Why is digital security important?
In the modern world, digital technologies have become an integral part of our lives. We store personal information, financial data, work documents, and much more on our devices. However, as technology evolves, so do the threats. Cybercriminals are exploiting vulnerabilities in systems and human carelessness to steal data, money, or access private accounts. Information security has long been of the utmost value, because having information about a person can either elevate them or destroy them. For example, knowing the weaknesses of the president of a country, intelligence services can put pressure on him…

Typical threats on the Internet

Phishing attacks: Attempts to trick you into providing confidential information.

Viruses and malware: can steal data or damage devices or information on them.

Account hacking: due to weak passwords or unreliable authorization.

Fake websites: created to steal payment data or to deceive users (as a component of the same phishing).

The goal is to help you understand how to protect yourself, your data, and your work projects from digital threats. We will review the basic rules and recommendations for safe Internet use.

Security when using the Internet

Website security protocols
Before entering personal data or making a payment online, check if the site uses the secure HTTPS protocol. A padlock icon near the URL and an SSL certificate indicate that the connection is secure (but there are exceptions, sloppy sites may have their own certificate not from an authorized center and only simulate security – usually there is a simple level of encryption and there will be warnings when you click on the padlock). The absence of such protection on a known reliable website threatens to steal traffic (your login and password data during authorization, transfer of cookie data to your sites), even just replacing images with those favorable to the criminal. That’s why, for example, Facebook uses its own resources and won’t let you log in if it notices that the connection is not direct but through a dangerous intermediary.

Use secure Wi-Fi networks (for example, cafes for working from a laptop)
Avoid using public Wi-Fi networks for important operations (you can distribute the Internet to yourself via Wi-Fi from your own phone).
If necessary, use a VPN to protect your data from interception (but such services also come in different quality, you should choose reliable solutions).

Phishing via websites
Check website URLs carefully. Fraudsters often create websites that look visually similar to well-known services but have different domains (for example, google-secure-login.com instead of google.com).
Even small sites may offer registration, and their administrators, having received your login (email) and password, may try to use them to gain access, if not to your email, then to popular sites where you could have registered with the same email.

Security in email

How to avoid phishing emails
Never open suspicious emails from unknown senders.
Do not click on links in emails if you are not sure of their origin.

Signs of Dangerous Emails
Grammatical errors or strange phrases.
Urgency with a demand for immediate action.
Strange sender addresses (e.g. support@bank-secure-123.com).

Danger of attachments
Do not open attachments in .zip, .exe, or even .pdf format if they look suspicious.
Use an antivirus to check attachments before opening them, even from trusted senders.
Even a trusted sender could be hacked or have a virus sending emails from them (you should call them through other available communication methods and report the emails, make sure that the email was sent authorized if you suspect it was.

Social networks and messengers

How to avoid traps on Facebook and other social networks
Ignore messages from the “support service” demanding to enter account data or threatening that your business account or page or group or profile has violated some rules and you need to urgently follow the link to their fake website – 1) if there was a violation, Facebook would have blocked it first, and then explain that you are not a camel, 2) if Facebook writes, it only means that you have run out of money for advertising – replenish or add another source of payment in the advertising office 3) if there are minor violations (local legislation on the sale of alcohol or similar), warnings will be in the business profile admin panel and not in messages, 4) even just clicking on a link from such a phishing comment most often has a shortened link with a redirect to a code that will steal all your cookies from the browser – so if you did not manually enter anything into the forms on the fake site after clicking, you still need to change passwords not only to this social network, but to all sites visited from this device (especially if you also save passwords in the browser).
If your business holds some kind of drawings for subscribers, they may receive fake accounts with the logo and business name, messages about winning and the urgent need to follow the link – I think it’s clear…
Do not follow suspicious links, even if they are sent from friends (they could be hacked or have a virus).

Phishing in messengers
Fraudsters may send links that lead to fake authorization pages or infected sites. Always check where the link goes. Make sure it doesn’t redirect you to other addresses several times. There are also viruses on good websites that redirect a certain group of users only partially – such viruses are not easy to detect.

Danger of applications and files
Install applications only from official stores (Google Play, App Store), although this is not a guarantee of security (the application could be pretending to be useful, the application could be hacked or the site through which it works or the server from which it works could be hacked – so choose popular applications).
Do not download files from unknown contacts, from unverified sites.

Fraud with financial transactions

Fake payment pages
Check the URL and SSL certificate before entering payment information. Do not trust websites that look suspicious.

ATM invitation
Fraudsters may ask you to perform actions at an ATM to receive a “transfer”. This is a trap that can lead to loss of funds. Even though people are used to the ATM dispensing funds, there are functions to manually make transfers from card to card to the recipient’s card.

