Ink & Bytes
Ink & Bytes
Episode Twelve - Staying Protected Online, Tips and Best Practices
Ever wondered how secure your online presence really is? Find out why strong passwords, password managers like Proton, and two-factor authentication are non-negotiable in this digital age. Join me as I also touch on my recent move and its potential impact on the Ink and Bytes production schedule. Despite the craziness, I’m determined to keep bringing you two blogs and two podcasts a month. And don’t forget, your support on Ko-Fi can make a big difference in keeping this content coming!
In the main segment, I recap my first cybersecurity episode with Nightfire before diving into the essentials of internet safety. Learn why keeping your software updated is crucial, and discover practical tips for safe browsing, such as using encrypted messaging apps like Signal and ensuring websites use HTTPS. We also delve into verifying links to avoid phishing and staying informed through trusted sources and cybersecurity communities. Whether you’re a beginner or an advanced user, this episode offers valuable insights to bolster your online safety. Tune in and make sure you're staying safe out there!
Hello everybody and welcome back to the Ink and Bytes podcast. Now, quickly, just some housekeeping stuff before we jump into the episode. I have recently undergone a move away from home. I am in my own space in an entirely new state, starting a new chapter of my life, and it's very stressful and nerve-wracking. And if there is a delay in content it's just because I'm adapting to my situation. I still am motivated to do two blogs and two podcasts a month, but if I ever fall behind on that, just know I'm not giving up, I'm not stopping, I'm just very busy. I'm going to have to take on a lot more work and be a better adult just to stay afloat nowadays. So otherwise, it's an exciting change. I've been looking forward to it and if anyone feels inclined to help me keep doing the podcast and making this content for you all, feel free to go over to my Ko-Fi. It's ko-ficom slash worldbuilder. Any amount helps. I have a $5 a month membership that allows you to get a shout out, and I'm going to be working on some other special things like bonus episodes for membership specific subscribers. So, with that being said, that's pretty much all of the housekeeping stuff. Let's jump right into it.
Speaker 1:Recently, in episode nine I had the first cyber security podcast episode and I was really looking forward to that, because that's one of the reasons why this show is called Ink and Bytes. I also talk about technology and gaming and stuff like that, but we haven't really had the opportunity to talk much about tech and cybersecurity. So it was really nice to have that conversation with Nightfire and we're going to have them back for more episodes with specific cybersecurity themes. So keep a lookout for that as well. But today I have a few tips for internet safety generally that I just wanted to give everyone to put in their toolbox for personal safety, because during our conversation a lot of the stuff we talk about is with personal safety and how the internet is not all sunshine and roses. There's a lot of snakes in the garden that target people specifically to steal from them and target the most vulnerable people, which unfortunately tends to be our grandparents and those on the older side, who don't really understand how technology works and might groan when you have to put a password in. So this episode is purely going to be to give you a few tips, both the novice internet users and the more experienced internet users, or just tech users in general. So there's something for everybody just to keep in the back of your mind as you go through your day to day operations, because we spent a lot of time on the internet and a lot of that time we could be unknowingly making ourselves more vulnerable.
Speaker 1:So let's get started with the tips, and the first one is really basic but no one ever really does it and that is use strong and unique passwords. I feel like passwords get a lot more complaints than they deserve. Passwords are literally your like number one first line of defense against people trying to get into your computer, your accounts for software, your banks. Passwords are there first and foremost to stop that, and it's their first line of defense. And so many people use weak passwords like admin or password one, two, three, four or their birthday, date of birth easily guessable things, and this might come as a surprise to some of you maybe not a surprise to a lot of you. There are lists upon lists of collected passwords that are the most commonly used, billions, millions of lines long that password cracking tools can scan and automatically try on different login portals to see if you have decided to use a weak password. So never use stuff like password 1234 or word pass 1234. Hackers are a lot smarter than that. Same thing with colors, use a mix of letters, numbers and symbols and, again, avoid commonly used words and easily guessable information. Your birthday might seem secure, but that stuff can be guessed too. And for you? More experienced people use a password manager to generate and store complex passwords, and I personally highly recommend Proton services. They're free, but they're also very affordable and their proton password vault is really good. And in an age where password password vaults seem to be getting compromised, proton has yet to have an issue, and we talk about this with knife fire, but proton, specifically d or encrypts the information in a way that they can't even decrypt it themselves. So if they were to get breached, there's no way for those people to get into your stuff and look at it, because even Proton can't see what you're doing. Highly recommend their services. They have a VPN and an email service really good stuff and also make sure to enable two-factor authentication wherever you can. That stuff is pretty helpful.
Speaker 1:It can be annoying, but it's deciding of annoying or protection. You want to kind of sway towards protection. Next, you're going to want to try to keep your software updated as much as you can I beg you everyone begs you when Windows has that pop-up that says update now and get the latest update, as annoying as it could be, depending on what time it hits, you just do it. Don't say I'll do it later, because then later will come. We've all been there, trust me. Don't say you don't do this when later comes and that pop-up comes back up, you postpone it again. Those Windows updates are there to protect you.
