Cyber-Security 101

Mahima Sood

Human history can be roughly periodised into three defining eras: the Stone Age, the Bronze Age, and the Iron Age. These ages are distinguishable by the defining entity that ruled the lives of the people who belonged to them: fire and stone for the Stone Age, bronze and similar metals for the Bronze Age, and the discovery and use of Iron in the Iron Age. These epochs were followed by trivial pursuits of land and wealth by the man, interspersed with the creation of some spectacular art and modern inventions, leading up to the era we live in right now. It is safe to say that the current times can be defined by the entity that governs every possible aspect of our lives, no matter how minuscule it may seem — the Internet.

Design, Hemashri

From interfering in elections to determining whether you should change the brand of treats your dog eats, there is an algorithm that rules it all. Age, sexual orientation, favourite movie, the last restaurant you visited — this isn’t private information anymore, depending on how much you share, and how adept an intruder may be at extracting that. This leads us to surveillance, and another right which should be fundamental — the right to privacy. China’s big brother program is well known, and so is the fact that it strictly monitors all online activity. It recently revoked the credentials of American journalists over unflattering coverage of the Coronavirus pandemic.

Closer to home, CAA/NRC protests were marked by the drones police used to survey the protests, as well as to identify and profile those who participated in them. Now, amidst the Coronavirus pandemic, governments across the world are electronically monitoring their citizens’ movements to control the spread. For example, more in sync with pop-culture, check out the series “You” on Netflix, which makes you realise how much a tiny piece of information on the Internet can reveal about you. Given how everyone, barring a few, carries a smartphone, it is of paramount importance to be mindful of our digital footprints.

Here are a few basic steps one can take to ensure that:

Choose what to share: always be mindful of the fact that whatever goes on social media never really gets deleted. The content is owned by the company, and can be hidden but never deleted.

Should you have a public profile: The internet has made it possible for content creators and services to reach parts of the world where they might have never been, geographically. While it makes sense for them to have public profiles where innumerable people can view their pictures and posts, think whether you need that. Do you want a random person from a place roughly 8000 miles away to see what you are cooking at 4 am or who your latest Tinder date was? Does your work or lifestyle explicitly demand that you have a public profile? Usually, the answer is no.

Creating a public profile: if the answer to the above question is yes, consider creating two separate profiles — a public one and a private one. A public profile would be where you share work-related content and things you want the world to see. Avoid posting personal content on that. If needed, have a separate, private account for posting personal stuff, which can only be viewed by people close to you.

Location: while using a smartphone, ensure your location services are only on when needed. Avoid geotagging your images or posts, as this can give unauthorised parties access to your location or let them track your movements. Give apps like maps, cabs, food delivery services, etc. access to your location only when you are using them.

Fact-check: it is important to fact-check before posting, or verify links that come from unknown origins before you share them. Some posts and forwards are designed to carry hidden malware, and can silently infect your device.

Google: it always helps to search your name on Google to see what information is publicly available about you. If you come across something that may not belong there, fix the relevant privacy settings on your profile (e.g., an Instagram post or a Facebook check-in) or ask the original poster to remove it.

Apps: do not install any unknown apps or apps you don’t need. Many apps constantly collect your device data and store it — which may be specified in “terms of use” but something we mostly never read. Pay attention when you give apps access to photos, location, contacts, etc. Avoid giving the apps the option to “background refresh”, as then they are constantly connected to the internet. Avoid installing apps when you can use a web browser to access the same service or information, as a browser does not collect data the way an app does.

Browser: while using a browser, avoid storing your passwords on it. Have different passwords for different accounts. Use two-step authentication wherever you can. Clear cache and cookies regularly as this “resets” your internet sessions and prevents unknown sites from storing your data.

Wifi: it is tempting to access a free wifi service, but avoid doing so if you can. Connecting to a public wifi network carries several cybersecurity risks and makes you susceptible to snooping. Your data and browsing history can be viewed by intruders connected to the same public network. Hence, try using your own internet connection.

Cloud: most free cloud storage services can be exploited as once you upload data on it; it belongs to the service provider since it is responsible for storing it. Hence, you don’t have any control if someone has unauthorized access or exploits that information. Store your data on a physical device that can be accessed only by you. If you must use a cloud storage service, buy your own space as then, you control all access to it.

Here are some generic app-centric tips:

Facebook: your profile picture is always public, so make sure you change its privacy settings once you upload it. Choose who can see your “about” information, friend list, the pages you like, etc. —this can be done by changing your privacy settings. Limit visibility to past posts, by specifying to Facebook who can view it. It is helpful to choose the option “view as” to see what pops up when a stranger opens your profile – it is accessible through your profile and helps you control what strangers can see. If you need to have a public presence on Facebook, contemplate either creating a public page or private page. Know that there is a difference between friends and followers. Friends can view all your posts, but followers can only view selected public posts.

Twitter: you can choose if you want your tweets to be public or protected. Protected tweets can only be viewed by your followers. Think if you absolutely need the world to see what you are tweeting and if yes, then avoid posting personal stuff. If needed, have a separate, protected profile for personal use and a public profile for other use.

Instagram: As a photo-sharing app, Instagram has access to your photos, camera, microphone, and location. Think if you want to give the app that kind of access. Be mindful that public Instagram accounts can be viewed by anyone, even those without an Instagram account. So use a private account or avoid posting personal stuff on public accounts. If you must, have separate public and private accounts to control who can view what information.

Mahima is a data scientist who runs a writing retreat in the Parvati Valley