Every day, new phishing attacks are emerging and cyber threats like ransomware and zero-day exploits are at an all-time high. We at panagenda take these threat scenarios very seriously, providing our team with internal alerts and personalized security tips. In January 2022 we established an internal information security team where panagenda coordinates and manages all kinds of security and privacy topics. We identify and evaluate current threats, vulnerabilities, and information privacy concerns and give advice on how to handle them. A huge part of our daily business is to keep people inside and outside of panagenda aware of best practices on how to protect their digital lives. As part of this initiative, and to prove panagenda´s commitment to security and privacy, we currently pursue ISO 27001:2013 certification and SOC 2 attestation.
There are many guides and guidelines available about how to securely walk through the world of email, the world wide web, social media, and home networking. For this article, we compiled a short list of essential, easy-to-follow privacy and security tips, that should help to avoid some common pitfalls.
Authentication
Secure authentication, and protecting your credentials are, in our opinion, the absolutely top most important information- and cyber security topic today. To protect your privacy and your personal information, every service that you use should have a proper authentication service in place. If available, always enable 2-Factor or Multi-Factor Authentication. We highly recommend using an authenticator app or hardware token instead of an SMS. SMS messages can easily be intercepted and are no longer considered a secure service. If provided with authentication recovery information, store them in a secure place. To recover your credentials from lost, broken, or unavailable service, you will need this information. You should store it on paper or offline in safe and encrypted storage.
How to Remember Your Passwords
We also recommend using a secure password manager. A password manager is an application that generates, stores, and auto-fills your login credentials for you. Only one very strong master password needs to be memorized and all other passwords will be encrypted against it. Most password managers offer browser extensions and mobile apps, so your credentials will be auto-filled, whatever device you are on. There are many professional and secure options you can use. (List of password managers)
Security Tips to Protect Your Passwords
Of course, you should take care of the passwords you use. Your passwords should have a decent length of at least 12 characters to make them ‘strong’. Consider using a passphrase, made up of many words, that are easier to remember. Password managers often offer options to create very long, random, and secure passwords. Get an idea of how quickly common passwords can be cracked by checking HowSecureIsMyPassword.net.
Also, do not reuse your passwords on different services. If you reuse a password, and one site you use has an account leak, then a criminal could easily gain unauthorized access to your other accounts with the same password. Attackers do this usually through large-scale automated login requests, a process that is called Credential Stuffing. Unfortunately, this is all too common, but it’s simple to protect against – use a different password for each of your online accounts.
Another important point is not to share your passwords. There might be times where you need to share your account, for example when working in a team. In this case, use a password manager, that supports shared account login.
And last but not least, avoid logging in on someone else´s device. If you do so, do not forget to log out of all the services you used. Also, if possible, use secure, private, or incognito browsing when using someone else´s machine.
Surfing the Web
Using the internet, in many cases means, surfing the web, and you do this by using a web browser. There is quite an impressive list of browser apps available, and all of them have their advantages and disadvantages. panagenda recommends using a privacy-respecting browser like Brave. Sometimes, IT policy requires you to use other browsers, or your operating system forces you to use a specific browser. Talk to your IT department about privacy settings for your company’s preferred browser.
We recommend, that you keep your browsers always up-to-date and do not allow your browser to save your passwords or auto-fill personal details. Use a password manager app to store and fill in such information. To enhance your privacy while browsing the web you can use extensions to block invasive 3rd-party trackers. We also recommend to not entering any information on non-HTTPS websites. You can identify secure encrypted websites by the lock symbol in your browser’s address bar.
Using Mobile Devices
Since this is an essential list of security tips, we will not tackle all topics on securely using a mobile device in this article. There are, as with any other security topic mentioned here, whole books on mobile security. But some fundamental guidelines can make a big difference in securing your mobile device.
Always protect you mobile device always with a PIN, ideally, if available, use a long passcode. If your device supports fingerprint activation, enable it. But you should avoid face unlock. Enable auto-locking on your device with a short timespan for activation. Encrypt your device in order to keep your data safe from physical access and always keep your system up-to-date to protect your device from recently discovered security vulnerabilities. Keep an eye on your application permissions and review them regular, and avoid location tracking for your device or for dedicated apps. However, many apps on mobile devices contain trackers that collect, store and sometimes share your data.
Protecting your Email
It’s important to protect your email account as if a hacker gains access to it they will be able to pose as you and reset the passwords for your other online accounts. One of the biggest threats to digital security is still phishing, and it can sometimes be incredibly convincing, so remain vigilant, and understand how to spot malicious emails, and avoid publicly sharing your email address. For your email account, apply the same password guidelines as mentioned above. A clear recommendation is to disable the automatic loading of remote content. It is often used for highly detailed tracking and sometimes can be malicious.
Security Tips for Messaging
There is a broad variety of messaging services available. We recommend using a secure messaging app that is both fully open source and end-to-end encrypted. Select a stable and actively maintained messaging platform. It should have undergone an independent security audit and ideally be based in a friendly jurisdiction. If possible, verify your recipients are who they claim to be. You can do that physically or, by using an app that offers contact verification, cryptographically.
This short list of easy-to-perform security tips represents only the tip of the iceberg on what you can do to improve safety, security, and privacy while navigating the sea’s information. In further blog posts, the panagendas InfoSec Team will dig deeper on selected topics to provide you with detailed information on how to stay on the safe side of information security.
Security Tips: Your Quick Check
- Use two-factor authentication where possible
- Store recovery information in a secure place
- Use a secure password manager
- Use strong passwords (especially your master password!)
- Never share your passwords with anyone
- Avoid logging in to someone else’s device
- Review the privacy settings in your browser regularly
- Keep your browsers up-to-date
- Do not enter any information on none-HTTPS-websites
- Protect your mobile device with a pin (enable fingerprint if possible)
- Review application permissions on your phone regularly
- Never click a link in your emails without looking twice
- Use end-to-end encrypted messaging services only