Protect Yourself Online from Cyber Espionage

Every day we learn how difficult it is to protect yourself from cyberspying, especially with the drastic increase in cyber crime since the beginning of the pandemic. Cyber spying, malware, and other Internet attacks have become much more prevalent. In scrambling to implement work-from-home protocols, businesses opened themselves and their employees to new data threats. 

And it’s likely that your information will continue to come under attack.

Governments have used cyber security as an excuse for enormous privacy violations. From China’s Great Firewall to the British Snooper’s Charter, nations find ways to collect online data. The United States has such a large, complex data collection network it doesn’t even have a nickname. The risk of a government spy targeting you is both pervasive, and so secret you may never know it happened.

Corporations also have a vested interest in your online activity. An Internet activity log can be incredibly valuable to advertisers. Using an ostensibly “free” network or services with no direct payments can result in your personal data being sold to countless third parties. While not technically an “attack,” it functionally makes very little difference. And unlike a government, there is often less recourse for privacy invasions. This becomes even more true if you utilize free cloud storage as part of another network.

Traditionally, hackers are the ones most known to spy on your Internet activity. The proliferation of easy-to-use malware that exploits known vulnerabilities, insecure data transfers, and other online risks mean that hackers can use something as simple as your IP address to violate your privacy.

Even your own ISP may be keeping a log of your online activity. By keeping a record of everything you do on the Internet, you’re three times as vulnerable. Hackers can steal the information. The government can demand a copy of the log. And the ISP itself can sell your data to advertisers, often without specifically telling you.

So, what are the specific issues and how can you defend yourself?

Ways Cyber Spying Affects You

There are so many ways that your cybersecurity can be broken. If you’re not actively protecting yourself from potential cyber attacks, then you run a serious risk of having your personal information stolen. Here are just some of the threats that you face online.

Malware

Malware is a broad category of software that encompasses everything from ransomware to spyware to viruses. Something is malware of it is a program designed to negatively impact the target.

What makes malware such a huge risk is that there are so many threat vectors. You can get malware from opening an email attachment. Or visiting the wrong website and accepting cookies. Or installing an otherwise beneficial app. You might never be aware that something is on your computer hijacking your IP, stealing your data, or encrypting your files. Not to be dramatic, but malware can be on your network right now or sitting in cloud storage.

With all that being said, there are ways to protect your privacy against malware that we’ll cover below.

Spy on IP Leaks

One of the reasons why “cyber space” was also once called the “information superhighway” was that it transfers vast amounts of data. And like on a highway, it’s possible to be “carjacked.”

Your IP address carries a lot of metadata about the network you’re on and where you can be found. It can include your operating system, screen resolution, and lots of other information that make a cyber attack easier. On top of that, an IP can actually “leak” as well.

An IP leak is when you are supposed to have a hidden IP address, but because of how the network behaves, your actual IP is visible. This happens much more often than you know. If a bad actor can find your IP, it can lead them to much more important personal information. It can also open you up to a different kind of cyber attack, the DDoS.

Spoofing & Man in the Middle Attacks

Sometimes a cyber attack doesn’t seem like an attack at all. In fact, cyber criminals have gotten very good at making it seem like nothing is wrong.

“Spoofing” is another broad category of attack that covers cyber threats that depend on the victim not realizing there is an issue. This can include emails or in-app messages that appear to be from services that you use. The cyber criminal also may hijack your Internet connection and make it look like you’re going to a specific website, when you’re going to theirs instead.

This is called a “Man in the Middle” attack. Imagine you’re trying to go to your bank website. But the cyber criminal in question is watching your IP, and redirects you to a page that looks like your bank login page. When you try to log in, you get an error message that looks legitimate, but the hacker now has a log of your username and password.

Other Internet Vulnerabilities

These are only some of the threats you face online. Even if you protect every aspect of your network and mask your IP, the human element is still a potential cyber attack vector.

Fortunately, all of these can be dealt with relatively easily. It doesn’t take a whole lot to have better Security Hygiene to protect your online privacy. Here are the five best ways to protect yourself from cyber attacks.

1. Data Management

It’s not enough just to have your data in the cloud someplace or a folder on the network. The way that you handle your personal information can go a long way to preventing a cyber attack and maintaining your privacy.