Speaker 1:A lot of them have important security updates that patch critical vulnerabilities and, depending on how critical, you always want to make sure you're on the latest version. Literally the number one step in the hacking process is info gathering, which is when a hacker would scan their targeted machine, see what versions of software they're running, check online to see if those versions have vulnerabilities, software they're running. Check online to see if those versions have vulnerabilities and, if they do, exploit them to get onto the machine. That's literally step number one. These updates are there to stop people from doing that. The more you update, the less options people have to attack you, and it's a rule of thumb for nearly everything cyber related Just be aware and willing to learn. So just stay up to date, if you can, about what the most recent vulnerabilities are and what it affects. And if you are in that group of people, make sure you have the most recent update. If there's a patch that fixed it, you never want to be behind. It's always worth to update. And the tips again I do this novices first, then for more experienced Enable automatic updates on all devices and applications and regularly check for updates. If automatic updates aren't available, windows nice it does that for you. And for the more advanced understand the types of vulnerabilities addressed in the updates and use tools like a WSUS offline update to manage updates in complex environments. And that is just a software that allows you to kind of work in the Microsoft Suite offline.
Speaker 1:The next tip I got for you is be wary and understand common phishing scams. And when I say phishing, I don't mean going out to a lake with a fishing pole and trying to catch the biggest one in the lake. What I mean they sound the same, but they're spelled differently and they have two different meanings. Fishing in this sense we're talking about here in cyber is the act of sending out a mass of fraudulent emails to get people to interact with it and click on a link to go to either a malicious website and download a file which will then compromise your machine and allow them to blackmail you, would do whatever they want. Phishing is like throwing a net in a digital environment and seeing how many fishes aka emails of people you can get. Phishing is most common if you're in a business ecosystem with large networks and a lot of different machines connected, because that allows attackers to blackmail for information or skill vertically if they get in one place. So phishing is more common if you're working in a company, if you're kind of a solo person, everybody gets spam.
Speaker 1:Spam is common, is like phishing, because you know they're very hostile emails. So for you novices and I don't mean that in a mean way, it's just the way I wrote it down on my notes don't take out pitchforks and come at me. Don't click on links or download attachments from unknown senders. You always want to make sure you're interacting with emails from people you know and if it's from a business or something, make sure you've done business with them in the past, because you're not really likely to get random emails from YouTube unless you are on YouTube. Same thing goes for Bed, bath and Body Works and all those other businesses. You're likely not to get promotional emails from them unless you agree to something. So if you start getting emails like that, just make sure you trust it and then verify the sender's email address and be cautious of urgent or alarming messages. No, your son is not arrested in a foreign country. No, some prince from Uganda doesn't love you and doesn't want to send you money. Just, that's always a scam and it's so common it hurts.
Speaker 1:And for the more experienced, use email filtering tools and anti-phishing software. Following that, try to use secure networks when you need to, and by secure networks I mean things like VPNs. If you're working at home and you want to do something more private maybe you're working on something at work that is kind of sensitive you can always go onto a VPN and obscure your IP, so it makes it look like you're coming from somewhere else and it just generally provides you better browsing protection. And also when you're out in public and I know this firsthand I never connect to public like utility hotspots or internets, because they're not safe. Like you go to the cafe, you connect to the cafe's internet and this isn't flame to the people who set it up, but most times those networks are set up in a rush in order to provide free internet, which is in some places required by law, and these areas are the biggest targets for mitm attacks or man in the middle attacks and we won't get into that here because it's kind of a advanced and complex topic, but think of it like a hacker sitting in between you and your traffic, posing as something else to get you to send your information to them instead of your target destination, so on and so forth. It's a lot deeper than that, but these areas are really easy to do that, and in an office space too.
Speaker 1:Again, as much as I want to talk about it, I'm not going to because it could be a two hour episode on explaining how that works. But just always avoid connecting to public and free Wi-Fi unless you're in an area that's been vetted and you know has secure Internet and networks. Usually just use a VPN in those situations and again, I highly recommend Proton's VPN. There's a desktop app and a mobile app, so if you're out there in public you can switch it on and it's a little bit better. And then just avoid accessing sensitive information over public Wi-Fi. So if you have to connect to it, like if you're on a campus or something, just try not to do anything sensitive and if you do, just go on your data, your data will be a little bit more secure. Use a VPN, like I said, and connect when connecting to those networks and, for the more advanced, understand the types of attacks that can occur over public wi-fi again, man in the middle attacks. Implement and configure vpns properly to ensure maximum security, like kill fit, a kill switch features in Proton and server hopping as well to kind of make it harder and keeps you a little bit more secure. Might increase the latency a little bit, but you know again, safer, sometimes better.
Speaker 1:This next one is kind of extra. This is if you really like to learn and you're hungry to kind of understand how a lot of this stuff works, and that is, understand the importance of encryption, and encryption basically is just taking things that are readable like most people say, plain text and turning plain text, which is human readable, and make it not readable and make it encrypted oh, fancy word, right, you can say that in any conversation and make you sound a lot smarter. I'm not suggesting you go out there and buy a textbook and read about things like the different encryption methods, such as RSA, md5, and hashing, but it's worth it if you're interested in that and it's pretty cool. But even if you encrypt your stuff, that doesn't mean you're completely protected. There is a catchphrase in cyber that I really like, that a lot of professionals use and a lot of people in the space use, and that is it's not if you're going to get hacked, and some people say popped, it's when you're going to get hacked.
