Secure devices

Cybersecurity courses

Students Teachers Employees

Computers, phones, tablets, smartwatches, robotic vacuum cleaners, or network-connected centrifuges in the laboratory. All these (and many more) are devices that can be used to attack our cybersecurity. Therefore, we must protect them, both in terms of their physical protection and with an emphasis on their software and the data we store in them. In the fifth module, we will focus together on the general rules of device protection, talk about the use of encryption, and finally smoothly transition to the topic of the need for data and file backups from our devices.

General rules for working with devices

Lock, Lock, Lock

If you don't lock your computer when you leave the office and leave something like Facebook logged in on your browser, you're practically inviting a classic prank where colleagues post inappropriate comments on your social network under your name. But that's the least of what can happen. The device simply needs to be locked when we're not using it - otherwise, anyone can do anything on it, and all our efforts to set strong passwords or 2FA are completely useless. The need for physical protection also applies to phones and other devices.

What's mine is mine, what's yours is yours

My work device is my device, and my account is my account. Do we need to check work email, but our laptop is dead, and we only have our child's old home computer available? Are we sure their device is really secure? Or a classmate in a lecture can't connect to the eduroam network and asks us to log in on their device with our username and password. We politely refuse. Our work device is simply ours, and our login credentials are also ours; we don't lend them to anyone.

Private devices in work deployment

If we have a work device, we always use it preferentially for work tasks. But we don't always have our own work phone or laptop, so it may happen that we use private devices for writing work emails or processing invoices. If this is the case, we must really strictly adhere to all the principles from other modules, such as choosing strong passwords, having antivirus software installed (see below), etc. It is our responsibility.

It's worth suppressing curiosity

There's an abandoned USB stick lying on the windowsill in the hallway. Or someone left a memory SD card on a table in the library. Curiosity burns us, often with the idea of doing a good deed by finding the owner through the files on the "flash drive" or card and returning their lost memory. But we must suppress curiosity; this type of attack relies on natural human curiosity - and often successfully. We simply do not connect any unknown devices or media to our device because we never know what might be lurking on them.

Antivirus is still a necessity

Every day we download files from the internet and open documents from emails. Dozens and hundreds of files that can be potentially dangerous pass through our device. They can hide malicious code. Having antivirus software on your device that can identify and stop these potentially dangerous files before they cause damage is definitely necessary. Antivirus software also needs to be kept updated, but the program usually takes care of that automatically.

Update, even if it delays us

Yes, updating Windows at the moment we least need it (like when we have an important meeting in five minutes) is really annoying. But updates are not just new features and visual changes in the operating system - updates are primarily responses to discovered security holes. Therefore, we never turn off automatic updates, and if we are offered the option to postpone them, we only do so in very essential cases. These rules apply not only to the Windows operating system but also to all installed applications and programs and, of course, to the system on our mobile phone or tablet (e.g., Android).

Most systems and applications update themselves automatically (or notify us of the existence of updates and prompt us to install them), but it is still good to check that automatic updates are happening. If we find that they are not, it is appropriate to report and resolve this with IT support.

Devices are not just computers and phones

As the number of devices around us connected to the internet dramatically increases, so does the number of ways to attack our cybersecurity. In the era of the so-called Internet of Things, when our refrigerators, light bulbs, home security cameras, smart TVs, or laboratory microscopes are connected to the global network, we need to be on guard. Cases where attackers have exploited weak security of these devices and, for example, defrosted a refrigerator or scared apartment residents by turning lights on and off have been increasing in recent years. Most risks can be resolved with good old practices - strong passwords, regular updates, etc. However, solving some security risks of these devices is beyond our capabilities as users, but it is good to at least think about the risks. What could happen if an attacker, for example, gained control of my robotic vacuum cleaner? Can we imagine such a scenario? It might be more realistic than it seems.

Devices are not just robotic vacuum cleaners and smart bulbs

Computer, phone, tablet, smart bulb, or intelligent refrigerator... are we forgetting something? There are also devices that we don't hold in our hands every day like a phone or tablet, nor are they as sexy as modern smart home elements or smart equipment in the office or laboratory. These are all the boxes behind the desk and under the TV that connect us to the global communication network: Wi-Fi, routers, hubs, amplifiers, etc. They can also be the target or intermediary of an attack. At work, their security is handled by the cybersecurity team and IT department, but at home, we usually have to take care of them ourselves.

Encryption

We have already talked about encryption in connection with so-called E2E encryption. However, securing communication is not the only area where encryption can help. Have you ever forgotten your USB drive in a public computer or a public place? Anyone who found it could easily access all the files stored on it. Hopefully, they weren't any sensitive documents.

When we talk about encryption, we usually mean some (often very complex) mathematical process that ensures that the information we want to secure will be readable only to those who have the key to decrypt it. Encryption is a very effective method and we encounter it in many different forms.

