Security

10 expert tips to protect yourself from online attacks

Protect yourself from hackers and prevent crypto losses with top security tips from SatoshiLabs CISO Jan Andraščík.

A lot of our lives take place online nowadays. We rely on technologies and the internet to make everyday tasks easier, but that also makes it easier for other people to invade our lives. Every second we spend online increases our chances of being targeted by an attacker. Be it for our funds, access to our accounts, or even just for fun. Don’t be a fool — defend yourself!

Lowering your chances of being attacked

Attackers try to abuse common errors many people make. What should you do to avoid being a victim?

Use strong, unique passwords

Passwords are the first line of defense when it comes to our online presence. A strong password can deflect attackers from breaking into your account and instead encourage them to seek accounts with more trivial passwords. So stay away from using the most common passwords and always set up your own.

What does a strong password look like? It should be long — the longer the better — but generally 12 or more characters are recommended. You should combine both lowercase and uppercase characters, digits and special symbols. You can measure how long certain passwords take to brute force, and construct yours accordingly.

It will take more than a strong password to keep you safe, however. Online services are often compromised and user credentials leaked. If you use the same credentials across multiple services, a password leaked from one service can mean compromise of another.

Best practice is to use different passwords for different services. It becomes difficult remembering all those passwords, so a password manager comes in handy. These help you store all your passwords in one place, protected by a master password. You can even use a password manager with your Trezor to protect your passwords behind the same security as your bitcoin.

Use multifactor authentication wherever possible

Do you use any services which are particularly sensitive? Stay protected even if your credentials get leaked by using multifactor authentication! Multifactor authentication prevents access to your accounts with a password alone, by requiring input of other data only you have access to.

There are different types of multifactor authentication: a one-time password sent to your phone by SMS or a code generate in a dedicated application. They also appear as mobile apps where you must confirm a login, or a hardware device that provides a key.

Why You Should Never Use Google Authenticator Again

Each of these methods have advantages and disadvantages, but a hardware device tends to be the most secure option. You don’t have to look far to find yourself a hardware authentication device — your Trezor also works as an authenticator!

Update your software

Unless there is a specific goal motivating the hackers, they take the path of least resistance, just like anyone else. And in the computer world that means targeting vulnerable systems. Most security incidents happen due to old, unpatched vulnerabilities with well-known attack patterns. And yet, defense is pretty simple: just update your systems and software to the most recent version. The most important part of these updates are security patches fixing the vulnerabilities, so take a minute to check the release notes next time your apps start pestering you to update.

Beware of phishing scams

One of the most effective attack methods is phishing. What is phishing? Phishing usually shows up as an email, pretending to be from a third party such as a bank, your employer, a public office, and so on. In the crypto space, phishing mainly takes place through direct messages on social media.

Crypto crimes: Direct Message Scams

Phishing messages usually ask you to perform a certain action to urgently resolve a terrible problem which occurred. If you follow the instructions contained in such a message, it usually results in providing your credentials directly to the attacker, compromising a specific service and draining funds from your financial accounts.

How can you detect a phishing scam? Follow these easy steps:

• Check the sender — usually these messages come from an email address or social media account impersonating the real sender. Look for tell-tale signs such as low follower numbers or domain names that don’t match the company’s official site.
• Check the text — phishing messages often contain errors and do not sound fluent.
• Check any links within the email before clicking on them — to see if the link is genuine simply hover over it and it should show you a preview of the address it leads to. On mobile devices just press and hold the link to preview it.

If anything seems suspicious about a message you’ve received, just ignore. If in doubt about whether it’s real or not, contact the sender directly on contact using information you already have or that are available online. Never use contact information contained within the email.

Protect from malware

Malware often infiltrates our computers and causes problems. It infects the computer when you open a malicious attachment in an unwanted email, can be downloaded unwittingly from the internet, or your machine can even be infected over a network you connect to. And while Windows is the most common target, any other platform (macOS or Linux) can be also affected.

Crypto scams: fake apps and software

So how should you defend yourself? Try doing the following:

• When using your computer, use a user account without administrative privileges. Use administrator mode only when necessary.
• Be cautious when visiting various websites. Steer clear of suspicious-looking sites and beware of any suspicious components on websites you visit regularly.
• Pay attention to what you download from the internet. Is the source legit? Software can be verified by checking its signature or checksum against those published by its developers once it has been downloaded to your machine.

Use genuine software on computers and mobile devices

Many users try to save some money by using non-genuine software on their computers or mobile devices. However, in many cases such software not only circumvents the mechanisms used for license verification but also any security measures the operating system may have.

By installing such software users can willingly provide access to their operating systems and any files to a malicious third party. Always verify the checksum matches the official source or verify any PGP signatures yourself. Verifying the source is especially important for non-genuine software.

Beware of public Wi-Fi

We expect to be online wherever we go. Be it a restaurant, a café, an airport and many other places. Such places therefore try to satisfy our demands by providing free Wi-Fi connections. These public Wi-Fi networks are used by many people and thanks to the high concentration of users they are often targeted by malicious third parties in order to obtain sensitive information.

When a Wi-Fi is publicly available, it can be accessed by almost anyone and malicious actors can eavesdrop on communications or even tamper with them. Some people even create malicious Wi-Fi networks posing as a specific establishment. People rarely hesitate to connect to such a network, giving away sensitive information.

So how should you defend against such attacks? When on public Wi-Fi, simply avoid performing any sensitive operations, e.g. internet banking, communicating with authorities or trading crypto. If you urgently need to perform a sensitive operation while connected over a public Wi-Fi, at least make sure you turn on a VPN or Tor beforehand.

Keep yourself up to speed

Cyber threats keep evolving. Every day a new threat potentially affecting our lives appears. Stay ahead of hackers by taking an interest in cyber security. Read cyber security news, look out for new cyber incidents and learn from them. Every little thing you learn will help you lower the chances of you being the victim of a successful hack.

Increase your chances of losing little to nothing

Even if you defend yourself, anything can still happen and you may fall victim to a hacker. You should therefore be prepared even for such occasions. What can you do?

Backup! Backup! Backup!

In some instances hackers will try to take your data hostage and ask you for ransom. Or they will simply just try to destroy the data you hold. The simplest way to prevent your data from being affected is to make backups of the data regularly. You can back up to a cloud storage, you can back up to an external hardware storage or dedicated network storage, or any other form of data storage you may find useful. It will help keep your data safe from loss, and it is always better to be safe than sorry.

Encrypt your sensitive data

Another way to protect your data is encryption. Encryption will not help defend your data from being destroyed or stolen but will provide a strategic advantage in protecting you from a data leak. If you encrypt your sensitive data effectively, then even if the data is stolen, it should not be of any benefit to the attacker as it should not be readable. Combined with a healthy backup routine, you can effectively protect your data from being held to ransom or stolen.

Summary

In today’s world, cyber attacks and cyber scams are more common than ever before. If you stay informed and come prepared, you will be ready to face the attacks and overcome them with ease. Just remember:

• Use strong and unique passwords
• Use multifactor authentication
• Update your software
• Beware of phishing
• Protect from malware
• Use genuine software
• Beware of public Wi-Fi
• Keep yourself up to speed
• Backup your data!
• Encrypt your data