International Computer Security Day

By Filip Dimovski

Keeping security and privacy in check

The world has become more connected than ever before in human history, and with the growing complexity and advancement of integrated circuits, hardware and software, security has become an even more important topic of discussion and concern. Information technology is encompassing and enriching our lives, but that also brings new challenges that we ought to tackle, in order to ensure technological advances are used in an ethically proper manner.
The 30th of November was introduced by the Association of Computer Machinery as the International Computer Security Day in order to raise awareness of the security implications technology has brought forth.
This blog article intends to mention some of the important aspects of security that we face every day, and give some helpful information on how to improve our security and privacy by employing some good practices.
Using many computing resources and online services requires authorization, and checking for the identity of the user that wants to access them is called authentication. What is usually used for this process is a piece of information that only the user is supposed to know: the password. Passwords are supposed to be long and complex, known only to the user, and kept safe. Passwords should not be a word from the dictionary or contain any data related to the user (e.g. date or place of birth, parents’ names), as these can be easily guessed and derived from public information, or even a conversation with the person. Instead, a user should generate random long passwords and store them in password management software. For example, have one password to remember that unlocks the password manager, and this software keeps long random passwords of the services you use, which you do not need to remember.
Besides passwords, adding to the security of authorizing access to services is the so-called Two Factor Authentication (2FA), where a user uses something they own (a smartphone) to generate via an application (or receive via SMS) ephemeral time-based codes, which they can use to authenticate themselves to the system. This increases security further, as there is one more obstacle for a malicious party to overcome if they intend to break into the system. Personally, I recommend using smartphone authentication applications instead of SMS, since SMS messages may be intercepted, and the applications cannot be (and they do not require cell phone coverage).
Security goes hand in hand with privacy. We’re increasingly relying on free services that allow us to communicate with our friends and family; however, if we take a thorough look at the fine print of their terms and conditions, we will notice that most of them gather our private data, conversations, pictures and other personal information that we willingly give, so they can monetize it, i.e. earn from it, by selling it to third parties and serving us targeted advertising. This has serious implications for our privacy, as conversations that were meant to stay private now are used to gather more data about us, thus profiling us and learning more about our habits. This information, if not adequately protected from unauthorized access or malicious use, can be used to target users and manipulate public and personal opinions. That is why it is important to set up and use services that offer end-to-end encryption for private communication, where only the parties involved in the conversation can see it, and no one else.
One of the weakest links in computer security is the so-called “human factor” – the users themselves. Clever malicious parties can use so-called “social engineering” in order to gather more information about a user and convince them to allow them access to a system or a service. This can be done either indirectly, via email and messaging, or even via conversations in person. This is why it is important to not share a lot of information about ourselves and not to use that information in any passwords or any methods of authentication.
Besides these security considerations, it is also important to mention the importance of using secure and auditable software. Ensure the software you are using is up to date, and that you install necessary software from reputable vendors. For example, most of the popular Linux distributions offer open-source software and timely security updates, and the software’s code is available to everyone for review and reuse.