УJakub Kralka, Product Manager Axence
The risk of being attacked is negligible. The Internet is huge. Why would someone target my computer or phone?
Just as fishermen, hackers often release their malware into the wide world and wait until someone gets caught in the net: will hit a data stealing website, will connect to an unsecured hotspot capturing data transmission and recording logins and passwords, or will install a disk encrypting malware. These are largely automated attacks, performed by well-organized criminal groups, equipped with hardware and knowledge.
Free does not mean good
Free applications from unknown vendors, especially those developed for open source systems , expose us to potential data loss and the last remnants of privacy. An example is the series of approvals for access to information on your smartphone or tablet you need to give when you want to install a new app. For instance, we rarely think about why an application grouping news from the services we are interested in, requires access to our:
- SMS messages,
- contact list,
- photo gallery,
I am safe, because I have nothing to hide, no one cares about me because I am an average Joe
“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about freedom of speech because you have nothing to say”. The notorious affair of Edward Snowden, accused of treason, proves how often we are invigilated by intelligence services operating officially and at the request of state authorities. However, our workstation or mobile device may be used as a gate, leading the hacker inside the infrastructure they would like to, but cannot penetrate due to security measures. Lack of BYOD policy may result in letting a theoretically trusted person with a malware-infected device into our network.
Public Wi-Fi networks must be protected
We do not and we should not have any grounds to suspect that the institutions providing a hotspot on their premises have any bad intentions. However, any person with a little knowledge of the scope of broadly understood IT, Internet access and $100 to spend, can legally buy a tool imitating an open hotspot, which allows the full transmission of a user to be captured.
We are often flooded with notifications about available updates for the various systems we often use. Regardless of whether these are operating systems, browsers, messengers or other software, their updates have two primary purposes: to optimize operation and add new features, and to raise the security level related to their use. Gaps in applications and utility systems, patched by the developers with updates, are used by “zero day” attacks, resulting in data loss or the opening of the corporate network to third parties.
Hacking attacks are only a scare, specially inflated to keep me under control
The fact the users have learnt the security policy does not necessarily mean they have understood what they read and undertook to follow it. Moreover, despite reports on the more and more audacious actions of the cybercriminal groups, employee behavior remains unchanged, and they still do not realize that they make themselves and the infrastructure vulnerable to losses. According to PWC, 96% of companies experienced more than 50 security violation incidents in the last year, and a phishing attack is the most common security violation incident in companies. 79% of most of these incidents are caused by current employees.
I’m making backups – I’m protected
How many administrators or users check whether the performed backup can be restored without data loss? Are the backup-related devices properly secured? You need to remember that security is a process, not a final product and you can NEVER be sure your infrastructure is 100% secure.