5 Risky Cyber Mistakes You Didn’t Know You Were Making

The cyber world we live in has significantly improved our lives. It has allowed us to create, share, and communicate in ways we never could before. However, with all these advantages come some dangers. 

Poor understanding of cyber security can make you an easy target for hackers who wish to steal your data, shut down your computer, or even hold your systems for ransom.

This article explains a few key mistakes that people make that can allow hackers to victimize them. By simply understanding how to use technology safely, you create a wall of protection against malicious hackers.

POOR WIFI SETUP

WIFI is something frequently not up to par when it comes to security. People seem unaware of how dangerous having an unsecured WIFI can be. Even if a licensed professional set up your router, you could still be at great risk. 

SSID

An SSID (service set identifier) is the name that you give to your WIFI network in order to identify it.

Many people plug in their shiny new Linksys router and immediately see a WIFI network called “Lynksys_05cSD.” While It may be convenient to leave it as is, I assure you it is not very secure. You are letting everyone else who sees it know many things about your network by leaving the default network SSID. 

By looking up which router has that name by default, a hacker can see what other default settings that router has, like the default admin password or even the default WIFI password if it has one. Additionally, they know exactly which device you have, so they can use specific attacks that work best against it. 

By not changing the SSID you are making it easier for a hacker to break into your network. Change it to something clever but make sure it has nothing to do with you or your life.  

WIFI Password

This one should be obvious. Unless you want any random person connecting to your WIFI (which is a very bad idea), you’re going to have to add a password. Make sure to change this to something secure. 

Most routers have a password generator that will give you a random sequence of numbers and letters that you can use. Later in this article, I will explain how to make safe passwords that you might be able to remember.

Encryption 

When making a password you’ll see some options for encryption type.  What you want to do at this point is choose WPA 2 AES. This is the most secure encryption you can get. 

If you choose WEP encryption you might as well have chosen no encryption. WEP encryption is so outdated that it can be breached almost instantly. Regular WPA is the older version of WPA 2 left over to support older devices but is not as secure. This is like TKIP; exists in case you need to use some legacy hardware. Basically, pick WPA 2 with AES encryption and you should be okay.

Admin Login

The admin login is the credential needed to access the router’s setup interface. Usually, the default username is “admin” and the default password is “password”. You want to make sure to change these to something secure, as anyone who connects to your networks can access this. You don’t want people changing your WIFI password or other settings without your knowledge.  

Guest Account

Guest accounts are used for people who are visiting a location for a short time. It allows them an alternate login and password for the main account. These accounts should either be disabled or set up to be as secure as the main networks.

Updating Firmware

Having the latest updates will increase effectiveness, decrease bugs, and improve security. Most routers allow you to do this in their setup page. Usually under advanced settings it will say something like “Update Firmware.” If you find a newer version you should install it.

WEAK PASSWORDS

Passwords might just be the most fundamental part of cybersecurity. It’s so extremely basic and yet so very integral.  

Passwords have been used forever; since the day a secret society needed a way to verify members and will be used until all of humanity comes together and decides to stop trying to get into other people stuff. 

Despite how often we use passwords, most people are very bad at creating them. This is probably because making a good password is so very contrary to making something easy to remember. People think since they will be needing to use it all the time that it should be something easy to keep track of. Something like their dog’s name plus their birthday. That is not a good password!  

A password is to be something that only the relevant party knows. It needs to be nearly impossible for someone to guess and highly difficult for a computer to crack. 

Many hackers know how people think and use this to come up with possibilities for their passwords. You wouldn’t believe how often people can just simply guess passwords. Also, there are many computer programs usually called “password crackers” that will basically try every password it can think of until it gets the right one. 

For this reason, most modern passwords are required to have capital letters, special characters, and numbers. The more variation and possibilities a password has, the longer it would take a “cracker” to crack. 

