STAYING SAFE ONLINE
The internet is here to stay so we can as well embrace it and learn how to protect ourselves while surfing through it. In fact, a recent study by Sprout Social shows that there is a tremendous increase in the amount of time users spend on social media, on average users are estimated to spend 151 minutes per day scrolling through social media. This means that users are coming to accept social media more; According to Sprout Social, we had a 3% growth in the number of social media users worldwide from January 2022 to January 2023 (3% is equivalent to +137million users) https://sproutsocial.com/insights/social-media-statistics/
Social media has its merits and demerits. Understanding how to leverage the merits while still protecting your identity and data online is important, especially due to the rise of identity theft in cyber-attacks today. One of the highlights detailed in the 2022 Crowdstrike Global Threat Report is, Today 80% of cyber-attacks leverage identity-based techniques. This has then increased to 112% Crowdstrike Report Some of the identity-based techniques include social engineering, MFA notification fatigue, credential theft, etc.
As an internet user, learning how to protect yourself online will help you reduce overall risk. In cyber security, A risk can be defined as a probability or likelihood of a threat successfully exploiting a vulnerability leading to the loss of confidentiality, integrity, or availability. Some of the risks you face as an internet user include:
- Identity Theft
Identity theft is the act of an adversary acquiring a user’s details such as social security number, ID, credit card details, etc, and using the information to impersonate them in order to carry out activities such as fraud, deception, etc.
For identity theft to be successful, the adversary requires to have your information and this information can be acquired actively or passively. Actively can be through social engineering and passively can be through credential theft.
- Data Compromise
NIST defines Compromise as “The unauthorized disclosure, modification, substitution, or use of sensitive data (e.g., keys, metadata, or other security-related information) or the unauthorized modification of a security-related system, device or process in order to gain unauthorized access.”
Data can be compromised through breaches, leakages, or exposure. Data breaches is the unauthorised access of data; data leakage is the unauthorised transference of data while data exposure is the loss of sensitive data through third-party for example if Instagram is hacked and your personal details are among the exposed data. Data can be lost both intentionally or unintentionally.
- Financial loss
We have seen instances of users falling victim to online scams where they end up paying for a product or service without verifying the legitimacy of the business or seller and also falling victim to social engineering attacks such as smishing, vishing where they end up sharing their personal information that potentially leads to financial loss through mobile banking or banks.
- Misinformation
In a world where everyone is entitled to an opinion, it is important to have your facts straight. I have seen instances where users end up clicking or performing an activity just because someone else has told them to without verifying the credibility of the information.
For example, a friend sends you a link and without verifying what it is for including the reason why they shared the link, one ends up clicking the link and unknowingly infecting their mobile device or laptop with malware that could perform activities such as acquiring stored browser passwords, etc.
Now that you have understood the different risks that affect you as an online user, allow me to take your attention to the different ways you can protect yourself and your data online.
- Take control of the information you put out on the internet
- Implement strong and easy-to-remember passwords
- Use unique passwords across every platform!
- Implement Two Factor Authentication
- Be aware of sites you are visiting on the internet
- Be cautious when downloading applications not digitally signed by trusted companies
- Keep your system and applications up to date by constantly updating them
- Avoid using public Wi-Fi. This includes coffee shops, stores, public transport, hotels and restaurants
References
https://www.crowdstrike.com/global-threat-report/
https://sproutsocial.com/insights/social-media-statistics/
Article by Christine Wambiru
Christine Wambiru is an Information Security Analyst. She constantly aims to improve the client’s security posture both on-premise and on the cloud. She is also a Content Manager at Shehacks KE where she ensures both the development of relevant and timely content for the community. Some of the skills that Wambiru has gained over the years include incident response, creation of SIEM rule detections, use case creation, memory forensics, SIEM deployment to production, and threat hunting.
LinkedIn – Christine Wambiru Medium – https://chriswambiru.medium.com/ Twitter: @CWambiru