Written by Andrew Gole on September 16, 2020
Every major crisis creates a conducive environment for other smaller crisies and challenges to thrive. The COVID-19 pandemic has increased digital security and safety challenges globally as people resort to working remotely from home through the internet amidst the pandemic. Because many people are trying to adapt to a “work from home” environment for the first time, it has created opportunities for online criminals to capitalize on the current trend to further their sinister agenda.
On 25th August, I facilitated a 1-hour digital security hands-on session where I discussed with the participants' step by step guides to protect their identity and assets in the online world. This was in a bid to help them counter techniques being used by cybercriminals especially during the COVID-19 pandemic. Those techniques seek to target people’s online presence to compromise their online assets and accounts.
This session/discussion was very timely and much needed given the fact that many of the people in attendance were hearing some of the solutions and techniques we provided for the first time. and tThey found it very beneficially given the current crisis. Furthermore, many of the participants didn’t realize that they had been victims of some of the online threats we discussed during the sessions.
Below, I share a summary of what was discussed during the session hoping that it will help someone who was not able to attend the Zoom discussion.
We started the session by making an introduction to digital security and safety which we defined as simply the protection of one’s identity online and involves using the tools and means to secure one’s identity and assets in the online world.
We followed this by highlighting some of the most common online vulnerabilities that usersone can easily come across as they navigate their way through the online atmosphere.
Phishing
Phishing is a fraudulent attempt to obtain sensitive information like passwords, usernames by disguising as a trustworthy entity – came first on the list of online vulnerabilities. and we echoed that they are commonly sent through poorly designed emails which often include a false sense of urgency and directly solicits confidential information.
We went ahead and shared with participants common examples of real-life phishing attacks that have been used to steal confidential information from unsuspicious internet users in the past.
Pharming
We went ahead and looked at pharming – an almost similar attack to phishing – In which a hacker redirects an internet user to a fake website instead of a legitimate one to capture sensitive information like login information.
We shared YouTube videos explaining more on Phishing and Pharming.
Spyware
We couldn’t leave out spyware as we discussed some of the common online vulnerabilities. We emphasized that spyware is a form of malware attached to internet pop-ups or downloadable files. and Oonce installed, these programs can spy/ monitor a user’s keystrokes, read and delete files and among others can access a user’s details without their knowledge. We listed examples of known spyware like CoolWebSearch, Gator, Advanced Keylogger to mention but a few.
Some of the common symptoms and signs of a spyware infection that we discussed with the participants include; a suddenly slow computer, too many browser pop-ups and browser features that a user doesn’t remember installing.
It was reassuring when we shared with participants tips on preventing and getting rid of spyware. We recommended using Spybot, a spyware removal software, keeping their software updated, avoiding clicking pop-ups, using pop-up blockers like AdGuard, AdBlock among others, not clicking suspicious links that come in emails, always using secure browsers, and being cautious of free downloadable software.
Zoom Bombing
In the era of COVID-19, online video conferencing tools slowly found their way on top of the list of most wanted apps and software. This led to the rise of online vulnerabilities like Zoom Bombing – an act synonymous with Zoom video conferencing platform – a sinister act in which unwanted intrusions into a video conference showing obscene or lewd things by uninvited individuals causes disruptions.
We shared 5 simple steps to avoid Zoom bombing which included not using personal meeting IDs, using meeting passwords, using zoom waiting rooms, muting audio and disabling video for meeting attendees and turning off screen sharing for everyone apart from meeting hosts.
Because we are in the midst of the COVID-19 crisis, we only shared some of the online vulnerabilities that had been recorded during this time. However, we also discussed general tips for online security. Among these, we shared tips like installing anti-virus and keeping it updated, using strong, unique and random passwords, using password managers to avoid the issue of using the same passwords across multiple platforms or forgetting the strong ones, using VPNs for secure and obscured connections, enabling two-factor authentication for online accounts that support it, using passcodes, PINs and biometric authentication methods like fingerprints for mobile devices, clearing browser cache, avoiding online click-baits, turning off “save password” feature in all browsers, limiting the amount of information they share on social media, ensuring their devices are always updated and using apps that ensure end-to-end encrypted communication like Signal, WhatsApp, Line, and Telegram to mention a few.
Safe Apps
Lastly but not least, many internet users frequent Google apps like YouTube, Google Search, Google Maps, Gmail and other Google services daily. As a result of this, they leave behind so much digital footprint that can be used to track their online activity by Google which in turn sells to third-party advertisers to send them targeted adverts. We shared with participants techniques they can deploy to De-google their life. These basically involved techniques like checking the kind of data that google records about them, searching using alternative opensource search engines like DuckDuckGo as opposed to Google, and using incognito mode to do web searches through Google.
Finally, digital security involves a combination of different tools and techniques coupled with the personal commitment to change how a user behaves online otherwise, no amount of training or hands-on zoom sessions can improve a user’s security and safety online if they are not willing to change simple habits like using weak and easy to guess passwords using counterfeit apps and software.
This article was originally published by Digital Human Rights Lab.