The internet is an amazing place, without it we’d have been utterly lost over the past few years. It lets us stay close to our loved ones far away, make the most amazing friends, learn the most fascinating things, and buy the most esoteric goodies we can think of. But it has a dark side, and and the only way to stay safe is to understand the threat — who’s out to get you, what do they want, and how are they trying to get it? The technical minutia change all the time, but who the baddies are and what motivates them changes surprisingly little. Believe it or not, each and every one of us has something of value to the baddies, so we all need some digital street-smarts to help us steer clear of trouble!
This summary was written by AI and may contain inaccuracies.
Cybersecurity and Resource Sharing at NMUG Meeting
Mike welcomed everyone to the Nmug meeting and highlighted the availability of resources on the Nmug website, including meeting notes. Upcoming meetings were announced, including one with Mike Mathews and another aimed at beginners to understand the message board better. bart, a cybersecurity expert from Maynuth University in Ireland, presented on how to stay ahead of cyber threats. He emphasized the importance of not panicking and the power individuals hold in ensuring their safety. He referred to a Microsoft report that highlighted the significance of basic measures in keeping one safe. bart also mentioned the existence of five business-related aspects that would be revisited later to translate technical aspects into simpler terms.
Cybersecurity Threats and Defense Strategies
Bart stressed the importance of understanding potential threats in the realm of cybersecurity. He noted that cybercriminals, primarily driven by profit, target individuals’ financial resources, cryptocurrency, data, accounts, and computer resources. He suggested that the best defense is to make oneself unappealing to hackers by not being an easy target. While nation-state actors were acknowledged as a significant threat, they were not highlighted as the primary concern for most people. bart also discussed the tactics used by cybercriminals to generate profit, including trickery and extortion, and explained the lengths to which they might go to take over targets’ devices. He emphasized the need for awareness and alertness to protect oneself and one’s technology.
Vigilance, Rationality and Digital Literacy for Defense
bart stressed the importance of vigilance and rationality in defending against potential threats, emphasizing the value of digital literacy and deliberate, informed choices. He introduced the concept of following the money as a way to identify potential problems and cautioned against deals that seem too good to be true. bart also warned against emotional manipulation by scammers and advised vigilance in identifying red flags in communications. He emphasized the importance of staying rational and not rushing into decisions, as once our logic is off, our shields are down.
Cybersecurity: Beware of Suspicious Emails and SMS Messages
bart stressed the importance of caution when dealing with suspicious emails or SMS messages claiming to be from financial institutions. He warned against giving out personal information or passwords and advised individuals to be aware of red flags such as anomalous language, grammar, and knowledge. bart also emphasized the importance of good digital hygiene, advocating for the use of a password manager and two-factor or multi-factor authentication. He explained the hierarchy of different methods of two-factor authentication, preferring hardware tokens and push notifications with number matching over push notifications without number matching and SMS messages, which he considered the weakest option. He concluded that length is more important than complexity for passwords and that they alone are not enough for security.
Online Account Management: Bart’s Guidelines
bart discussed the importance of managing online accounts and passwords. He emphasized the need to avoid creating accounts where they are not needed, to use different accounts for personal and work activities, and to delete unused accounts to prevent them from being easily hacked. bart also cautioned against using social media accounts for sign-in and recommended using Apple or Google accounts instead. He further stressed the significance of using two-factor authentication, having backups, and not sharing more data than necessary. Lastly, bart emphasized the need to take care of one’s iCloud account and to be careful with personal data such as government IDs and credit card numbers.
Software Updates and Protection
bart emphasized on the importance of regularly updating software and operating systems, and the dangers of using outdated software that is no longer protected by updates. He advised not to turn off built-in protections in modern operating systems and to use antivirus programs on Macs. He also warned against pirating software, as it is often riddled with malware, and instead suggested obtaining software from trusted sources. bart stressed the importance of being vigilant and not installing anything that is not needed, and to seek advice from trusted sources when unsure.
Password Security and Protection
bart and Chita discussed the safety of passwords and online security. bart advised that everyone’s usernames and passwords have likely been stolen at some point. He suggested using short but complex passwords, and not reusing them across multiple accounts. Rob shared his concern about the security of Apple passwords and asked for advice on protecting his iPhone. bart suggested using a shorter, but complex letters-only password, and enabling the feature that locks the phone after multiple failed attempts. Chita mentioned an option that requires a second passcode for security. In the end, Hank asked about the growing list of websites and companies that are starting to work with pass keys, with bart confirming that Amazon recently joined this initiative.
Feature Development & Digital Literacy Discussions
bart and Hank discussed the current phase of a feature that is still not fully developed. bart suggested that in a few months, it would be easier to provide simple answers regarding this feature. Rick asked for bart’s recommendations on antivirus programs, to which bart suggested Intergo, a Mac antivirus that seems technically very good. bart also clarified to Gill that antivirus is not applicable for iPhones in the same way it is for computers due to Apple’s security measures. Finally, bart touched on digital literacy, emphasizing the importance of understanding domain names and the padlock icon in web browsers. He also mentioned the misunderstood use of badges on social media.
Identifying Apex Domain in Urls and Emails
bart emphasized the significance of identifying the ‘apex domain’ in web addresses, commonly known as Urls. He cautioned against Urls that include the apex domain after the first forward slash or within the question mark, which could be deceptive and potentially lead to malicious sites. He also explained the process of identifying the correct domain name in an email address, noting that the part to the left of the “@” symbol is irrelevant, while the rightmost part of the domain name is what should be examined. bart also discussed a trick used by some to intentionally misplace expected information, which he described as proactively malicious.
Online Safety: Understanding URLs, Emails, MFA, and Trust Principles
bart emphasized on the importance of understanding how URLs and email addresses work to keep oneself safe online. He highlighted the significance of the padlock in the browser, explaining that it doesn’t necessarily mean a site is safe, but rather confirms that the server you’re communicating with is at the URL stated in the address bar. bart stressed the importance of checking the apex domain to ensure you’re on the correct site. He also debunked the misconception that a padlock guarantees the site has been vetted or is trustworthy. bart also discussed the significance of Multi-Factor Authentication (MFA) and applying ‘0 Trust’ principles, which means assuming there is no secure edge and implementing security measures on all devices. He advised keeping banking and regular browsing separate, assuming any weird email is malicious, and keeping data protected. bart concluded that implementing these measures can protect one from 99% of attacks.
Pass Key Security and Synchronization
bart gave a presentation on the use of pass keys for security. He clarified that pass keys are secure as they do not require the website to keep a secret, making them impossible to lose in a website breach. However, he acknowledged that cross-platform synchronization of pass keys needs improvement. The team discussed the process of deleting unused accounts, with bart suggesting that stopping payment could lead to account deletion on some websites. bart also advised on the use of antiviral protection and clarified that the free version of malware bytes is effective if run regularly. He further explained the impact of encryption on the workflow, stating that modern computers have a dedicated chip for encryption. bart also addressed questions about the synchronization of pass keys between Apple devices and Google. He predicted that within the next year, more websites will adopt pass keys.