In mid-July, the world learned that a simple Google search can give anyone access to confidential documents and other private webpages. This search query that gave access to confidential information was posted on Hacker News, which sparked many discussions about Google’s approach to user data privacy.
About a year ago, Yandex accidentally indexed thousands of user files on Google Docs and Google Drive. And these are not the only examples of search engines indexing everything they can, resulting in an easy entry for hackers.
Since 2003, experts have been updating an exploit database, which contains a list of commands that can help users find information that hasn’t been indexed on Google. There are currently 5000 entries in the database. The most frequent ones are linked to the site operator, document URL (inurl) and title (intitle). These commands can be used to find any documents, configuration files, open pages in admin interfaces.
We have prepared a thorough cybersecurity checklist for you. Whether you are a website owner or an avid social media user – these tips will help protect your data from hackers.
Use Password Manager
How it works: with the help of the password manager, you can create a unique password for each service where you register.
Why? If intruders hack into one service, they won’t be able to access the others.
As a minimum-security requirement, all your passwords from Google, Apple, email, and bank accounts etc. should be different.
Create a strong password
How it works: create a password of at least 6 characters, use numbers, symbols, and letters.
Why?Cracking a four-digit password is incredibly easy so you must create a complex password, and never leave devices unattended.
When traveling abroad, disable Touch ID, and Face ID.
Use a Two-Factor Authentication
How it works: ‘Two-Factor Authentication’ (2FA) increases security: after the password, the personal information of the owner is required – for example, Face ID.
Why? A request for additional information supplementary to the password ensures that no one else will access the account. By installing 2FA on all accounts, you’ll better protect yourself from hacking.
Don’t use a phone number for 2FA. For different accounts, set different information and password.
Set the PIN code of the mobile operator
How it works: Your service provider’s PIN code prohibits changes to your SIM card or account.
Why? Attackers hack into or pay mobile operators to transfer a number to their SIM card – the mobile operator’s PIN will protect against this.
How it works: encrypt your devices – so that no one else can access the data without a password to the encryption.
Why? Even if an intruder steals a device, they won’t be able to read or export personal data – photos, letters, documents, and contacts etc.
Enable encryption on all used devices – smartphones and computers.
Change DNS settings to 126.96.36.199 or 188.8.131.52
How it works: DNS is the Internet equivalent of a phonebook. It translates the site name into an IP address. DNS tools – Quad9 and 184.108.40.206 are designed to protect your privacy.
Why? DNS is not secure by default – Internet Service Providers (ISPs) monitor, track, and record data passing through the DNS. By changing the settings to 220.127.116.11, or 18.104.22.168, you’ll protect your traffic from intruders.
Use a VPN
How it works: VPN is a useful tool for protecting an Internet connection.
Why? VPN encrypts traffic – attackers won’t be able to track it.
You must pay for a good VPN services, but it’s worth the money as they are much better than the free ones in terms of quality and connection speed.
Use a proven web browser
How it works: give preference to reputable browsers – their system protects against surveillance and unwanted advertising.
Why? By using less well-known browsers you’re risking security. Good browsers also make it easy to bookmark and share your preferences so you can find a webpage you’ve bookmarked and previously visited faster.
Use a Confidential Search Engine
How it works: a good search engine can protect against surveillance, personal data collection and unwanted advertising – for example, DuckDuckGo.
Why? Using a confidential search engine protects your privacy. Moreover, DuckDuckGo doesn’t store your search history, and strictly controls placement of personal data, and regularly publishes content about security on the Internet.
Use a reliable email provider
How it works: proven email providers care about privacy.
Why?Obscure providers access your email and then send you target ads.
Check out apps with access to your camera, location, and microphone
How it works: make sure that applications (apps) are secure with photo access, camera, location, and microphone permissions.
Why? Attackers use personal information obtained through the applications for their own purposes.
Delete metadata for shared photos
How it works: geolocation is attached to media files, but the user can control it.
Why? By downloading confidential information along with files, you open access to your location to potential intruders.
Check privacy in social networks
How it works: there are privacy settings on social networks that limit the number of people who view the page.
Why? through the social network about the user you can get a lot of information – interests, social circle, financial position, social status, etc.
Use instant messengers with information encryption
How it works: it’s recommended to use instant messengers (Direct Messaging / DMs) with end-to-end encryption. Consequently, providers and even the developers themselves will not have access to your messages.
Why? Messages that aren’t protected by end-to-end encryption can be viewed by anyone.
Be attentive to phishing
How it works: often hackers pretend to be a trusted person or company in an email or letter to convince their victim go to a particular website, or to click a link and enter a password, etc. This devious trick is to get hold of your private data.
Why?Phishing attacks have become targeted and very sophisticated – study the latest data to determine phishing, don’tt click links in email and social networks unless you are sure of their integrity.
Update device software regularly
How it works: the device regularly offers to install software updates with notifications: do not neglect this.
Why? A device with out of date software isn’t secure: you are ricking being hacked!