While large-scale cyber security breaches continue to happen – and continue to hit the headlines – there are plenty of smaller threats intended to catch the unwary. Just as with massive data breaches or ransomware, such malicious activity can wreak havoc on data and privacy.
Rogue USB sticks
USB sticks are so ubiquitous that, although they may look innocuous, they can carry major threats, especially if they have been engineered, as some have, to start causing havoc as soon as they are plugged in. It’s vital to know where USB drives have come from, before making use of them.
Even if a USB stick isn’t configured to release some kind of payload as soon as it’s attached, it can carry disguised viruses as easily as email attachments.
Besides being cautious, the usual rules apply to stay safe against this sort of threat: Keep your computer operating system right up to date, make sure effective security tools are installed, and keep them up to date too. If you’re not sure about files on a USB drive, run a virus scan on them before doing anything.
In this fast-paced, hyper-connected age, it’s all too easy to forget about all the social media, language-learning, job-finding apps and sites that we’ve signed up for. But every account you leave behind gathering dust is another that could potentially be hacked into.
It’s important to take the time to shut down these accounts, instead of just uninstalling the associated app and then forgetting all about them. If any of them should then suffer a data breach – for example – your data won’t be included.
It’s also worth running a regular audit on the third-party apps and services linked to your main accounts. These give hackers more targets to aim at, which is why you should regular disconnect and delete the ones you aren’t actively using.
Untrusted browser extensions
The right browser extensions can add useful functionality and features to your daily window on the web, but these add-ons need to be vetted like any other piece of software. It’s worth remembering that they have the privilege of being able to see everything you’re doing online, if they want to.
Pick the wrong browser extension and you could find it selling your browsing data, or harassing you with pop-up advertising, or installing extra software that you don’t actually want. We’d recommend keeping the number of browser extensions you have installed down to a minimum, and sticking only with the extensions you know and trust.
Identify safe extensions the same way you would identify safe apps: Look into the background of the developers, check the permissions that they ask for, read up on reviews left by other users, and stick to extensions that are actually useful.
Online quizzes reveal more than you think
Online quizzes may be fun but they can be far from harmless. They can be used to harvest personal data that you don’t really realise you’re giving away.
These quizzes can and have been used to build up more detailed profiles of people and their friends, collecting not just the answers to the quizzes themselves but also other information stored in the linked Facebook accounts. Note, too, how often these fun quizzes ask for personal data, like the first road you lived on or the name of your pets, which could be used to impersonate you in some way.
Be wary of anything that requests personal information or personal photos from you—like the recently viral FaceApp app—or that requires a connection to one of your social media accounts: Knowing which President you’re most like probably isn’t worth it.
Every picture tells more than a story
If you like posting photos to social media channels, you may want to think twice. In particular, give some thought to the information that others might extract or interpret from your posts.
Apps like Instagram and Facebook automatically strip out the location data saved with photos, while some, like Google Photos, can keep this data embedded in the file after it’s been shared. In addition, if you keep the original location data with the image, an associated check-in on social media can add the location right back in.
How is this dangerous? Information such as knowing where you work or which road you live on can help someone run an identity theft scam, or get past security questions on your online accounts, or visit you in person when you’d rather they didn’t.
Smart home insecurity
Smart homes are a great boon, but – as is so often the case – the benefits represent opportunities for hackers and malware peddlers.
Keeping a smart home secure begins with what you use to attain that security, so it’s a good idea to stick to well-known, established brands with a strong track record in hardware. After that, make sure that your smart home devices and your router are kept up to date with the latest software. Most reputable smart home devices do this automatically.
If your smart home devices and accounts do need passwords, don’t stick with the default. Instead, pick a long and difficult-to-guess password that you aren’t using anywhere else, and turn on two-factor authentication, if available, as an extra layer of protection.
Not-so-innocent charging cables
The standard charging cables that come with your gadgets are designed to power them up, and perhaps sync some music when needed—but specially engineered cables that look very similar can do much more than that.
Fake Lightning cables are now capable of being mass-produced. they look like genuine products but once plugged in, they can give hackers remote access to a device. All that the end user has to do is use a doctored cable, then agree to “trust this computer,” a common alert that’s easy to dismiss without a thought.
The fix is to only use those cables that come with your devices, or from reputable sources—something you should do anyway for the well-being of your gadgets. As with USB sticks, don’t assume any cable that you find lying around is legitimate.
For more on this topic, take a look at this WIRED article.