“People have a new fear: money can be withdrawn from a card tied to a phone. Attackers are not asleep, they call smartphones, while asking for the brand, model, ”says marketer Marina Prokina. “Left-handed calls to smartphones have taught many to be careful.”
But this is not the final verdict either. “Due to the fact that people are becoming poor, incomes are falling, consumer prices are rising, people are starting to save on gifts. I will say more – smart watches are replacing a smartphone. Parents simply save on children and grandmothers. It is more convenient than buying a smartphone for a grandmother to spend money on the same push-button phone. Moreover, grannies do not really master smartphones, it is easier for them to communicate in push-button telephones. “
In an interview with MK, Muscovite Mikhail Potekhin, who worked as a government communications engineer in the 2000s and 2010s, told how to ensure maximum privacy of data.
On the one hand, the pandemic has accelerated the overall digitalization – after lockdowns and QR codes, almost everyone who has the technical ability to use it uses a smartphone to its fullest. On the other hand, there are more and more cyber fraudsters every year – despite the fact that more and more police departments and services are being created to fight them.
Even now, chilling stories are happening: having stolen a smartphone with applications of state services and banks, thieves turned out to be full-fledged masters of the “digital identity” of their victim: they took loans in the name of the victim, registered transactions … At this time, the unfortunate person runs around the authorities and tries to cancel all these transactions and “Digital personality” in general, but the system does not provide for the ability to do this quickly.
– The way smartphones are used carelessly in our country terrifies any information security specialist, says Mikhail Potekhin. – Some do not even protect them with elementary passwords. Then a tragedy happens, the person wringing his hands and asking for help – and yet he himself violated elementary safety techniques. The fact that push-button phones have begun to be used more is encouraging – but this is far from a panacea. It is necessary to observe a few more points of “digital hygiene” in order to hedge against accidental crime (the interest from the special services is another story).
Commandment 1. Data to the left, Internet to the right
Store all documents that you cannot afford to lose offline, that is, on a physical storage device that you can pick up. Duplicating, of course: nobody canceled the backups. How to store drives so that they do not fall into the wrong hands is no longer cybersecurity, but the most common, “analog” one: locks, cells, and so on. Most importantly, you cannot keep a drive with important data constantly connected to the Internet. It is best if you work with data on one computer that is not connected to the Network at all, but has a good antivirus. And transfer the necessary operational information back and forth with the help of a proven, “clean” flash drive. “Dirty” flash drives, that is, those that are inserted into unverified devices, first need to be properly driven out on the antivirus, and only then connected to an offline machine with data. In general, the same protection as masks and gloves against coronavirus, only with computers.
Commandment 2. Do not load more than necessary
All sites – from a public service portal to a job search or dating site – want as much detailed personal data as possible from you. Every time you fill out the questionnaire, think ten times – what is more expensive, your information, contact details or those discounts, for example, for which you are willing to share them? Public services are usually tempted by the convenience of use: once I have “scored” the numbers of all documents there, and they seem to be always at hand. Yes, it’s convenient, but what if someone really hijacked your account? I would advise you not to be lazy to re-enter your documents and not to memorize them every time. It’s safer this way.
Commandment 3. For the “digital personality” – a separate device
We talked about the fact that a separate device, in an amicable way, is needed to work with important data, and this should be an offline device. Now – about the devices that are just obliged to go to the Internet. Digital services, without which it is now almost impossible – yes, each of us has a “digital identity”. It consists of government service accounts, banking applications, and the like. Parking app, purchase of air tickets, wallet with payment and discount cards.
Here you need, firstly, to separate the flies from the cutlets. Immediately, at the stage of installing applications. “Payment” – that is, bank and discount cards – remains on the phone that you carry with you at all times. Parking lots too. The rest – everything that can be left at home, which does not have to be used right on the road – is taken down to a separate device. That stays at home. Public services – first of all. Better through a browser – and the computer must have a good antivirus.
A separate difficult issue is banking applications. In a good way, they should also be left at home, that is, use online banking through a browser from a computer through an antivirus. But it is clear that now fast transfers are a necessity, and with the help of SMS it is uncomfortable. Therefore, these ultra-sensitive applications will have to be installed on a smartphone, but access to it should be especially well protected.
Commandment 4. Passwords, passwords
Modern smartphones are safe enough if you turn on all the standard mechanisms for their protection. For example, there are different authentication methods (from weak – a pin-code or a picture on the panel – to strong ones: biometrics or a well-protected password). If your smartphone still opens just so as not to bother with passwords, change it immediately. Just imagine that the “pipe” gets to someone else’s along with your applications. Have you presented? Okay, set a password. Well, or biometrics, whatever you like. A well-chosen password is as secure as a fingerprint.
