You can read Part 1 and Part 2 of this article if you would like to, before continuing here.
Basic tips on Internet Safety (from my miniscule experience)
Scenario 1979 at my parent’s house:
My father would buy only Godrej Navtal (gleaming round brass) locks for the gates and house
Scenario 1990 at my house:
I was fascinated by the modern locks that we could lock without a key. Just press and it locks. The dainty key would be used to unlock
Scenario 2021:
I am more worried about my Virtual safety! Abstract clouds and passwords!
Gosh I love Alibaba (of the 40 thieves fame) who was so futuristic to have a password for his magical cave!
How do we keep ourselves safer in the Virtual world?
Victims of any crime undergo consequences, so victims of cybercrime are no exception. In fact, victims of cybercrime may face prolonged consequences as the cyber world is invisible and lurking, up there in the ‘cloud’.
-
On the phone:
Store your files and contacts on Google Drive and password protected cloud space instead of your physical phone storage. Save the important information (PIN/passwords etc) on your personal cloud storage (the preferred option would be to keep it on a password protected folder or the traditional method of pen and paper way, coded format (decipherable only by you and your legal heir - in case of emergencies) and locking it in a physical locker which you and your legal heir alone have access to. This can be accessed only by you with your password/credentials. It is safer than saving it on the Notes folder in case the phone gets misplaced/stolen. Use face recognition, thumbprint recognition, or pattern lock to open the phone
-
Phone password:
Use the face recognition/ fingerprint /pattern lock in addition to number/PIN lock (PIN can be cracked). I would like to mention that apple phones offer more cyber security than android phones. Disclaimer: I am not promoting iPhone; just stating a fact
-
Email:
Chrome has improved its safety features. Chrome has a tab (Settings) to check for password safety. Ideally, please do not use your/ family’s birthdates/anniversaries (however tempting). Nowadays most sites ask us to use upper case, lowercase, number, and a special character. Use the TWO FACTOR authentication wherever the options are. If you haven’t changed passwords in the past one year, then it is time to do so. You can also personalise your browser experience for individual profiles and keep it separate including synching your browsing data and other things.
-
Social Media and Internet:
Clear the cookies/browsing history frequently. It does make it difficult when you must sign into your preferred sites, but it is safer. Change passwords consistently and make them complex enough by having a combination of alphabets, numbers and special characters. Reach out to your friend when you receive a friend/connection request or a text on Messenger (FB, Instagram) before accepting
-
Posting personal pictures:
Be conscious of what you are posting. Is the picture showcasing your room? Your home? Your location? Your wealth and artefacts? Your travel plans? Any part of your personal information… ? I knew a friend (a doctor) who had the IT (income tax) department running behind him whilst he was posting his Europe tour pics! By the way, our real-time backgrounds on platforms like zoom/ google meet can reveal a lot. To add to this - it is the same with our personal posts. They can reveal a lot of important information about self, family and friends to predators.
-
Allowing browsers to save passwords may be easy but unsafe.
The safest is to use password management systems like The Last Pass. All passwords can be safely stored, edited, or selected in the vaults. The Last Pass is safe and it is easy to maintain.
- Recent versions of Windows come with Defender to safeguard against malware and virus. If this is not the case, then using anti-virus software such as Norton, McAfee, or other similar programs (some of which are available for free) can help safeguard your system against adware, malware, and basic digital virus. Do take care to use the respective company sites for authentic purchase and download of licensed software and the license key itself. For e.g. I wanted to download WhatsApp on my desktop. I found various sites offering the download, some which did not have a secure certificate tag on the address tab for the connection. I used the official WhatsApp website to download the desktop version or to use the web version of the app
-
Identifying Safe sites:
Safe sites would have a ‘lock’ icon (depends on the kind of browser you use) ahead of ‘https://’. On the Chrome browser address bar, just before the website address, you will have a drop down, which you can expand to view the website information in detail to understand more about what cookies are used, security of connection and more. In Microsoft Edge, you will find a lock icon right before the website address on the address bar.
-
Update Operating System
(Windows OS, Mac) on your computer or laptop when you receive the notification. Updating the OS on your phone is also equally important as newer versions improve the safety features which are part of the patch updates that are pushed. These updates might have fixes for the security lapses that went unnoticed when the software was originally released or the security lapses that get created due to the new technological progress that happens at an exponential pace
- Tempting job offers, festival discounts, surprise gifts, and lottery wins/insurance claim approvals lure us with easy-to-click bait links. They are called Phishing emails/messages. Be wary of such messages. Delete the messages and mails immediately, without clicking on those links that are being pushed
- Check the mail id before replying/ clicking links, by expanding the header of the email. This helps in ascertaining that the email was received from authentic sources. The domain name after the @ symbol shows the source from where the email originated. While the rest of the information in the email can be made out to closely resemble the source that it is trying to imitate, this information is the unique differentiator that will help with identifying the actual source. False ids are eerily like the original. Look out for the font/spelling/logo etc.
- Banks will never ask for our confidential information via message/call/mail. If ever you receive any call, especially requesting you to share the CVV of your Credit/Debit card or the OTP, just cut the call. Call your bank/relationship manager/visit the branch to verify the authenticity of the call. Listening to OTP on speaker mode is unsafe (laughable, because it is as good as leaving your home address on a public domain for anyone and everyone to have access to and not lock your entry/exit doors, gaining free access to your valuables and compromise your personal safety and your family’s, but I have seen people doing this).
- There is nothing called a free lunch in life, hence schemes/job offers that tantalize with this as a carrot are always a BIG NO
- Those who have teens and children please use the parental controls and have regular conversations on safety, both in real world and virtual world. Keeping it conversational helps remove the annoyance of a preachy theoretical top-down instructional mode. However you choose to do it, keep in mind that safety ought not to be compromised.
- Just as in the physical world, where Stranger Danger is a well understood and followed concept, even in the virtual world, be wary of strangers (they are those who you do not know outside the virtual space), seek second opinion, verify/clarify before acting
- In case of any fraud/cybercrime please REACH out (immediately) to the nearest police station to report as soon as possible. You can also report your cybercrime online at - www.cybercrime.gov.in
Stay Alert! Stay Informed! Stay Safe!!
Swapna Nair (Cyber Crime Intervention Officer)
Aarthi Prabhakaran (Behavioural Analyst, Parenting & Life skills Consultant, GenZ Parent)
November 2021