Imagine a lock with a 3-digit combination. If you tried every combination starting with 111, 112, 113, and so on, eventually you’d open the lock. A computer doing this is much easier and a lot less tedious. Plus, computers use advanced password guessing algorithms that will test more commonly used words and phrases first rather than starting one character at a time. 

How To Make a Secure Password: 

1) Pick 3 or 4 words that aren’t commonly used together but still have some meaning to you. 

Red, white and blue is not what I mean here. You want something more along the lines of carrot, phone, shovel, man. Considering these words have probably never been used together in all of history, it’s unlikely a program will try it. It helps too if the words somehow mean something to you, while still remaining distant enough to be guessed.

For example, one of my old passwords used the word “shrimp escape scare” because of this one time that a shrimp had escaped and scared someone. It makes it easy for me to remember and hard for a computer to guess. 

2) Add some numbers. 

If you can remember a random string of numbers, then go ahead and use those. If you can’t, find some number sequence that you can find again but that doesn’t relate directly to you. Instead of using your birthday, use the birthday of your favorite musician. This way if you can at least remember where the numbers came from, you can do a quick google search and get them again.   

3) Add a few special characters 

This part is tricky because most people like to replace letters with alternatives and think it’s a clever trick to be secure and have an easy to memorize password. However, password crackers are smart and can often read between the lines when it comes to letter swapping. 

“@fterm4th” for example isn’t great because “aftermath” is a very common word and replace a’s with “@” and “4” is something most programs would try. Your best bet is either to add them sporadically (hard to memorize) or just do what I do and use emoticons. They’re easy to remember and fun to use. 

Check out this wizard made of special characters. (∩ ͡° ͜ʖ ͡°)⊃━☆ 

4) Put them all together and you’re done  

Now you have some mismatched words that have meaning to you,  a random string of numbers that you’ve ingrained into your psyche, and a weird emoticon face made of special characters. Go ahead and slap them together in whatever fashion you like, and you got yourself one heck of a password. 

Really though, if your password is “791TelevisonPaperStatusFish(>‘_’)>”  who’s going to guess that? https://howsecureismypassword.net says it would take 21 NOVEMVIGINTILLION YEARS to crack this. All while being fairly easy to remember. 

EMAIL SCAMS

Don’t even get me started. This one contains such an incredible risk while being one of the most overlooked and non-understood aspects of safe computer usage. The consequences of having an inbox filled with spam could be having all your systems shut down, leaving you at the mercy of some grimy hackers. 

People don’t understand what they’re doing when they click thoughtlessly thorough emails, opening everyone they get, and downloading files from people they don’t know. Let me break down everything that can happen just through emails. 

1) Spam  

Everyone loves spam! 

Free iPhone 10 from IPHONEGIVAWAY@hotmail.com.

Hey {name error} this is Betty! I wanna talk… from CHATboti8439@scammer.net. 

They’re just so amusing! Really though, no one wants these obviously meaningless emails appearing all over their inbox, making it harder to see what is actually important. But why do we get these emails and how do you make them stop? 

The first thing you should know is that if you’re getting a lot of spam, that probably means you’ve opened a lot of spam. Hasn’t anyone ever told you not to open emails from people you don’t know? This may be part of the reason. 

When you open a spam email, you run the risk of auto downloading content from that email. When this happens, the scammer that sends these emails gets notified that you’ve opened their email. Now that they know that you are a person who opens spam, they will put you on a list of “easy targets”  and send even more spam to you.. So basically, when you open spam you get spam. 

The more you do it, the more you get. Stop it! Stop opening random emails. Don’t open anything from someone you don’t know. Be sure to check the sender’s address, it might say it’s from Bank of America, but the sender address will say “support@bankofamerca.com.” Notice the missing “I” from America. Scammers will often send emails from look-alike domains.

2) Phishing 

This one is as clever as it is dangerous. It involves creating fake login pages that are incredibly close to being identical to the real ones. It happens like this. You get an email from Amazon saying, “Your Order#34251-4 could not be complete.” Now you buy stuff from Amazon all the time so when you see this you don’t think twice about it. You just open it and see it says some vague stuff about an order and that you should sign in to see more info.  

