the Internet. To avoid such a situation, use sufficiently long, randomly generated passwords and store them in password managers such as Lastpass or 1password. They offer browser plug-ins that suggest saved access data and fill them in automatically. Still, despite proven complex encryption, our passwords are kept on third-party servers. If you want them on your local hardware only, you can use the free KeePass. Additionally, it is worth subscribing to Haveibeenpwned.com to be notified when your e-mail has "leaked".

Backup encryption

Who among us nowadays is not afraid of losing important photos, documents, or... favorite GIF with a cat? 😉 While the leakage of the animation with a pet has probably never hurt anyone yet, sensitive data like documents or an inappropriate film can ruin us financially, socially and mentally. We trust that data sent to large corporations such as Google or Apple will always be safely stored on their guarded servers. However, we should know that everything we send to the Internet may one day become available to the public. For this reason, let's use software such as Cryptomator. It offers file encryption on local hardware and then synchronizes it with the selected cloud. Thanks to AES-256 encryption, we can rest assured. An additional advantage of Cryptomator is the availability on Windows, Linux, macOS, iOS and Android, so regardless of the operating system, we can use one solution. This way, when you see information about a leak, your heart won't beat faster.

Read and watch

Break-ins and leaks are just a small part of the lurking dangers in the Internet. Social engineering can be the most effective way to obtain our data. After all, why do we need a strong and unique password, or files encoded with the most secure standard, if we give the data to the scammer ourselves? Phishing pages can be deceptively similar to the original websites. The combination padlock is not a pointer and the domain can differ by one letter.

Is there one effective way to defend yourself? Unfortunately not. Therefore, logging into important websites should always be done with great care.

Additionally, remember not to open suspicious links from correspondence, especially those that you do not expect, and do not download attachments that you are not sure about. However, the best advice is to stay up-to-date with the latest information from the IT world. Spending 15 minutes a day reading articles from websites with web safety content (like IT Security Guru or Security Weekly), that describe the most popular cases of burglary, social engineering attacks and ways to defend against them, can save us some trouble.

Your equipment – your fortress

Have you ever lost your phone and needed to make a transfer quickly? Or maybe while visiting friends you remembered that you did not send an important document? Such situations usually lead to the use of equipment that you have not dealt with before. Of course, I do not accuse your friends, employers or even the city library of bad intentions. 😉 Not knowing the history of opened pages, installed programs, firewalls set up, or even the physical equipment connected in a new place, we cannot feel confident. The keylogger may seem like a thing of the past, but every year there are cases of break-ins, even on equipment delivered “directly” from the factory. It is worth remembering that computer viruses, although almost forgotten, still exist. Therefore, if possible, use your own equipment. The option for the most suspicious is to have a dedicated computer/smartphone, intended only for specific tasks, such as banking.

Updates don't want to annoy you

If the system has decided to trouble you with an update once more or the browser has changed something again or has forbidden access to unencrypted pages, then it probably does not happen without reason.

Under the layer of new functionalities and other not very useful improvements, there is usually a whole list of security patches and decisions aimed at increasing our safety. Despite my earlier advice on keeping up to date with the IT world, we'll never be able to respond as well as the software developers themselves. After all, we are unable to do anything about the vulnerability found in AMD or Intel processors, or remember the moment when TLS 1.1 was abandoned. This, hopefully, is what the developers of the application think for us. And if the application you are using stopped receiving updates a while ago, you should consider changing it to another one.

Let multi-factor authentication take over the world

The beginnings of this solution as we know it today date back to 1986, but only in the last decade has it gained popularity on a global scale. A single confirmation of our identity has never been fully effective, and has lost even more importance in recent years. Mobile phones have given us the possibility of a sudden leap in security once again. The applications offer various methods of multi-level authentication, such as a code sent via SMS or to an e-mail address, generating one-time codes or push notifications. Another way to ensure maximum security is the key used as a second level of authorization. Such a solution is offered by, for example, Yubikey. It does not need a built-in power supply as it draws energy from the connected device. Cryptographic operations are performed on the device itself, so they are difficult to steal, and the only way to obtain your data is to physically get closer to you.

Finally, remember: let's deepen our knowledge about safety and pass it on to the youngest and the oldest. Thanks to this, the future of the Internet will be much safer.