Use two-factor authentication
Add another layer of security to your accounts. For example, confirmation via SMS or applications such as Google Authenticator. While the Google Authenticator app is more or less safe, but you should not lose the reset codes on the site where you activate such protection, SMS can be intercepted if you are in uncontrolled conditions, such as being in a crowded place where there is a suspicious van that has been parked for a long time, or in some institution or during interrogation by the special services with a request to enter the application – in most cases, they have a local station that will imitate a telecom operator and intercept data and may send fake data or duplicates.

Create and manage passwords

Why strong passwords are important
Weak passwords are one of the main causes of account hacks. Use complex combinations of symbols, numbers, and letters.
Simply adding an exclamation point or two exclamation points or a dollar sign to your password does not make it strong. If a criminal steals a group of your passwords from your browser or browser cookies, they will be able to understand the logic behind your creation of such passwords.

How to create a strong password

Example: G8kL$z9#Yp.
Use strong password managers to help you remember complex passwords.
Store master passwords in a safe place not connected to the Internet – you can use a pen on paper or a flint on a stone)))

Avoid reusing passwords
Create a unique password for each account so that hacking into one account does not allow access to other accounts.

Software and devices

Install only trusted applications
Download programs to your computer only from official sources. This reduces the risk of installing malware.
There are no good hackers anymore – they all ended in the early 2000s – now they all have families and children and need to feed them, downloading pirated movies not as a video file but as archives, downloading cracked licensed games and cracking programs – there will be a virus embedded in everything, if not a virus right away, then some kind of Trojan horse that will sit in the system until it receives an instruction from the owner to activate or completely seize control of the device. The same Windows must also be licensed…

Regular updates
Updates to systems and applications fix vulnerabilities that can be exploited by cybercriminals.

When you update a system (such as an operating system on a computer, content management on a website, or firmware version on a phone), other software packages (office programs, drivers, applications, extensions) are also updated. It’s not uncommon for devices to slow down in new versions, but that’s no reason to give up security.

A pawnshop tablet, phone, or laptop is most likely already flashed with a hacked operating system that monitors your actions in the background and can access many things – it is worth having the operating system replaced with an original, secure one.
Sometimes cheap manufacturers of the same affordable smartphones have firmware with a dangerous code embedded at the RUT access level, if you notice signs that the device is being monitored (not necessarily true, but be careful, and critical thinking), then a simple factory reset will not help much in this case (especially if you notice, for example, that a calculator application on your phone or a notepad that you do not use but cannot delete collects gigabytes of data in the cache without having time to send the collected information to its developer). In such cases, only a complete firmware replacement by a specialist will help you continue to use the device.

Using an antivirus
A modern antivirus can protect you from most threats, including viruses and spyware – Standard Windows Security is enough for most cases – yes, it does not have proactive protection, but if you do not run viruses stupidly, and check files before running them, an updated antivirus is enough. Kaspersky or Avast are all spyware antiviruses, and they steal information from devices… The spread of the latest viruses that do not yet have antivirus databases that could detect malware in a file is possible through various file-washers, file storage services or forums with links to file or archive distribution services – do not fall for cheap cheese from a mousetrap, no one will give away quality games or good extensions for free, they are embedded with viruses (there are exceptions – they are embedded with code that will later turn into a virus by downloading an update or by timing. Such suspicious files should be sent to anti-virus laboratories to developers – after they are checked, you will be told what they found.

Physical security of devices

Protect with PINs
Set up complex PINs or use biometric authentication. Your computer or laptop desktop should be locked with such a code, and when you leave the device, press Win+L to bring up the lock screen, even if you live alone and only a cat can press “something wrong” on the keyboard.

Using the Find My Device feature
This feature helps you remotely lock or locate your device if you lose it.

Avoid connecting to unknown USB devices
Malware can be transmitted through suspicious charging stations or flash drives. Disable autorun from flash drives or disks (information for this is available on Google). Check the media after connecting it to launch materials from it.

Training and regular inspections

Regular training
Tell your family and friends about digital safety rules. This will reduce the risks for the whole family. Especially about messengers.

How to check your data
Use services like “Have I Been Pwned” to find out if your data has been compromised.

What to do in case of data compromise

Quick actions
Change passwords.
Disconnect suspicious devices.
Notify the platform or bank support service, notify your company manager.

How to check your account activity
Check your login history and close all suspicious sessions. If the smartphone was bought in a pawnshop, nothing will help it, almost all such devices are flashed to an operating system that is all a virus and a factory reset will not do anything.

Tips for permanent protection

Check your privacy settings
Change your account settings to minimize the amount of public information available.

Using backups
Back up your important data regularly. Have an offline copy of your data that is not connected to the Internet at least once a month…

How to avoid information overload
Focus on trusted sources of cybersecurity information to avoid unnecessary stress.

Where to find more information about Internet safety
You should subscribe to the HackYourMom channel: https://www.youtube.com/@hackyourmom-hackyoumom6166

By following these tips, you can significantly reduce the risks associated with digital threats and ensure the security of your data.