You click the “Sign In” hyperlink and it brings you to the Amazon sign-in page (or something that looks exactly like it). You put your info in, hit enter and the page refreshes. . . Weird. You type it in again and now it logs in, but you don’t see anything about any orders not going through.  

At this point, you’ve already been had. The scammers now have your login and password and can use it for all their nefarious purposes. So, what really happened? 

That email about the order? That was fake. Probably sent form some email address like AMZN@on.com (looks good at a quick glance). If you read the email carefully you start to notice it’s not quite what you’d expect from a company like Amazon. There may be spelling and grammatical errors as well as things just being plain weird. Here comes the best part. That link you clicked to sign in to Amazon was fake. 

Even if you had looked at the URL it would’ve been something like “http://www.amazon.com/orders/signin.php” which seems normal.  The actual site that it links to is a completely different address. 

If that doesn’t make sense check out this link google.com. Even though it says google the link takes you to Yahoo. The page it took you to was designed by some hacker to resemble precisely what the Amazon login page looks like. Once you enter your credentials and click enter, the site stores your data and then redirects you to the real amazon login page. 

To you, it just looks like the page messed up or you entered a wrong password or something. Now that you’re at the real site you log in and it works. Your brain thinks all is well even though you’ve just willingly given up your account info. 

See what I mean by clever? 

3) Malware 

At the very least, I’m sure you’ve been told that downloading files from strange websites on the internet can give you viruses. If you haven’t, well, I feel bad for your computer. Anyway, you should also know never to download attachments from emails you can’t be certain are from a reputable sender. 

These attachments could contain malware, spyware, viruses, and other things you don’t want on your computer. You must become proficient at knowing the signs of malicious emails, as some can be quite brilliantly disguised. Don’t think hackers don’t know who you are and create targeted emails towards you. 

I’ve seen people who had their company phones linked to their email so that they would be sent emails with voicemail audio files as attachments. They would get scam emails that look like voicemail emails and have an attached file name similar to the real ones. These attachments would even play a sound clip of someone going “Hello Hello” before sending them to a phishing site! 

The point I’m trying to make is that you can never be too careful. Never underestimate the extent people are willing to go for cybercrime. 

THE DANGERS OF BYOD 

BYOD, or Bring Your Own Device, is a fairly new concept. It basically means what its name implies, as in using your own device (as in your personal phone or computer) as your work device. This means allowing employees to connect to company networks, accessing restricted files, using company applications and having other privileged access. 

This a pretty unstoppable phenomenon as most people have smartphones and powerful computers and companies are glad to not have to purchase expensive equipment for every employee. Plus, most employees just feel more comfortable using what’s familiar to them so it’s a win-win situation. 

But, enough about the positives. I’m here to open the tent of ignorance and reveal to you the harsh realities of cybersecurity.  

1) Data Breach/ Potential Leaks

Anytime a non-employee, or an employee without proper credentials, gains access to company information and views, stores or sells that information, you have a data breach.  Data breaches can be very detrimental. Critical data being stolen could end up costing the company a fortune or even cause them to lose their license and have to close down.

If you think I’m exaggerating, consider any company dealing with medical records. Many laws and regulations ensure the confidentiality of this data and if a company’s lack of security ends up causing it to be exposed, the company will be at fault. 

Or perhaps, data gets leaked of a company’s upcoming event. A competitor could use this information against them.  

Data gets leaked most often through stolen devices. People steal phones and laptops all the time and sometimes these people know the value of data. Data stolen can be sold on the dark web for a high price. How do you prevent this? Well, besides keeping your phone glued to your person, companies can introduce Mobile Device Management (MDM) software that can remotely track, lock, and format a compromised device.  

Data could also be leaked simply by letting others use your devices.  Make sure you store any important data in a “hard to reach” place so that no one accidentally stumbles upon it. Be sure that you know exactly what the temporary user has in mind when allowing them access.