Speaker 1:So even if you encrypt your stuff, there are tools I've used them in my studies that can allow encrypted information to be decrypted if it's encrypted poorly. One of these popular tools are called Jack the Ripper and that can decrypt things if the situation is correct. But again, these things encrypting your stuff most things do that for you automatically, like mail servers and communications. Your stuff is usually encrypted before you send it. Therefore, you automatically mail servers and communications. Your stuff is usually encrypted before you send it. And if you want some more information on that process, feel free to read the blog that this is based off of on my website, again, the-world-buildercom. I have a list there. It's a little biased, but I had a fun time writing that one.
Speaker 1:And for the tips use encrypted messaging apps like Signal and WhatsApp and then ensure websites you visit, use HTTPS. If a website uses HTTP, run as fast as you can, it's not safe. Https is Hyper Text Transport Protocol. I'm not Googling that at the moment, so if I got it right, awesome, that means I remembered. If I got it wrong, I'm sorry. And then HTTPS is the same thing, but kind of is secure I believe that's what the s is is secure or something like that. So most websites use it because https is standard. If they don't have it, it's suspicious. And for the more experienced, implement encryption on personal and professional devices. And then this is where you kind of want to learn the different types of encryption. If you're already into this stuff, it's not that far of a leap to kind of leaning into that. The best thing you can do is keep learning, as I keep saying. The next tip is very self-explanatory, but it isn't done enough and bears mention, and that is just practice.
Speaker 1:Safe browsing habits. We spend so much of our time browsing online that we may think we're doing everything we can to be safe and we're not doing anything risky, but we've all fallen for the lure of attempting off for online that could have been hostile. A lot of these are like oh, free V-Bucks or get this game, cheap discount codes from weird websites, and so on and so forth. If something seems too good to be true, nine times out of ten it is, and it sucks to admit it, but it's likely not real. And even recently a personal story from my end I was working on a family member's computer, trying to factory reset it because it's never been factory resetted and it was swarming with viruses. And I actually went onto a Microsoft website that looked real and took down a phone number for my grandmother to call and it wasn't a real phone number and that was a whole ordeal. So even official Microsoft websites could be cloned and faked.
Speaker 1:So when you're browsing online, always read the URL, make sure it looks legit, again make sure you're on HTTPS, so on and so forth. The biggest thing is misspelled URLs like Facebook or something as simple as that, because again, malicious actors will prey on the people who do not understand the things, and a lot of people who aren't experienced or really don't care will never really read the URL that they're on. They'll just assume it's fine. So always check that out if you can. And again for the tips, avoid clicking on pop-ups and suspicious links, use a secure browser and adjust privacy settings and, for the more advanced, regularly clear cookies and cache to maintain privacy. Finally, the last tip I got for you I've already mentioned throughout this episode, and that is educate yourself continuously.
Speaker 1:Continuously learning and advancing your understanding of internet safety and cyber security is one thing that is entirely within your control. You can choose to learn and be aware, or you can ignore everything and take your chances, and that is a normal thing to do. When, if you end up doing something bad and it does happen it's easy to blame external factors. It's a normal human reaction. But there are countless resources available to educate yourself, many of which are free. The best thing you can do is keep learning and never be satisfied, and when something bad happens, just take it as an opportunity to be like okay, how did that happen? How can I learn more about it? What can I do in the future to make sure my security posture is stronger so that it doesn't happen again? How can I not fall for a scam next time? So on and so forth. Just ask yourself those questions and pursue knowledge relentlessly. And, given how much the digital landscape morphs and advances, staying informed is an ongoing effort, but it's worth it If you can stop a lot of these problems from happening in the first place. You'll save thousands of dollars and a lot of headaches. And here are the tips For novices follow trusted sources for security news and updates and take online courses or watch videos on basic internet security.
Speaker 1:I recommend Black Hills Internet or Black Hills Cybersecurity something that's been a while since I listened, but they're very approachable. Cybersecurity Powerhouse and their podcast is entertaining and informational. And, for the more advanced, participate in forums and communities focused on cybersecurity. Attend webinars and conferences to stay updated on latest threats and solutions, and there's constantly a bunch of different conferences going on. I almost went to a few of them, but you can find websites out there that just lists a lot of the ones that are going on and just attend them if you can.
Speaker 1:That's pretty much all of the tips I got for basic internet security. I hope you found them helpful. I hope you learned something new and I hope, if you're an advanced user, I hope the tips that were tailored towards you maybe helps you learn something new as well. That'd be pretty dope, but if you like this type of stuff and you want to see more from me, feel free to head over to ko-ficom, slash worldbuilder and subscribe for $5. I'm working on some extra perks, but it gives you a shout out. Any little bit helps me keep doing this as a side hobby and I love doing it, no matter what. It's fun to talk into the microphone and just be a little bit educational for once. So thank you again and I'll see you in the next one. Be safe out there.
