How not to forget cybersecurity on vacation (and leave peacefully)
An 8-step vademecum to spend holidays without worries and worries about stolen passwords, compromised devices and unreliable public hotspots
(photo: Unsplash) Summer holidays are approaching and relaxation takes over by letting your guard down to the majority of users who use the internet on a daily basis. This decrease in attention is a great opportunity often seized by cybercriminals to be able to bypass the defenses normally imposed to get to get their hands on precious personal data.Cyberattacks can in fact take by surprise even under the umbrella between a notification and an e-mail, catching users unprepared and thus attacking private or even corporate data.
For this, from passwords to two-factor authentication, up to the home automation check before leaving, passing through the avoid using home banking services when connected to public hotspots, it is necessary to follow some tips and tricks to be "cyber-safe" even on vacation.
For the occasion, Wired listened to the experts of ToothPic , an Italian startup specializing in cybersecurity. "Summer can be an ideal time for hackers, who, taking advantage of user distractions, can access accounts and devices or steal data and information through phishing", explain the four founders of ToothPic, researchers and professors from the Department of Electronics and Telecommunications of the Politecnico di Torino.
Before unplugging it is therefore good to follow 8 practical tips from the vademecum drawn up by the startup that wants to help organizations protect their digital services and that has invented, designed, developed and patented a solution to turn every smartphone into a secure key for online authentication.
Always different credentials
It may seem like a trivial advice but it is not. For many users, laziness prevails and therefore, they prefer to use a single password to access multiple accounts since it "is easier to remember". This solution, however, could facilitate any malicious people who, once they discover the email + password combination, could use it to access the various accounts with ease. Before leaving for the holidays, and usually also throughout the year, it is good to check your credentials using the existing security checks in some browsers, such as Google Chrome, or rely on sites such as Have I Been Pwned to check if your credentials ever appeared in leaked databases online and, consequently, known to cybercriminals. In the case of compromised, too weak or outdated passwords, it is advisable to create a new password without reusing it in other accounts.More complex passwords
The complexity of passwords it is essential to protect your users: they must not be trivial or too short. It is always better to add numbers and special characters as well. Passwords that are too simple, in fact, facilitate hackers who can intervene with direct brute force attacks, i.e. attacks in which all combinations, in this case of words, theoretically possible, are tested to be able to obtain the access key to a protected system. . If the user lacks imagination and memory to remember all the passwords used, he can always resort to using the Password Manager.Activating two-factor authentication
When the user is register to an online service, some services such as Google, Instagram, Facebook, Dropbox, LinkedIn and many others offer the possibility - often hidden in your account settings - to use two-factor authentication. This method allows you to match the password with another verification factor such as SMS, authentication app or physical token. ToothPic experts recommend that you prefer token or app-based authenticators that generate verification codes rather than the system via SMS. The latter, in fact, unlike the first two verification factors, are more subject to scams (for example sim-swap scams), making it possible for a malicious user to enter the registered user's account and thus steal his data. sensitive or his identity as happened even to the creator of Twitter, Jack Dorsey, in September 2019.Beware of phishing
It is always better to be wary and never reply to messages or e -mail, even if arriving from senders who seem to be trusted or known, asking for authentication data. Especially with regard to e-mails, perhaps written in vacillating Italian, it is better to always pay attention to the sender's e-mail address and do not click on links where you are asked to enter usernames, passwords or other information.Beware of public hotspots
When traveling, pay attention to the public connections of bars, restaurants, bathing establishments and hotels. They may not have adequate security systems and expose devices to the risk of intrusion by third parties intent on stealing data online. Consequently, to make purchases and use Home Banking apps from your smartphone using your data network or to use VPN services to protect your browsing and online operations.Check online services
Even if you are on vacation it is always good to constantly check your online services. In this way you can immediately intervene in case you realize that your credentials have been stolen or cloned.Update your devices
While you are preparing your suitcase, it is better to update your own software installed on your computer, tablet and smartphone. This process often risks being overlooked when the updates required by these devices are needed to correct bugs or vulnerabilities that could put user data at risk, thus exposing them to cyberattacks that exploit the security holes of the device.Fixing home automation
With Internet Of Things technology increasingly present in smart home solutions, when you go on vacation it may be necessary to set up connected devices, such as cameras to control home even remotely or smart locks of doors and windows. In these cases, remember to change the password set by default by the manufacturer. In fact, if you keep the preset accounts that normally see the word Admin both as a username and as a password, you are more exposed to the risk of external people accessing the images recorded by the camera or being able to bypass the security of the smart home by unlocking the locks and stopping the alarms. Keeping your home automation monitored remotely can be a valid solution, as long as you respect the previous recommendations to protect the account used to access this app.In collaboration with Technogym
Home fitness becomes digital with Technogym
What Pegasus really is, the spyware everyone's talking about
Several mainstream media sites have been inundated with porn content, but there is an explanation
Topics
Cybersecurity Summer Internet Smart home globalData.fldTopic = " Cybersecurity, Estate, Internet, Smart home "
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.