2) Malware  

Yes, malware again. Malware is very dangerous and can spread like a disease. Employees take their devices home and do all sorts of risky things to them. This, to me, is the worst aspect of BYOD because it relies on people’s knowledge of cybersecurity. 

Most people won’t think twice about plugging in their phone to their home computer or transferring files using some flash drive they found lying around, but this is a serious risk. Advanced malware can spread the second you connect a device to it, then lay dormant on your phone/ flash drive/ laptop until connected to a company device or network. The malware spreads and now your company is infected. 

You need to be extremely cautious about which networks you connect to and which computers you plug into. If your home computer runs slow and constantly has browser windows popping up saying “Local singles wanna chat! Click here now!”- you should think twice about connecting anything to it. 

This goes with networks too. Your home networks should be ok if you took the right steps setting up its security. Free McDonald’s WIFI, on the other hand, is a no go. Public WIFI has all sorts of vulnerability and connecting to it could easily infect your phone. I will go into this more in the next section. 

TRUSTING PUBLIC WIFI 

Sure public WIFI is convenient as data plans are expensive and everyone knows “unlimited 4G” doesn’t really mean unlimited 4G. Switching to WIFI networks when available is a great way to avoid using up your precious data. I mean, it just makes sense, why use my 4G data when I’m in range of a Free WIFI network? As helpful as it is, it comes with some hardcore security risks. 

1) Rogue WIFI Networks 

A rogue WIFI network is one that someone other than the establishment providing the WIFI is hosting, in order to trick users into signing into it. Say you’re at Subway. You see some available networks. One is called “SUBWAY FREE WIFI” and another called “SUBWAY OPEN WIFI.”  Which one do you connect to? 

You’d probably click either one and see if it works, and then go about your business, not knowing that “SUBWAY FREE WIFI” is a network being broadcasted by that sketchy character at the back table, on his laptop. 

While you browse, the hacker has collected all your data. Everything thing you visit, everything you login into . . . everything. You’ve given your delicious data up on a silver platter.  

 To avoid this, you should ask the employees which network is the real one. Another thing you can check is for a hotspot login page. Most company’s WIFI will require you to open a browser window and agree to their terms and conditions and sometimes provide an email address. A rogue network is much less likely to have one. 

Finally, be sure that the websites you visit contain “Https: in the URL. The “s” at the end means your connection is secure.  

2) Packet Sniffing 

Packet sniffing is pretty much what the name implies. It’s when someone uses software to read the (sniff) data being transmitted between the computers and the network. So, whatever you do on the network could be seen by some malicious hacker. 

 You can counteract this by using a virtual private network (VPN) to hide your data.  A VPN sends the data to a remote server before accessing the internet so you’re effectively hiding from the websites your visiting. It also encrypts the data, making it impossible for a sniffing packet to read, as it appears as a bunch of jumbled up text.  

3) Malware  

Yes, once again malware. Public WIFI networks can be vessels for it to spread and infect devices. Hackers will discover weaknesses that allow malware to be introduced without the users knowing. One day you are browsing Facebook at your local Barnes and Noble and the next day your computer is demanding $2000 worth of bitcoin for the rights to your data again.  

The best thing you can do is keep your computer updated and have some sort of security application. Many of the weaknesses hackers use are quickly patched, but you must allow the computer to update in order for them to work. Anti-malware programs will monitor and scan your computer for malware that exists or that is trying to be introduced.  

Final Thoughts

The cyber world is a dangerous place. A dark forest filled with highly intelligent predators waiting for you to make the slightest mistake. And when you do, it’s a whole mess of trouble you could find yourself in.  

The best way to stay safe is to stay alert. Take time to learn about the risks that are out there. Read up on new ways that hackers are targeting people like you. Practice secure habits for dealing with technology. The more knowledge you have about cybersecurity the safer you’ll be.