How to write passwords correctly. There is a classic cryptographer’s dilemma: what is easy to remember is easy to pick up. Therefore, simple passwords are insecure, while complex ones are inconvenient. There are two ways. Or put up with an inconvenient password (which you will also have to write in clear text, and this note can be discovered by the one from whom you are protecting all this). Or, use two-level encryption. For example, you have several passwords that are easy for you personally – for example, the nickname of your favorite dog. These are the passwords that you keep in your memory extremely secure, remember even in the middle of the night. You do not write them down anywhere and do not say them aloud, but keep them in your head. Next, you compose a “reminder” with working passwords. They will be written in the form of “standard password 1 plus this and that”. How exactly this “so-and-so” will be added to the standard password – on the right, on the left, on the contrary, through a symbol – again, only you know (and you don’t tell anyone this combination method either). The result is a system of complex, cracking-resistant working passwords that are not written anywhere in clear text and which only you – and easily – can recover at any time.
And, of course, do not forget to rewrite all working passwords every six months – at least often -, slightly changing them. Or maybe not slightly, because they are already written down in your notebook anyway. Here are the standard passwords – the ones that serve as the key – never change, because their task is to remember forever.
Commandment 5. Biometrics is not a panacea
Why skeptical about biometrics? Quite simply: we still don’t know much about biometric databases from our smartphones. There is still no information that someone stole a database of irises or fingerprints in order to later use them for authentication in other places – but this does not mean that this is technically impossible. Finally, if you are sound asleep (or you were drugged with drugs), your fingerprints – like the smartphone in your pocket – are a prey for thieves: put your finger, open the phone and get the data at full disposal.
Commandment 6. Wi-Fi only at home
So, a smartphone with the minimum necessary (but still wide) set of applications of the “digital personality”. How do we additionally protect it? First of all, forget about public Wi-Fi networks: smartphones usually do not have full-featured antivirus packages and firewalls. Connecting over a mobile network gives an additional firewall from the operator’s side, which is useful. And where the data will go if you hook a very similar to the real, but only fake Wi-Fi – God only knows. Therefore, we leave the wi-fi for the home network. Although here, by the way, I would, if possible, run a wired network: for computers, it has less vulnerability and more speed, and let smartphones live on a mobile network at home, it’s safer.
Commandment 7. No paparazzi
It is customary to laugh at those who stick cameras on smartphones and laptops. And there is nothing funny: a Trojan in any device can easily “copy” the data of your documents that you keep on your desk. For example, the same three numbers on the back of your credit card that you show to the camera when you drive them in when shopping in an online store. Therefore, yes, the “petal” that physically covers the camera lenses is a useful thing. If possible, it would also be worth getting rid of the microphone physically: on those devices where it is not needed for work, it would be good to turn it off. In special services on devices where a microphone is not needed, it is sometimes simply pierced with a needle. It’s safer this way.
Commandment 8. Phone separately
And for voice calls, you just need a push-button “dialer” – and the simpler it is, the better. It is also good for receiving verification SMS – if your smartphone is stolen and access to applications is gained, most important operations that require SMS confirmation will remain inaccessible to intruders. A few words for those who need real anonymity. First: choose the cheapest dialers, on which there is no Internet at all, and cameras too (advanced push-button phones have a camera and some instant messengers – so, you don’t need this, because if the device is able to transmit data, it will not transmit them only in your interests.Second: buy the device not with your bank card, it is obvious, but suddenly.Third: SIM cards for anonymous work are still sometimes distributed at the metro. Every couple of months, catch such distributors and update the fleet of disposable SIM cards. For payment – look for terminals, they still exist, although there are fewer and fewer of them.If there is no way – there is the following move: go to the market in the morning, give the seller five thousand (he will not have change), ask to transfer the rest to your mobile phone, fortunately, you just need to pay for it.
Commandment 9. Log out
We talked a lot about passwords, but all of this is useless if you have enabled remembering passwords in your browser or on the system. Turn off. And what is accidentally preserved – change immediately. When leaving any personal accounts and applications, always log out.
Commandment 10. No contact
And finally, the most important thing. There is so-called social engineering: with its help, you can find out any password, no matter how secure it is. And even the code from the confirmation SMS if you’re not careful enough. Therefore: do not relax, especially on social networks, classifieds and dating sites.