• https over http.
  In some cases, default links are set up as HTTP, such as when I first created my Bitly link (it’s a URL shortener), I noticed while copying the link they gave me that it had ‘http’ instead of ‘https’ (they still do). What’s the problem you may ask?
  Well, http transfers data in plaintext whereas https transfers data in ciphertext. Anything that goes in plaintext has a high probability to be accessible by unwanted black/grey hats (or even script kiddies), and if the link you’re sending is to be received by a single person only, then you obviously wouldn’t want that.

• Check your ports!
  Always a good idea to check those vulnerable ports, whereupon your data can be accessed. As a piece of good news, a free and open-sourced tool by the name of ‘Nmap’ exists, which helps to recognize the network traffic and possible routes to breach into your system.

• VPNs!
  Most people use them primarily to access forbidden networks or bypass regional restrictions, while some may use them with the intent to hide their IP address. But note that even though it adds a layer of hopping (which in itself can be insecure for a free one or even some paid services), it’s completely possible to track your IP from other devices connected within your home network (Alexa can giveaway for example), provided you’re using a router. It’s also possible that they can share your internet logs (redirected through their system, but trackable traffic for them nonetheless), especially when required by higher authority.

• Passwords!
  It’s kind of a useless tip coming from me since I realize most people wouldn’t (including myself) but in case you’re having a ton of online accounts, especially for situations such as when you apply for different jobs/internships and you need to create a job profile in each of the websites/portals separately - it can be a hassle making separate passwords for each apart from the procedure itself being tedious.
  It is a smart practice to have different passwords for all the different accounts you have as if somehow someone (in the worst case, your recruiter) gets access to one password, they can access everything else as well. (and that’s relatively simple since you must provide other social links on the job site plus your resume/CV as well, and they can try brute-forcing your password into those other sites)
  I would have recommended the use of password managers like Dashlane, but am not sure if that’s a great idea since the very idea of storing all your passwords on their servers seems risky. Changing passwords over time is also a good practice, but not a hard requisite if you’re careful enough.

• Never Log in any account over a wifi connection.
  If you haven’t realized this yet breathing in the 21st century, then rest assured - you can safely sit back and relax as someday you might get to watch someone else post on social media on your behalf or even better, use your valuable work-based accounts (and of course, access your money in the bank!). Standard Encryption schemes don’t lie in the premise of most Public Wifi zones, with WEP and WPA being very weak and weak respectively if someone knows how to break the ice between the host and their notorious devices. It’s better to have a wired internet connection for your home setup as well, instead of resorting to WiFi-based measures.

• Learn the art of Cryptography
  Not something I would recommend to anyone in general, but for the interested parties - It’s significant enough to have a basic knowledge of cybersecurity (and possibly even related terms such as cryptocurrency - yep, mostly those coins with a refurbished look of the letter ‘B’) and cryptography is the base topic to start with, as it deals with making cryptosystems which provides security with their encryption/decryption schemes. (There is always a turf war going on between offensive and defensive security exponents, much like how things go in Counter-Strike)

• Look for Easters!
  Out-of-the-box thinking often leads to amazing discoveries. Inspecting website elements, searching for loopholes in them, observing a particular trend of traffic redirection from some websites, detecting phishing, and much more - some things you should look out for.

• Make use of ‘Settings’
  Trivial yes, but small features that app developers invented for your Android/iOS phone, such as file sharing (which should be turned off) should be made use of. Likewise, there are different settings for your laptops/desktops that you should venture into as well.

• Get all domain names.
  This doesn’t apply if you’re not hosting any public website of yours. But if you do, it’s a good thing to buy all domain names - for instance, if your website is named ‘xyz.com’ then its preferable to buy related domain names of ‘xyz’ with extensions such as ‘.org’, ‘.io’, ‘.net’ etc. as someone else may have it up as say ‘xyz.net’ and the way the internet and ads work nowadays, all traffic could be redirected to that website instead of yours.
  It is costly to have all of them, but it saves your website from falling prey to other related websites with the same domain name but different extension(s).

• Get anti-virus + malware support + think thrice
  If you’re dealing with fishy USB flash drives and unwanted websites, getting products like Malwarebytes (not sponsored) and a good Anti-virus (I wouldn’t recommend any to avoid debate) is a must. Did you know that there are products like Recuva (not sponsored again, and I still think that ‘Necromancer’ was a better name) that can even bring deleted files back like bringing the dead from the alive? (Tip: the newest stuff never gets deleted as long as there is memory available. Newer stuff eventually replaces your deleted files in the bin) Most probably you didn’t. In correlation to that, quite obviously your browsing history and cookies are seldom deleted from your machine and ISP.

Thanks for reading, hope you stay secure! :)

Anirban

01/10/2020