How to Communicate Safely over Internet?

Almost all the work in today’s era is done online. Internet usage has drastically increased. Here, everything is in the form of  “data” and as we use more and more internet so does the data increase. As the data increases so do the risks associated with it too. Data needs to be protected and secured so that the data should be accessible only to those we want and without permission, nobody else can copy our data. Hence to ensure data security, confidentiality and integrity we need to be well aware with practices we should do to keep our data safe and what are the risks associated with data. 

In this article, you will first know about secure connections. The need to know and understand secure connections is that data sharing, uploading, downloading, etc is all done when we are connected to the Internet. This connection to the internet is done with help of a network. So the very first area of risk is the connection itself. If the connection is not secure then our data can never be secure. Then you will know about eavesdropping and phishing. Eavesdropping and phishing are a particular type of cybercrime that risks our privacy and confidentiality of data. The last topic of this article is identity verification which specifies how are we uniquely identified on the Internet, what is the need for identity, and a secure way of identity verification. 

Secure Connections 

When we connect to the internet over a network, there exists a connection based on some protocols that allow the transfer of data over the internet. This connection needs to be made secure in order to protect our data. Hackers, attackers, stealers try to hack, manipulate or steal the data for monetary benefits, knowing personal details of a person, business, or political reasons. Hence it is very important to ensure that the network connection made should necessarily be a secure one. When we make a secure connection it ensures that our data is encrypted and protected and nobody else than those two individuals or organizations which are transferring data gets to know about that data. It also ensures the authenticity of the other person with whom we exchange the data. It disables all third-party applications that may try to steal our data.

To secure our data over the network we can use data encryption or channel encryption techniques. To secure our network itself we can enable firewalls, use intrusion detection systems, install antivirus on our system, and much more. Data encryption is the process of encryption data by converting it into a certain code format or generating an encryption key for the data that is known to the ones who are exchanging data. A firewall is a hardware or software or both designed to prevent unauthorized access to/ from a computer or even to a private network and antivirus is software that scans our system against viruses, corrupted files, trojans, etc and separates them from other files of our system so that other files are not affected by those viruses.

Eavesdropping

Eaves means “ears” and dropping means “to listen secretly”. Eavesdropping simply means listening to someone’s private conversation secretly. Eavesdropping was earlier done in the real world, it is in fact the most common thing humans do. But even in the digital world eavesdropping exists. Digitally eavesdropping is an act of interfering communication occurring between two points of a network. Also nowadays we hear about smartphones eavesdropping. Reports have been made by many people that their smartphones eavesdrop on their conversations and targeted them with similar advertisements.

Another type of eavesdropping is network eavesdropping. Data is transferred in packets over the network from one place to another. These data packets can be captured by eavesdroppers (one who does eavesdropping) if we have not encrypted or secured our connection or data. This is known as network eavesdropping. An example of eavesdropping is Voice over IP (VoIP). Calls made over IP sessions can be recorded by eavesdroppers using analyzers and those recording are converted into audio files for further unauthorized usage. Apps on android phones eavesdrop using microphones. Whenever we install apps on our smartphones we grant them access to microphones. These apps run in the background and may record our conversations.

Steps to avoid eavesdropping:

• Always make strong passwords. A strong password is of minimum length 8 and must contain numbers, alphabets, and special symbols.
• Make different passwords for different accounts. Do not use the same password for all your accounts. This is what most people do and end up troubling themselves. Also, keep changing your passwords after a certain amount of time.
• Ensure that the network you are connected to is a secure one.
• Do not use public wifis. Also if you are using the internet in a cafe make sure you use the browser in the guest mode so that none of your history is saved.
• Do not share passwords over calls, messages, or in public places. If your network is not secure or there is a middlemen in between then they may get access to your accounts and misuse them.
• Learn about cybersecurity so that you know what all cybercrimes exist and how to keep your data and system safe and protected from them.

Phishing

The most common type of attack occurring nowadays is phishing. People receive emails of winning cash prizes or being the lucky person selected in a survey of say lakhs of people or they just hit a jackpot randomly. You may open the links present in such kinds of mails and end up entering sensitive information sometimes even banking details. Attackers gain access to all these data and they might end up transacting all the money from your bank. This is known as phishing. Fraudulent emails, calls, or messages are the most common ways to practice phishing. It is a kind of social engineering attack. There are several types of phishing such as Email phishing, Vishing (Voice phishing), SMS phishing, spear phishing, etc.