Communication encryption - Nowadays, we commonly send sensitive information via email or communication applications. In the previous module, we have already shown that messages sent over the internet can be read under certain conditions - and that the solution is, for example, so-called E2E (end-to-end) encryption.

Web browsing - Browsing the web is nothing more than a constant stream of files, texts, and images between us and computers on the internet, so-called servers. This sending takes place through various protocols, one of which is the HTTP protocol. To ensure that our web browsing is a bit safer, its encrypted variant HTTPS is used. Today, most sites use HTTPS, allowing users, for example, to securely log into online banking or email accounts so that the information sent cannot be intercepted on the network.

Using VPN - A Virtual Private Network allows us to connect to the university network from home and use all the services and benefits of our institution as if we were directly at the university. Internet traffic is encrypted when using VPN technology, so no one can intercept, alter, or even monitor our activity.

Data storage encryption - So far, we have shown the use of encryption mainly in areas where information is being sent somewhere. But we can also encrypt the information we store somewhere and do not send anywhere - for example, files on our computer or phone. These can also be threatened, for example, if our device is stolen. Or honestly answer the question, how many times have you forgotten your USB drive somewhere so that anyone could have access to it and the data on it? If this flash drive were encrypted, no random finder would be able to access the data without the key.

Where sensitive information is handled, hard drives in computers are also encrypted. Imagine an attacker physically steals your laptop - they don't know your Windows system password, but that won't stop them from accessing your data stored on the laptop. How? They simply open the computer and remove the hard drive. They then connect it to their computer and can easily access the data on your HDD. However, only if your hard drive was not encrypted - in that case, the attacker will be out of luck.

Encryption is a powerful technology, but it can also be misused. Let's take a moment to discuss the topic of backups and ransomware.

I backup, you backup, we backup

The calculations might be a bit wild, but it is said that in the USA alone, 140,000 hard drives fail every week. In the rush of daily activities, we often don't realize what would happen if our disk went to the eternal hunting grounds. In the haste of digital lives, we leave files on the desktop of the computer or in the Documents folder on the local device, on the phone, or perhaps the tablet. There, our data is most threatened by two risks: unexpected device failure (or hard drive failure) and the threat called ransomware.

Ransomware

Ransomware is a malicious program that we download inadvertently from a spoofed email or it moves in without our knowledge when visiting an infected website. Ransomware then encrypts our data, blocks our access to the device, and demands a ransom for decrypting the data. The ransom is usually paid in anonymous digital currencies - and it's not a small amount of money.

Ransomware often puts you in a time crunch - "if you don't pay as quickly as possible, I'll start deleting your files." The malicious ransomware Jigsaw and its subsequent variants, for example, delete a few of your files every hour after encrypting them - the longer you delay paying the ransom, the more of your files irreversibly disappear. If you don't pay within 72 hours, everything is deleted. Dozens of variants and clones of Jigsaw ransomware have adopted this malicious time strategy, and today they may also threaten to publish your sensitive data and files.

So how do you defend against a ransomware attack?

  • Install antivirus software and keep it updated.
  • Update all your programs, web browsers, and operating system.
  • Back up your important data.

What to back up?

Prioritize! Not all files are equal, some are more important than others. A draft of a thesis or a draft of a scholarly article is certainly more valuable than funny pictures downloaded from Facebook. When ransomware strikes, we probably won't even open our wallet for funny cat GIFs - but for a bachelor's thesis almost ready for submission, we might be desperate enough to break the piggy bank. Therefore, it is not necessary to back up everything, but it is useful to segment your files, selecting the most important and essential ones.

Locally or in the cloud?

Copying a backup of a draft thesis from the desktop to an external flash drive is not the most optimal way - but even that is better than nothing. What other options do we have?

Cloud backup - Probably the most commonly used method today is the so-called cloud backup. In the cloud, we have data backed up immediately and accessible from our other devices at any time. Usually, we set everything up once and then forget about the backup - everything happens automatically. The fact that the data is "somewhere online in the cloud" carries other security risks, and it is good to follow the advice regarding strong passwords and 2FA. At AMU, we use the OneDrive platform for cloud file storage.

Local backup - Can be done on external media. Today, no one probably backs up by burning to CD or DVD discs, but an external hard drive can be a good choice. Here too, backups can be automated. There are programs that can automatically send backups of preset files and folders to the disk after connecting the external drive so that we don't have to do it manually. However, it is necessary to remember that backups must be done regularly, and we cannot leave the external drive constantly connected to the device - when ransomware comes, it will encrypt the connected external media (including such a USB drive), and backups on external media can also succumb to it.

Author: CRP-Kyber, edited and translated by Jiří Krčmář | Date: 21.09.2024