This is an old revision of the document!
Basic security measures
These are relatively simple security measures but they will have a major impact on the ease at which political enemies and criminal elements can disrupt our activities.
Securing a computer or phone
Firstly, it is necessary to secure any computer or phone that is being used to log in:
- That is, there must be anti-virus software installed.
- Security updates to Windows/MacOS/Android and other software must also be installed. Preferably, they should be set to install automatically, but, if that is not possible, they should be installed as soon as the notification appears.
- Care must also be taken not to install dodgy software. That could be apps on your phone or browser plugins.The Android store in particular contains thousands of dodgy apps and care should be taken when installing new apps.
Web browsers
Secondly, most browsers (including Firefox and Chrome) are notoriously ridden with security holes, many which are not yet publicly known. Determined attackers could use these to steal your information simply by tricking you to visit a specially crafted website. They can easily produce very legitimate looking emails masquerading as coming from your bank, internet provider, phone company, Facebook, Amazon etc., but where links will send you to such a malicious site.
- If you receive something from e.g. Facebook that needs your attention, manually open a new browser window and manually type the URL for the website and login there.
- All Yahoo users’ address books were compromised a couple of years ago, so be extra careful when clicking on links that come from yahoo addresses, including people you know.
- Also, never click on any links in spam email, or links randomly sent to you by strangers.
Secure passwords
Thirdly, use strong passwords: How to secure passwords?
Social engineering
According to Wikipedia, “social engineering is the psychological manipulation of people into performing actions or divulging confidential information”. An attacker will try to exploit your reactions to get you to give them information such as personal details or passwords.
Here are some basic techniques to protect against this:
- Be wary of anyone contacting you out of the blue asking “innocent” questions.
- Never reply to requests for personal information or passwords. No one will ever legitimately ask you for your password, not even for verification of your identity.
- Reject requests for help or offers of help. An attacker might pose as technical support and offer to “help”, but no computer support will contact you unless you have contacted them first.
- “Break the loop”. Most attacks try to force you into a sense of urgency. But what is the rush? Slow down, and always take the time to think. If someone is rushing you, that in itself is a major red flag.
- Ask for verification of identity. Research it, and don't trust it blindly.
- All offers and prizes or sent to you are fake. (“Get the latest iPhone for only 200 euros”, “Fill out these questions, win a ferret”)
Pay attention to how you react to something. More often than not these attacks will try to elicit an emotional response and then exploit your impulses.