Digital Security Tips, if you don’t WannaCry..!

After following the world wide cyber attack ‘WannaCry’ initiated on 12th May 2017, it’s time to note down some tips in common practice. These tips are in general digital consumption during you personal & professional time. I hope most you are aware of the amount of vulnerability around us & how it can be fatal. I would like to talk about in Indian context as we are growing as an digital economy & even our citizenship is authenticated digitally called ‘Aadhar’. If any targeted attack happens, the disaster it can cause it unimaginable.

Let have a look at ‘WannaCry’ (which is expected to be short form of ‘WannaCrypt’). The is massive scale cyber ransomware attack affected more the 150 countries & more than 2 Lakh computers. As of now 5% of the affected computers are estimated form India. Andra Police department computers are hit by the attack as per IoT news. The most worrying part is most of Indian ATM machines are working of WindowsXP, which is out dated and not supported by Microsoft anymore. WannaCry ransomware is build on top the EtenalBlue exploit which was developed by NAS of USA to exploit PCs running on Windows XP, Windows 8, Windows Vista & server version Windows Server 2008. EtenalBlue was published by a group of hackers called The Shadow Group. The numbers of affected are expected to get increase, since most of the corporates will open up by Today 15th May 2017.

The depth of the attack is very high. For instance,  National Health Service hospitals in the UK got badly hit by ‘WannaCry’ & they force to override surgeries since they are not able to access patient information. In addition the attack had hit machinery like MRI scanners, blood-storage refrigerators and theatre equipment along side computers running on Windows XP. The attackers are asking for $300 in bitcoin to decrypt the hard disc & information after the ransomware is got activated. Spreading of ‘WannaCry’ had stopped accidentally by cyber security researcher social called ‘MalwareTech’. During his investigation he found the ransomware payload is applied after attempting to reach a random domain & it is not owned by anybody. He bought this domain for $10.69 to understand the traffic & get details of the attack. But it turned out to be a ‘kill switch’ for the ransomeware & stopped pushing payload, since the DNS address is available & the payload condition turns to false. This is a temporary storage as per him & the attackers can easily update this kill switch stop & start off again. Even he notices Chinas hackers are trying to highjack the domain to take control of the malware further.

The investigations are undergoing & still nobody turned up owning responsibility of this attack. Real intention of the attack is not so clear. As of now it is estimated as an attack for extortion. Bitcoin accounts involved are under trace. As of now no data compromising related issues surface out. The attack may reappear again, so it is time to take conscious defence against these kind off attacks.

Tips for Cyber Security

Official Computers & Workstations:

  1. Ensure you have a personal PC for your personal work & official PC is used for official purposes only
  2. Don’t configure your personal mails & social media accounts in your official PC, unless your job demands it.
  3. Ensure you have minimum software for your usage and regularly you are spring cleaning your softwares
  4. Get you IT department help to turn on your OS & Antivirus auto update. Please give some alone time to your PC to get it updated.
  5. Use any register & temp file software, which your IT provide
  6. Avoid connecting your official PC to your home or public wifi. Unlike your office internet, you will not have powerful firewalls outside.
  7. Don’t try to disable your antivirus for some applications.
  8. Use USB sticks with utmost care.
  9. Don’t open any mail which are suspicious, forward to IT department & get it checked if you are not able to decide upon.
  10. If you have a personal assistant to handle you mails, pl educate him/her about the cyber security.
  11. Avoid pairing you phones with office laptops using Bluetooth or hardware cables.
  12. If you use wifi, bluetooth or data cable to communicate with other devices in your company during work, take extra care of the infections. Double check you devices before connecting to PC.
  13. Format & get latest OS & antivirus at lease once in 2 years. This will not only helps insecurity, but also help is speeding up your computer.
  14. Ensure you are logged out when you are out of seat.
  15. Don’t tamper with your official computer hardware, IT department is there to help you.
  16. If your company using any software for ‘Data Leak Protection’, support it and get it installed.
  17. Don’t share your official mail distribution list outside or inside. Don’t make copy of the mail distribution list in you personal PC or any shared folders.
  18. Keep your time management perfect. Connect to wifi or LAN when it is required.
  19. Keep a better password & don’t share it
  20. Use Microsoft Office Outlook features to filter mails automatically.
  21. Keep folders named in your terms. Generic names will make it easy for hackers to identify your critical content.
  22. Finally, If you are using windows XP, 8, VISTA or SERVER 2008 get the recent security patch Microsoft released after ‘WannaCry’ ransomeware attack.

