IT Security Basics
I’d like to start with a few words from a song recorded many years back by Led Zeppelin and sung by Robert Plant: “… lots of people talking, few of them know … “
Remember this song? Yes, this is coming from Dazed and Confused.
Conclusions from PWNing Cybersecurity Conference, Warsaw November 2018
We all know cybersecurity is very important these days, and will be an increasingly prevalent issue with humankind going digital in the near future. This process is irreversible. But do we really know what’s behind? Do we really know what kind of dangerous reefs and stormy areas await us on this ocean of the Internet, applications, solutions and tools? Even if you are told that your IT solution provider delivered a safe product, always ask if it was tested by anyone who specializes in cybersecurity and cryptography. Just one check, but lots to gain, including your restful sleep.
The list of unsecured examples presented on the Cybersecurity Conference is long and feedback coming from such events is simple: 100% safe IT solutions are nonexistent, it is impossible to have a 100% safe server, and there aren’t any 100% safe communication protocols, because all of them were made by people. This incurs software bugs or backdoors for various reasons, including mistakes. It is all about perseverance and skills (experience) of people who want to find it. We are extremely lucky if bugs are found by Cybersecurity Experts, so they can inform the software developer and the developer hopefully (but not always quickly) prepares a patch to fix this. But there is also an army of people who want to make money on us or want to cause trouble by hacking servers, software, or bank accounts.
So, you may ask “If we are not able to make the IT world 100% secure, how do we limit the risk?” There are some golden rules to be used in daily cyber life:
1. If you order a piece of software from a programmer or software development company, spend also some money on software security verification by a Cybersecurity Specialist or Red Team. This is not too costly, and can save money and credibility of many organizations and people later on.
2. When you log into web services such as Facebook or your bank, just make one quick look if you are still on the right web page, because sometimes Facebook.com looks like Façebook.com or Faecbook.com.
3. If a friend of yours or your family member is asking you for some money on Facebook chat or a communicator, you’d better call this person and ask if this is really them requesting this, because bad guys might have taken over their account on this service.
4. Never open any email attachments sent from strange addresses – one click and you could lose a lot of data and money.
5. Make sure your password is a bit more complicated than just the name of your pet plus the year you graduated from school.