A few of you might have noticed over the weekend that our website was briefly hacked and defaced over the weekend, and we will like to thank the few of you who have brought it to our attention. After restoring everything back and going through an extensive review of the flaws that allowed it to happen, we have beefed up the security of the website and such an incident would be less likely to happen again. And even if it did, we will now be better equipped to manage it. And not to worry, no one’s account details were accessed or compromised in any way. And in light of the incident, let’s go through some common mistakes that a typical user tend to make in terms of IT security!
1. Insecure Passwords
By far, these are the most commonly known mistake, and yet people still tend to commit them simply because it’s more convenient. While it’s understandable that you may have numerous accounts on various social media platforms and on other websites, and to prevent yourself from forgetting, you might actually just use that 1 single password for all the sites, you are actually running the risk of having all your accounts compromised as long as your password is obtained by someone else. Other than that, you may actually use a very weak password that can be easily guessed because it’s too much of a hassle to think of a password whenever you create an account somewhere. According to Have I Been Pwned, who have obtained millions of passwords from previously known data breaches, these are the top 20 commonly used passwords in the world:
Hence, if you have a password that can be found among this list of 20, it will be the best for you to change it to something that is more secure. The typical website will require you to create a password that are at least 8 characters long, with the password consisting at least a digit and a letter. However, that is still not good enough. It will be ideal if you can include at least an upper and lower case character as well as special characters such as !@#$%^&*(). Even better if you do not use words that can be found in the dictionary as your password at all. The more random your password appears to be, the harder it is for someone to guess it. But of course, it will make it harder for you to remember as well, but one good trick is to use abbreviations. For example, if you want to create a distinct password for each different account you own, and you’re afraid of forgetting your passwords, you can try doing this: “+!mFb@T!12Li”, which is essentially an abbreviation of “This is my Facebook account that I want to log in”, and replacing some of the letters with numbers and special characters whenever applicable. You can essentially use the same format for everything, and just replace FB for whichever is the website so that you can remember while still being different.
2. Not Implementing Security Measures
Getting a strong secure passwords will typically be the end of it for most users. However, if you’re managing your home network, or if you find yourself bringing out your laptop and working in cafes and using public WiFi networks, then you will need to know this. I believe most of you should know to secure your home WiFi network with a password, and you’re recommended to use the WPA2 encryption, etc, so I will not cover that. But know that in the event that you leave your WiFi network unsecured, because “What’s the harm? My WiFi is unlimited so it’s not like I lose anything, right?” Wrong. Letting people you don’t know into your network is one of the most dangerous thing you can do in terms of IT security. From the most minor consequences of someone using your network to download illegal materials that end up getting the authorities knocking on your door because they traced the IP address to your house address, to the most severe consequence of actually leaking all your most private and personal information. Once in the same network as you, someone with the know-how or the readily available tools, can actually gain access to your computer (as if it’s a network drive) and he can actually go through all of your files just like that. And if he chooses to, he can install a keylogger on it as well. And just as what it says, a keylogger is a software (more of a malware) that is designed to look like a innocent random file that’s on your computer, but is actually recording down all the keys that you type on your computer. Never mind the embarrassing words you type to the person you like, but if you are online shopping and you’re keying in your credit card details, the ‘hacker’ has got it all. And he can then easily use your credit card details to do his own shopping.
Now that you’ve understood the importance of securing your own network, now let’s look at what you can actually do when you have no control over the network, such as accessing a public WiFi. Actually, as much as possible, do try to refrain from using public WiFi, because you simply never know, but in the event that you really have to, then please make sure that you have installed a firewall. A firewall, in layman terms, is essentially like a virtual wall that will filter through the traffic that goes in and out of your computer. If you have travelled overseas and have gone through the customs, this is essentially the same thing. There are many free firewalls out there as well as paid ones that are obviously a lot more robust, but if you’re a layman user and you don’t think hackers have a strong reason to specifically target you, then I guess a free firewall will do fine. Just as long as you have one to filter out the traffic.