Personal Computeres & Laptops:

  1. Keep OS updated always. Take time & spent some Internet.
  2. Buy a good Antivirus, which will not load you RAM but ensure your safety. [Suggestions: Quick Heal, Mcafee, Avast, etc]
  3. Ensure to change your wifi password monthly.
  4. Monitor you wifi usage. If anything abnormal, check your system throughly.
  5. Keep you camera’s closed.
  6. Ensure your hardwares are working fine, no over heating or malfunctions. If any anonymous activity, it can be detected by your cooling fan & hardware heat.
  7. Don’t connect unknown hardwares to you personal computer. Accept data transfer from known genuine sources only.
  8. Check your broadband connections outside home for any damages or unusual crimping.
  9. Only connect to public wifi is really required. If your computer/laptop have sensitive information, please avoid using it in public wifi’s.
  10. If you are a developer or try a lot of softwares, games & website, then keep you information & data in a departs PC or hard disk.
  11. Keep folders named in your terms. Generic names will make it easy for hackers to identify your critical content.
  12. Don’t allow unknown people to use your computer,
  13. Stop browsing porn & torrents site,
  14. Don’t use cracked version softwares from internet.
  15. Keep you PC disconnected when you don’t want internet.
  16. Ensure not save password in text files or spread sheets.
  17. Saving password in browsers can also be vulnerable.
  18. Take regular data backups. Use Time Machine in Mac or other functions in Windows.
  19. Use secured cloud for critical data storage. Use multiple options like Dropbox, GoogleDrive, OneDrive and keep data in different place. Not all at one locations.
  20. Keep your PC logged out if not in use.
  21. Don’t keep your social media applications running round the clock.
  22. Ensure to configure you personal emails to emailing software & use filtering functions.
  23. If your are doubt that your PC is compromise, get help of an expert & get your PC checked.
  24. Clear you browser history, cookies regularly.
  25. Use popup blockers for browsers & before clicking any link be double sure about it. Browsers like Google Chrome show the full path when you hover over it, see that before clicking.
  26. Ensure your antivirus scans as per schedule (once in a week full PC scan is recommended)

Mobile Devices:

  1. Use apps form Google PlayStore or Apple AppStore. Avoid 3rd party app stores with limited validation & security.
  2. Keep your phone OS updated
  3. Check & confirm your permission settings to even app you have. you can control each permission.
  4. Turn on permission notification to ‘ASK’ as per your mobile phone. This option will ask or notify you when an app trying to access permissions like, contacts, GPS, gallery etc.
  5. Ensure to keep all you contacts attached to your mail account.
  6. Understand the risk in giving permissions to Apps you use. For example caller identification applications, you give them permission to use your contacts. Actually your entire phone book is getting synced with their database. Infact you are compromising you entire contacts with a 3rd party.
  7. use antivirus in your phone also. (Try to get buy an antivirus package for both your PC & mobile).
  8. Avoid using in public wifi
  9. Keep regular back ups
  10. Don’t save your password in your phone directory or in any apps
  11. Turn off your internet, wifi & bluetooth, when not needed. Activate auto shut of these service after sometime of screen lock (As per you phone make, find out this function)
  12. Use screen password (Number, pattern or finger print)

 

These tips are limited my practical use case experience & know how.

Stay safe..!

Image Courtesy

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s