Information Cybersecurity

There are several categories of online data that can be potential vectors for cyber attack. Here are a few.

Personal Information

In this case, “personal information” means data that can be directly traced to you or tell a cyber criminal details about you as a human being. It can include anything from your physical location to social security numbers. Some of these are even attached to your IP address.

Thankfully, people tend to be the most protective over this sort of information. Before giving out personal information, even so much as your birth date, confirm that the person you’re talking to is who they claim to be and need that information. Phishing scams can collect a lot of different information over time, then put it all together to steal your identity. Avoid this by checking senders and looking for suspicious requests.

Browsing History

While less actively dangerous, your browsing history is generally more highly prized because it reveals spending habits and interests. These are pure gold to advertisers who want to be able to serve you targeted ads.

Fortunately, it’s pretty easy to protect your browsing history. First of all, you can use a browser or browser mode that doesn’t track it (see below). You can also use a VPN to keep your Internet Service Provider from watching your every move (also see below).

Another easy thing that you can do is better manage your cookies. If you’re not hip to the lingo, “cookies” are small files that are used to tailor your Internet experience. Normally, they’re fine and can do things like make it possible to authenticate a device so you don’t have to verify your account every time you log in. But they might also have unique identifiers that share personal data between apps, making them a potential attack vector for malicious programs.

Because of the General Data Protection Regulation (GDPR) in Europe, most websites now have to inform you of their cookie policy. Take the time to read these and familiarize yourself with the policy from page to page. Find out what the website is tracking and how to opt-out if you want.

Take the time to look up how to manage tracking in your browser as well. Most modern browsers will let you choose websites you do and don’t want to accept tracking files from.

Message/Email Content

Hackers have become very good at exploiting our fear and greed. You’ve probably heard of the famous “Nigerian Prince Scam.” Those are still going on, not least because the cyber criminals behind them know that their targets will self-select. You may think it sounds dumb, but you’d be surprised how easy it is to get somebody to jump at a chance for instant riches. And while that particular line might not work on you, there’s another that just might.

Always be suspicious of unsolicited requests for personal data. No legitimate business wants you to email your bank account information, nor will they reach out to you asking for that sort of stuff in an instant message. Never trust it, ever.

You can also look for signifiers like poor spelling and grammar. This is not an attempt to be elitist. Legitimate businesses run all customer-facing copy through numerous rounds of proofreading and legal review. Scammers will often purposefully use bad diction and syntax because they are targeting people who self-select as the kind of individual who doesn’t notice obvious red flags. In other words: scammers aren’t dumb, they want to know if you are.

2. Browser Security

Every browser is very different. A good rule of thumb with online safety is that convenience is the enemy of security. Keeping your private data safe will require you to use fewer of the services that make the Internet slightly easier. Hopefully, you’ll see that it’s worth it.

Why Private Browsing is Not Enough

You may be familiar with “Incognito Mode” in your browser, which is supposedly more secure than regular mode. This is true to an extent. A private browsing mode prevents your web browser from keeping a log of your activity locally. However, it only applies to the local record. Your online activity is still visible to your ISP and anyone who cares to look.

Choosing a Secure Browser

When you pick your browser, you want to look for one that isn’t going to accept cookies by default and does not store user data. Unfortunately, this does mean that you want to avoid options with built-in password managers when possible. Don’t worry, we have a solution for that below as well.

Generally, this means using a browser that is not quite as popular as others, like Tor, but has fewer vulnerabilities. Ultimately, you want to have several cybersecurity solutions in place to cover a range of potential attack vectors and secure several services.

Secure Your Other Browsers

If you insist on using a more mainstream browser, then take the time to learn how to secure it. Check the options for storing and clearing tracking files. Don’t use the onboard password manager. Remove as many personal identifiers from the settings as possible. Don’t enable sync with other devices or cloud storage in your settings.

You can also find some great browser extensions here.

The goal should be to keep as much under your personal control as possible.

3. Protecting Yourself on Mobile Devices

If you’ve used the Internet at all in the past decade, you’ve probably done so at least a little on a smart phone. Mobile devices have opened up a whole new way of interacting with the world. The ability to be online from almost anywhere is very enticing. The various services offered by mobile devices, from instant translation to directions on demand, make it almost impossible to function efficiently without a mobile device.

