The Internet is not a safe place. We see that more than ever with the security breaches of businesses and individuals in the news daily. As Internet citizens, we need to protect ourselves because not all online services will.
Many user activities put us at high risk for malware infection, system compromise, social engineering attacks, and/or information disclosure. You must recognize these actions in your behavior and work toward reducing them.
- Opening Email Attachments
Attachments can make the exchange of documents and other files convenient. However, due to the inherent insecurities of Internet-based email, there is no guarantee that a message you have received is actually from the source email address or that the attachment was not modified in transit. The only secure options are to use a third-party file exchange service (such as ShareFile, Dropbox, Box, OneDrive, Google Drive, etc.) or use email encryption and digital signatures (such as S/MIME or PGP).
- Clicking On Hyperlinks From Social Networks
Social networks are rife with compromised accounts or fake accounts. When a message or posting entices you to click on a hyperlink, resist. Clicking on links could land you on a malicious site, subject you to phishing scams, or initiate a drive-by-download infection. There are no absolute means to confirm that an offered URL is safe to click on, so just don't. If the item seems so important that you must see it, then use a search engine and search for the name or title of the item.
- Downloading Files From Third-Party Sources
Obtaining a file of any type from any location other than the original provider, vendor, or seller could put you at risk. Using third-party file-hosting sites or transfer services/protocol can cause you to download compromised or infected versions of a file. Always seek out the original, valid, or authorized source. This will greatly reduce the risk of being hit by malware delivered via a Trojan horse version of a file, image, document, audio file, video, driver, plug-in, or software update.
- Using Portable/Removable Media
Portable media, such as USB drives and flashcards, are convenient. If you place important personal or business-related materials on a portable drive, your data is at risk if you lose that drive. Additionally, if someone else uses the portable storage device before you or you connect it to multiple systems, there is a chance of malware infection spreading to your computer from that portable drive. Use a secure Internet-based file exchange service or use on-device encryption on portable media.
- Using Open Wireless Networks
An open wireless network or a Wi-Fi hotspot is the most likely place you will be compromised. Numerous fake or rogue wireless access point attack methods can be used to fool you into connecting to a hacker-controlled wireless device. You might also be tricked into an on-path attack, a DNS spoofing attack, or a simple eavesdropping attack. Most users are unable to determine whether such attacks are occurring and often find out only long afterward that they have been compromised. Wireless attacks could plant malicious code on your portable device, steal private information or even compromise your identity or online credentials. To avoid problems with open wireless networks, you can either get your own portable Internet service and/or device or use a VPN.
Most mobile phone providers offer either a portable access point (i.e., a mobile hotspot) or a tethering data plan for your smartphone. This would give you a private Internet link that you take with you and share amongst your personal devices, rather than depending on open wireless networks.
Another option is to use a VPN across any wireless network you connect to. Advanced users can set up their own VPN running on their home system, but typical users might need to find a free or paid VPN provider. Many VPN solutions can be configured as an Always-On VPN. This will cause the VPN app to establish a secure connection across any and every network link you establish from your device, whether wired, wireless, or via mobile telco carrier data network.
You will greatly reduce the chance of being harmed by malicious elements online if you take these steps. If nothing else, I hope that at least knowing these actions are risky will cause you to be a bit more cautious while online.
Now that you know more about risky Internet behaviors, you should recognize that this is just a starting point of obtaining security knowledge. There are many other important security concerns that you need to be aware of. Because only with knowledge can you make a change for the better. Everyone has security responsibilities, both for themselves and for their employer. That responsibility starts with knowing more and seeking out the means to gain more knowledge.
One source of additional knowledge is the educational material made available from Global Knowledge. Global Knowledge offers a wealth of online resources such as this article. Global Knowledge is also a world leader in training, both live and on-demand courses.