Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 0 1 00:00:00,990 --> 00:00:06,240 How to protect yourself. Best practices. We divided this chapter in four parts, the first two will 1 2 00:00:06,240 --> 00:00:10,510 be focused on how to protect your devices and the last two will be focused more on your data. 2 3 00:00:10,950 --> 00:00:11,980 First, the basics. 3 4 00:00:12,240 --> 00:00:14,040 Let's see how we can protect those devices. 4 5 00:00:14,250 --> 00:00:18,720 And we're talking here about devices like smartphones, PCs, laptops, tablets and the way they're 5 6 00:00:18,720 --> 00:00:20,040 connected with the outside world. 6 7 00:00:21,940 --> 00:00:26,170 The first is the antivirus & firewall, and probably most of you already use one, and in general, the most 7 8 00:00:26,170 --> 00:00:30,940 vulnerable devices that should mandatory have one are the Windows machines, like laptops and desktops. 8 9 00:00:31,360 --> 00:00:35,140 It is highly recommended to use an antivirus and most of them include a firewall as well. 9 10 00:00:35,410 --> 00:00:37,240 And there are some free solutions out there, 10 11 00:00:37,390 --> 00:00:41,420 if you do not have a budget for a paid antivirus, if you want to go for a paid version 11 12 00:00:41,680 --> 00:00:47,410 most of the vendors like McAfee, Kaspersky, ESET, BitDefender and so on are offering licenses that can 12 13 00:00:47,410 --> 00:00:52,570 be used on multiple machines, so like that you can also secure the other devices in your family, including 13 14 00:00:52,570 --> 00:00:54,840 the mobile ones. If you want to install one, 14 15 00:00:54,880 --> 00:00:59,680 we will leave a link in the document from the resource section where you can find a list with free and 15 16 00:00:59,680 --> 00:01:00,580 paid solutions. 16 17 00:01:01,900 --> 00:01:06,280 Now that your device is partially safe due to the antivirus solution, let's see what's happening with 17 18 00:01:06,280 --> 00:01:11,410 your data when it goes beyond your device, when you connect, for example, to a public Wi-Fi, what 18 19 00:01:11,410 --> 00:01:14,630 most people don't know is that this is the easiest way to get hacked. 19 20 00:01:14,650 --> 00:01:16,240 But let's see how this scam works. 20 21 00:01:16,690 --> 00:01:21,730 We'll take an example with Bob as a regular user that once at the airport connects to an unsecured, 21 22 00:01:21,730 --> 00:01:22,780 free Wi-Fi network. 22 23 00:01:23,380 --> 00:01:29,650 Little does he know that this was created by Eve as a fake Wi-Fi hotspot to lure unsuspecting victims 23 24 00:01:29,650 --> 00:01:33,010 to join her network and enter their credentials on different platforms. 24 25 00:01:33,490 --> 00:01:39,040 The hackers achieved this by using locally hosted fake pages similar to popular websites like Facebook, 25 26 00:01:39,310 --> 00:01:44,430 and they will grab your credentials once you enter them, including a possible MFA code or even more. 26 27 00:01:45,310 --> 00:01:48,510 This information can then be used to gain access to other accounts, 27 28 00:01:48,730 --> 00:01:53,650 if, for example, you're using the same password on different platforms. Now that you know how you might 28 29 00:01:53,650 --> 00:01:54,200 get hacked, 29 30 00:01:54,460 --> 00:01:56,850 let's go back to see how the VPN can protect you. 30 31 00:01:58,460 --> 00:02:03,500 The VPN is basically a software that creates an encrypted tunnel from your device to the VPN server 31 32 00:02:03,710 --> 00:02:06,710 and everything that you access will go only via that secure channel. 