Information security is a very broad and complex area. For ordinary users, this in short means that many things can go wrong while using your computer or mobile phone. There are many ways you can lose your data and/or your online accounts. If we add attitudes, such as “they won’t go after me”, “I don’t have money, they have nothing to take from me”, “I don’t care about that password”, or “even if they hack me, I don’t have important data on that computer”, to that, in general, we don’t have a good starting situation.
Everything said above is, unequivocally, bad. There is not much room for interpretation. Can we fix the situation somehow? Yes, we can. The good thing is that, in fact, many things depend on you and that your actions can significantly improve the security situation. In this text, we will deal with exactly these things. Some will be easy for you, some difficult. Some will be boring to you, and most of them will tell you that you are not doing something right. In this text, we will cover three important items that, if you understand them in the right way, can significantly improve your situation.
What Is 100% Safe?
Nothing is 100 % certain. The first thing we need to explain is what you are actually trying to do when you are ‘behaving’ safely. Absolute security exists nowhere, not even in information technologies. Even if you do everything right, there is still the possibility that a problem occurs.
All the measures you take are actually to reduce the likelihood of the problem occurring. Take traffic as an example to compare. From an early age, they teach us how to cross the street, what we should pay attention to. This reduces the likelihood of being hit by a car when we go out on the street. On the other hand, information technologies have happened to us quickly and we still don’t understand them enough. Therefore, some of our behaviors can be very risky. E.g. running an .exe file that came to you from an unknown sender, in traffic would be equivalent to running over a highway. And we know why it is not good to run on the highway, right?
So, only if you understand security in that way can you successfully deal with the problems that lie ahead.
Passwords, Recycling, and 2FA
The passwords you use to access online accounts must be long and complex. You have probably heard this advice many times before. What is almost equally important, and not mentioned so often, is that you must not recycle passwords. This means that you only use one password for one web service. If you use the same password for all services, it is enough that one of the services you use is hacked and you are almost certainly left without access to all your accounts.
Your password is as strong as the weakest service where you have used it. Facebook, Google, and Twitter are very secure services, they don’t ‘crash’ so easily, and that is fine, however, if you used the same password, 7-8 years ago, on a forum that is no longer maintained, the probability of compromise grows significantly. Such attacks are very common in practice and therefore passwords must not be recycled. A few years ago, researchers were able to access login data for over 250 million Google, Yahoo, and Microsoft accounts, just by combining data they collected in various ‘minor’ compromises of less important services.
If a problem does occur, it is important that two-factor authentication (2FA for short) is enabled on your accounts. In practice, this means that after entering your username and password, the system will ask you to enter a “second factor”, which will usually be an SMS message sent to your mobile phone. Only after entering the correct code will you be able to log in to your account. This contributes significantly to security because, even if your password was ‘broken’, an attacker would not be able to access your account without accessing your mobile phone. All leading online services give you the opportunity to activate this option for free.
Pirated Software and Software in General
This is one of those items that will be difficult for you because it implies the need to change your habits. When we talk about software, the first thing you have to adopt is that you always have to use the latest and up-to-date versions of the software you have installed on your computers and phones. Every update should be done immediately and without delay. Why? In many cases, updates actually fix for security vulnerabilities in the software itself, which an attacker can use to take control of your computer. Therefore, never delay updating the operating system and software you are using.
The other important thing when it comes to software is also the most difficult, especially if we take into account the habits of some people. We will say very directly: Pirated software must not be used. This includes the operating system, but also the programs themselves. Here, too, we are not talking about the legal aspect of (illegal) software and copyright issues, which has been resolved in most countries of the Western world. We are talking exclusively about security.
What is actually the problem here? You can never know if the operating system you downloaded from Torrent or the cracked version of the program you are using has a “backdoor”, i.e. a door left by the crack perpetrator himself, which allows him to access your computer at any time. Are some cracked versions without backdoors? Probably they are. However, no one can guarantee that, so it is recommended that you avoid them. If you still don’t want to pay for licenses for basic or even advanced (with certain exceptions) computer use, some of the Linux distributions that are no longer difficult to use and install, and far more secure, will suffice.
Then Why Did They Hack Me?
Let’s return to the question posed in the headline. Let’s say your password was not good, you used it everywhere, you didn’t have 2FA turned on, you almost never updated your operating system, and every program you use was cracked. To this, we will add the fact that a large number of attacks that occur are not targeted at all at the specific person/organization, but at vulnerable software and bad credentials. In such a situation, it becomes irrelevant that you are not rich or that you don’t have important data on your computer. You may face the intrusion to your bank account, for example, especially if you use your credit card for various online transactions, such as purchasing online, betting at bookmakers (regardless of the fact you have chosen the most secured ones that can be found at Bookmaker-Expert.com)… Rich or not, you may lose all your money this way. The answer to the question then imposes itself. They hacked you because they could.
If you follow the tips in this text, you will significantly reduce the likelihood that your computer and mobile phone will be compromised.