Data Threat Vectors

There was a time when it was difficult to attack phones and other mobile devices. But as functionality has increased, so have the potential avenues for attack. This leaves a number of mobile-specific services in a position where they could be the opening the means to get to your important files or records.

Ways to Improve Security on Mobile Operating Systems

First thing: never connect to public WiFi without adequate protection from a VPN (again, see below) and similar security services. When you do connect, make sure that the network you’re using is the correct one and not simply named to sound like it.

Be careful about what apps you load. Android and iOS both have app stores that heavily vet any programs on their network, but sometimes a malicious one will slip through. Moreover, Android devices make it much easier to “side load” apps, meaning install them without going through the Google Play Store. The safest approach to this is to never side load an app. If you insist, do the research to ensure it’s not only legitimate, but that your copy is from the original creator.

iOS devices are safer on the software side, but there are more hardware exploits for potential criminals to take advantage of. The best way to counter this is to ensure that your firmware and operating system are always up to date. That way, you can feel confident that known hardware exploits have been addressed on the software side.

SIM Hijacking

A less common, but potentially devastating cyber attack is SIM hijacking. This is where a bad actor gets enough details about you that they can simply call the phone company and transfer ownership of your phone number to them. You don’t even need to use the Internet often for this to happen. Since so many people sync data between their phones and related accounts, it could give them full access to all your important files, contacts, and more.

The easiest way to avoid this is by having another, non-public phone number attached to the account for authentication purposes. That way you can prove that you are you, even in the face of determined identity thieves.

4. Passwords and Vaults

We mentioned above that you should never use a browser’s built-in password manager. That doesn’t, however, mean you shouldn’t use a password manager at all. In fact, quite the opposite. It can be almost impossible to remember the best types of password, which is a good thing. Instead, we recommend an encrypted password manager or vault.

There are several of these available online. Instead of keeping your passwords on a local machine, it stores them in a highly encrypted Internet vault. By using 256-bit AES encryption, not only will your passwords be safe in transit from the vault to the website you want to log into, but not even the password manager knows what your login credentials actually are. 

Popular password managers like LastPass will even help you to create stronger passwords algorithmically. These are nearly impossible to break using brute force or similar techniques. And because the manager keeps track of your passwords for you, you don’t have to worry about remembering them.

On top of smart password creation, we also recommend using two-factor authentication whenever possible. This is a system where you attach another contact method to your account at creation, like a phone number. Attempts to log in from a new computer or mobile device are met with an additional challenge. Instead of just logging you in, the system may require an additional code that will be sent to the secondary contact on file. In most cases, only the owner will have access to this, so it reduces the chance outside bad actors will be able to log into your account, even with the correct password.

5. VPN

We would be remiss if we didn’t also recommend a virtual private network (VPN) as one of the best ways to protect yourself from cyberspying. In fact, it’s probably the easiest, most effective measure you can take since it requires almost no activity on your part.

How It Works

If you’re not already familiar with the mechanics of a VPN, it goes a little something like this:

  1. You connect your system to a VPN network
  2. The VPN creates an encrypted tunnel to send and receive all data through one of their servers
  3. All your communications are encrypted, then sent through this tunnel to their destination where they are decrypted

There is a bit more to it, and we encourage you to read more about what a VPN is, but those are the basics. A VPN uses strong encryption algorithms to protect your data so it can’t be read by third parties, masking your IP address to hide your physical location, and providing a buffer between your device and the wider Internet when you’re online. 

How It Protects You

It’s difficult to understate the value of reliable encryption and IP masking. A good VPN is the first line of defense against potential attackers. It guards even the most basic facts about you from being exposed online. It even can keep your ISP out of your business by hiding the type and content of data you’re transferring, rendering their internal logs useless to government agencies and advertisers alike.

And the best part? When you connect to the network, that’s it. You no longer have to do anything to secure your communications.

Regardless of how you use the Internet, you should take precautions to protect yourself from cyberspying. Use a VPN with strong encryption and IP masking. Get a private browser. Manage your passwords securely. Lock down your mobile device. And, most importantly, be smart about how you conduct yourself online. It will seem strange at first, but the extra effort to avoid cyberspying is worth it.