Staying safe in an interconnected world (Part 3) – The WhatsApp Tale

whatsapp

Almost everyone uses WhatsApp. It is the most popular messaging app out there with billions of users and tens of billions of messages sent per day. One of the selling points of WhatsApp is how safe and secure it is, especially with its end to end encryption. This means that all messages that you send are fully encrypted and can only be understood by the sender and receiver. WhatsApp has boasted of being completely secure and messages safe.

Recent news, however, shows that a device with WhatsApp installed can be easily infected and taken over using a voice call. You don’t even have to pick it. Apparently, there is a vulnerability in WhatsApp that hackers took advantage of.

This is just one example of several zero-day bugs that have been identified in everyday applications. We have seen examples of Microsoft webmail being attacked, Yahoo user passwords getting stolen and many others. The real question is how do we stay completely safe?

The only way to be absolutely safe is to stay off the Internet completely. However, since that is an unreasonable ask (even for me) you can try a couple of things to stay safer online.

1. Keep your passwords strong, secure and unique

We all know what passwords are. The question is, do we use them properly?

Passwords are used as the defacto means of authentication in most systems. Since we have to log in to so many systems and devices, we want to use passwords that are easy to remember. So, we use the name of things, pets or people that are important to us. The most popular password combinations include the names of our better halves, favorite food, best TV show, date of birth and other easy to remember passwords.

Research has shown that some people even use the word “password” as a password. While this makes the process of logging in easier, it is a huge security risk. There are techniques that hackers use to try guessing your login details. Don’t make it easy for them. As a rule of thumb, use a combination of uppercase, lowercase and special characters as your password. Your password should be about 8 or more characters long.

Now that you have created a very strong password and have also learned how to memorize it, You have decided to use it everywhere. You use it for your email, social media, website login and so on. Don’t feel too bad, we are all guilty of this.

Here is the catch;

If one of these platforms is compromised and the bad guys get your password, they can log into every other account you have! We even have websites that sell users passwords. And since you use the same username (your email address) in most cases, guess what happens next? Never use the same password on multiple platforms.

These two rules make passwords really hard right? I agree. You should consider using solutions that help store your passwords and syncs across devices. LastPass is a good example.

There are currently plans to replace passwords as a means of authentication. In the meantime though, try stronger and unique passwords across your accounts.

2. Enable 2-factor authentication where possible

A password is what you can remember or know. But what happens if someone else knows your password also? This is where 2-factor authentication comes in. This ensures that asides knowing the password, you have to provide another set of characters (usually autogenerated) to get in or to perform certain operations.

Different systems implement this in different ways. Some systems provide you with a hardware token that you use to generate a series of codes when you need to authenticate. Others send an SMS to your registered numbers. Some others provide you with an application that serves as a software token while others allow the use of popular authenticators like Google Authenticator. Regardless of the implementation, the principle remains the same. You need more than a password to log in. This is especially powerful in these days of data breaches.

How do you enable 2-factor authentication?

Many service providers already support 2-factor authentication at no additional cost. For instance, do you know you can use your mobile app to serve as a software token to log in to your Facebook account on the web? Or are you aware that Gmail also supports 2-factor authentication? All you need to do is search how.

3. Keep all your applications up to date

What happens when a zero-day security vulnerability is uncovered? The application developers quickly write a fix and advise everyone to update to the latest version. This is exactly what happened after the WhatsApp vulnerability was discovered.

The importance of keeping the latest version of all software and applications cannot be overstated. Updated applications usually include new features and fixes to bugs and critical security issues. The best part is that these updates are usually free. So, the next time you get an alert to update your application, don’t ignore it.

Updates are especially important for applications that are always online. For instance, if your website is powered by WordPress, it is important that you always keep your WordPress, themes, and plugins updated at all times. You should also consider enabling auto-update for all your scripts to ensure you don’t miss any update.

4. Install security solutions to further harden your devices and web presence

In some cases, you need to add security applications to further protect yourself. On your laptop and mobile phones, you should definitely install an antivirus. There are many good free options available out there and some premium ones as well. These applications help to further protect you if you come in contact with malicious files and links.

Many website applications, such as WordPress, have several security plugins and modules that can add an additional layer of security to your website. You can check here for a list of top 8 WordPress security plugins you may try out.

5. Don’t believe everything you see.

My first experience with the Internet was at cyber cafes. I visited cyber cafes a lot, diving into the mysteries of the world wide web. One of such days, I got a mail with an attachment that claimed I had just won $100,000! This was massive. The mail was as good as cash to me. All I could think of was how I could cash it. I never really wondered what I did to deserve it. I guess I thought I was lucky. Thankfully, the next set of requirements were more than I could afford to do so I let go of my new found fortune.

Many have fallen prey to similar scams because they seemed genuine.

Some of these scams may require you to make payments to get some benefit in return. Others may require you to provide important information like your date of birth, ATM PIN, email password and lots more. The rule of thumb here is that whenever you see something that is too good to be true, it probably is. Be careful who you share personal information with. Better still, never share bank details online with anyone.

You also need to be careful of emails that contain links to websites or downloadable documents. If you get a mail from an unexpected source with a suspicious link or document, it is best not to touch it. If the mail is from a known contact and still seems suspicious, best you call the contact before clicking or downloading. Documents laced with malware and links leading to malicious or phishing sites are sent regularly to unsuspecting victims. Don’t become one.

6. Purchase and install applications from only trusted vendors.

Always install trusted applications from trusted and recognized vendors. Where possible, always download from the official marketplace of your device or provider. Fake versions of applications can be found in the wild and they are usually difficult to distinguish from the authentic versions. Many of these fake versions include malware that could harm your device and probably spy on you.

I must also mention that you should avoid cracked/nulled version of premium software and applications. They may be free or affordable, but many times, they are laced with malicious scripts that can cause some real damage. This also applies to themes, plugins and other scripts that you may want to install on your website. If you want it, pay for it.

The Internet is a wonderful place to learn, conduct business, have fun and relax. It can also be a dangerous place for the unprepared. I hope these tips help keep you safe.

If you have any other points that I missed out or feedback, feel free to leave a comment below.

Comments

  1. Pingback: The Game of Prices - A Business Story - Tobaniyi's Corner

Leave a Reply

Your email address will not be published.