BSides SF Security Conference: The Perils of Browsing the Web
The unrelenting nature of internet security demands that you keep up with the latest and greatest threats and risks exposing your personal information to hackers, thieves, and governmental spies. With so much at risk every time you open a web browser, it can be frightening browsing the web these days. Fortunately, some of the brightest minds in the internet security industry have gathered on April 19th and 20th for the BSides SF Security Conference in San Francisco to collaborate on topical threats to online privacy.
Protecting Your Privacy on a Need to Know Basis
Guest speaker Lisa Lorenzin, a Principal Solutions Architect, began with a presentation that explained to users how to proactively limit online entities from collecting meta-data while you browse the web. She recommended some essential tools for maintaining personal privacy that should be in every web browser’s tool belt.
First and foremost, she recommended using HTTPS as often as possible. HTTPS is a protocol that is not unlike a VPN tunnel. It uses SSL/TLS to encrypt your data as it is sent from your computer to a server. You need to always check to make certain you see a padlock next to the URL in your web browser (this indicates an HTTPS connection). If, for example, you do not see the padlock as you engage in online banking or any other communications that involves the transmission of sensitive data like tax information or your Social Security Number, you should refrain from submitting your information.
In addition, she highly recommended taking advantage of ‘private browsing’ features that are incorporated into the latest web browsers. Using this feature, your web browser won’t cache cookies that can be used to gather information regarding browsing history.
The Perils of Online Phishing
On day two of the conference, Kevin Bottomley (an OpenDNS security analyst) explained how common and destructive online phishing is. He gave some incredibly eye opening insight as to how malicious users phish for data. First and foremost, spear phishing involves trying to establish a relationship of trust between the attacker and the victim before trying to gain usernames and passwords.
One lesson to learn here is to never trust people you have only met online. However, you must also understand that illegitimate businesses also create false online presences to garner you trust. If you haven’t met an online entity (or representative of that business) in person and they do not already have an accountable reputation, do not send them your data.
Secondly, you need to be aware of a technique called clone phishing. This type of phishing consists of an attacker gathering as much information about a victim online before following through with the attack. Volumes of information can be gathered from social media profiles, LinkedIn, as well as emails to give an attacker ways to entice you to forfeit your personal information. The best way to prevent clone phishing is to use social media security controls. For example, Facebook allows users to limit which groups of friends can access different portions of your profile.
The Nature of the Internet in 2015
Even if you don’t have a technical knowledge of these types of attacks, you can still protect yourself online by following these recommendations. Users today simply cannot afford to neglect their online security. Domestic hackers, multinational governmental organizations, and plain old crooks can steal your information in an instant. The previously mentioned best practices combined with a VPN will protect you against the vast majority of online threats. If you aren’t following these recommendations, it is high time you reconsidered what you are risking without online security.
To protect your privacy, please feel free to read out top picks for VPN providers.