The pronunciation of phishing is “fishing”. The reason being attackers consider victims of these attacks as “fish” and they lure them by a bait ( say fraud jackpot mails, or by fraudulent calls or messages). As the fish try to catch the bait and end up troubling themselves so do the victims of phishing attacks.

Steps to avoid phishing:

• Do not click on random links. Always verify that the link you are clicking is either known or “https://” secure.
• Do not share personal or confidential information over calls. People get fraud calls that their card has expired and they need to share some details to renew and they unknowingly share details on calls. Always remember “All the banking work requiring personal details is always done in the bank. Bank people will never call you asking you to share your details on calls.” Such kinds of calls are usually fraud calls.
• Always keep your browsers, operating systems, mobile phone apps, etc up to date. There is a high risk of older versions of browsers, OS, mobile apps getting attacked, hacked by attackers and hackers.
• Install the anti-phishing toolbar. Your browser provides you with add-on plugins or extensions that may warn you and tell you that this site or message is suspected of phishing. Examples are- Bitdefender traffic light, Avast online security, etc.
• Use antivirus software. Some of the antiviruses are Quick heal, Norton, Kaspersky, etc.
• Stay up to date on recent fraudulent activities. Newspapers, news channels, certain verified social media accounts always share information about any kind of fraud currently going on. You must know about them and stay vigilant and aware.

Identity Verification

Everyone in school has their own identity cards as these symbolize your identity. Identity verification is done in the real world everywhere in schools, banks, public events, as they serve to be the source of truth of that individual. Similarly, in the digital world, too identity verification is important and is done to verify your identity as an individual. Let’s say you want to make a Facebook account. As you open the Facebook page it asks you to signup or log in. What is the need for signup or login option? It is needed to verify you as a user and give you a unique identity that solely is yours so that no other person can impersonate you without being actually you. In today’s time almost all websites, platforms demand users to signup so that they can verify if the user is legitimate or not. This also enables them to keep the individual user’s data safe and secure. There are several ways to do identity verification. One of them is 2 step verification. Let’s look it in detail.

Two-step verification

As almost all the existent sites ask users to enter usernames and passwords in order to login and use their services. Hence, it becomes difficult for users to remember all these passwords and usernames. Many of the users end up creating the same passwords on several sites or creating weak and easy passwords. Therefore, it becomes easy for the attackers to guess the password and gain access to the user’s account. Also creating a username and password is not one of the safest ways to protect data. To prevent all the above-mentioned risks comes into picture two-step verification. Two-step verification ensures double-checking of your account. Consider a situation where you have done some online shopping and want to pay the bill online too. You login to your bank account and then while paying the money it asks you to enter an OTP (One Time Password) before you do the final transaction. Now even though you’re paying by logging into your own account it still asks you an OTP sent to you on your registered phone number. This is known as two-step verification. Two-step verification ensures additional security to the user’s account.

Sample Questions

Question 1. What is the need of establishing a secure connection?

Solution:

Nowadays secure connection is necessary. It protects your data or personal information from hackers, stealers, or attackers. These people steal your personal information for monetary benefits. 

Question  2. How can we secure a network?

Solution:

To secure the network follow the following points:

• Always enable firewalls. 
• Always update your computer system. 
• Always use intrusion detection systems.
• Always install antivirus on our computer system.
• Always use a strong password 
• Always turn on encryption.
• Always use virtual private network(VPN)

Question 3. What is eavesdropping?

Solution:

Eavesdropping is also a type of cybercrime in which a person(attacker) listen to someone(target)’s private conversation secretly without their consent and uses the gathered information to harm that person. 

Question 4. What is phishing? Mention two types of phishing.

Solution:

Phishing is a type of cybercrime in which the attackers lure the target by sending fraudulent emails, SMS, etc. and get their personal information like their bank detail, credit card information, etc. for monetary benefits. Vishing( Voice phishing) and Smishing(SMS phishing) is the type of phishing. 

 

Question 5. What is identity verification?

Solution:

Identity verification is the most important process both in real or digital world. Identity verification is a process that verifies that the identity of the person matche with the one that is suppose to be. It prevents fraud persons. In digital world, it is done by creating username and password to verify that the account and the user are legitimate.