3. Visiting Dubious Sites
Also a common thing that everyone should know, but for one reason or another, people can’t seem to avoid visiting dubious sites. It can either be through clicking on pop-ups (install a pop-up blocker already, come on) or simply because the content on such dubious sites are just seemingly irresistible. Whatever the reason is, if you find that you really need to visit sites that you know for sure is unsafe, make sure to have that firewall up and running, and DO NOT CLICK ON POP-UPS OR INSTALL ANYTHING! Installing something from such sites is as good as you visiting a notoriously bad restaurant with failing hygiene standards and willingly to eat the food that the chef prepares for you. Do you seriously expect yourself not to get food poisoning? But definitely, refrain from accessing such sites in the first place.
4. Not Checking Your Emails Properly
Last time, emails were a lot more dangerous than they are now. In the past, when the email clients aren’t that strong yet, viruses and malware could be embedded into the email itself, and it immediately starts executing its operation once you open the infected email. But luckily, email clients are now so much stronger and stringent in their security that this doesn’t really happen anymore. But while you shouldn’t expect to get a virus or malware from simply opening an email, please verify the email address of the email that you receive, and practise just a little bit of common sense. Because what I’m referring to, are phishing emails. Phishing, sounding like the word fishing, simply means that the email is meant to fish for your personal information by pretending to be of a legitimate source. For example, a bank, or an online shopping portal that is commonly used, or PayPal, etc. Often, their modus operandi is to pretend to be an email from the actual website, and they will make up an excuse, such as “We are purging our inactive users from our database, in order to verify that you’re still an active user of the site, please enter your credit card details to verify”, etc. Please note that no companies or websites in the world will, and should, ask you for your credit card information through email. So whenever you see such a thing, look closely at the sender’s email address. For example, between <firstname.lastname@example.org> and <email@example.com>, which one is the fake email address? If you’re able to answer this question, good for you, but if you’re not… Just look closely.
5. Being YOLO
Yeah, YOLO is so 2017 or 2016, I don’t even. But it’s basically the only thing to describe someone who doesn’t bother to install an antivirus or to regularly do a back-up of their computer. Like it or not, people make mistakes. Maybe just that once, you get too excited while visiting a dubious site and you accidentally click Yes to installing something. It’s only that one time, but sometimes, just that once is enough to cause tons of damage to your system. While prevention is better than cure, it is important to still keep your cure handy whenever you need it. And antivirus and regular back-ups are those cures. I don’t think anyone is new to what an antivirus is, but an antivirus allows you to scan your filesystem for any traces of viruses or malware that may be hidden from sight. Because not all viruses or malware are designed to wreck your system. Some malware, for example, the keylogger I mentioned earlier, would much rather that your system lives as long as possible, because what they want is your sensitive information. Whereas some malware will actually convert your computer into a “bot” to use as a part of their attacks on other target, where they will direct unauthorised traffic through your computer, making it much harder for authorities to trace them. As such, install an antivirus software, keep it updated, and scan often.
Next, will be backing up of your system. In the rare but not impossible occasion when a new virus has been programmed and is on the loose, and current antivirus and firewall software are still unable to detect it, and it intrudes your system and simply corrupts all your data just like that. You will at least be able to reformat and wipe all your hard disks clean and just restore from your back-up. Go to bed and wake up to a system that is barely changed from before the incident. Better than formatting everything (because you’ll need to do it anyway) and having to slowly install all your applications one by one, and lamenting over the lost of all your game progress or project progress. Also, sometimes even when you don’t get a virus, you might actually do something stupid and corrupt your system files, and that’s when having a back-up will help too.
Well, with that, I hope that you guys have learnt a little more about the importance of protecting yourselves and your information and how to go about doing it.
As always, stay tuned to our website updates by liking and following our Facebook page: https://www.facebook.com/Nightowlcinematics/
For any fan art / recommendations / queries for advice that you would like to submit: https://noc.com.sg/submit-content/
And for any business enquiries, send it here: https://noc.com.sg/contact-us/ and we will respond to you as soon as possible!