32 33 00:02:07,250 --> 00:02:11,150 Most of the VPN solutions out there offer on Wi-Fi protection, 33 34 00:02:11,360 --> 00:02:15,920 and when you connect one on an unsecured network, the VPN will automatically connect, thus protecting 34 35 00:02:15,920 --> 00:02:18,440 you from the unfortunate scenario that we just saw earlier. 35 36 00:02:18,500 --> 00:02:22,850 You will find a link with the best solutions out there in the document from the resource section. 36 37 00:02:23,300 --> 00:02:28,490 But if you are traveling a lot and using mostly public Wi-Fi, you should maybe consider a paid version 37 38 00:02:28,490 --> 00:02:30,860 that offers, of course, better speed and connectivity. 38 39 00:02:32,510 --> 00:02:38,020 Now that we saw how public Wi-Fi can cause harm, let's go back to your cozy home, your safe zone. 39 40 00:02:38,360 --> 00:02:42,360 But is your home Wi-Fi really secure? If you're using a more recent equipment 40 41 00:02:42,380 --> 00:02:46,360 it probably is, since the hackable algorithms are not used by vendors anymore. 41 42 00:02:46,820 --> 00:02:48,830 But how can you check and make it safer? 42 43 00:02:49,700 --> 00:02:51,720 Well, there are a few easy actions that we can take. 43 44 00:02:52,040 --> 00:02:58,310 We are focusing our examples on the routers that are provided by your ISP, ISP means Internet service provider 44 45 00:02:58,550 --> 00:03:00,940 and is the company from where we get the Internet at home. 45 46 00:03:01,310 --> 00:03:05,470 But if you have a personal router, you should be able to modify all the settings below. 46 47 00:03:06,170 --> 00:03:08,420 Number one, change the default login. 47 48 00:03:08,930 --> 00:03:12,950 Most of the ISPs are using a certain pattern for default passwords, 48 49 00:03:13,160 --> 00:03:16,600 and if that is leaked, hackers may have your router's user/password. 49 50 00:03:16,910 --> 00:03:20,370 It is better to change the password of all the accounts you have access to. 50 51 00:03:20,960 --> 00:03:26,790 Number two, change your SSID, SSID means the name of your Wi-Fi network. 51 52 00:03:27,170 --> 00:03:32,030 This is due to the fact that your ISP uses a generic template for the name of the Wi-Fi network, 52 53 00:03:32,300 --> 00:03:35,090 like in our example, your ISP and a code. 53 54 00:03:35,600 --> 00:03:41,900 If there is any known vulnerability of some of your ISP's devices, hackers can just walk around and hack 54 55 00:03:41,900 --> 00:03:47,360 them because they can see the network's name. It's better to change it to something else or even further, 55 56 00:03:47,360 --> 00:03:49,260 securing your SSID by hiding it. 56 57 00:03:49,490 --> 00:03:54,890 We will leave a link in the document from the resource section with a Step-By-Step tutorial on how you 57 58 00:03:54,890 --> 00:03:55,760 can perform that. 58 59 00:03:56,330 --> 00:03:59,510 Number three, strengthen Wi-Fi encryption. 59 60 00:03:59,660 --> 00:04:07,760 There are currently three main algorithms, the WEP, Wired Equivalent privacy, the WPA, Wi-Fi 60 61 00:04:07,760 --> 00:04:15,860 Protected Access and WPA2. From these, as in our example, you should use the WPA2, or if your equipment 61 62 00:04:15,860 --> 00:04:23,360 supports the WPA-AES to address this, uses the cipher to protect transmissions and the encryption method 62 63 00:04:23,360 --> 00:04:25,490 that makes it almost impossible to hack. 63 64 00:04:26,580 --> 00:04:32,400 Number four, turn off remote management. From your router, you should be able to turn off the possibility 64 65 00:04:32,400 --> 00:04:39,450 for remote management in order to not allow external users to try to use and take advantage of any vulnerabilities 65 66 00:04:39,780 --> 00:04:41,420 or to brute force your password. 66 67 00:04:42,000 --> 00:04:45,990 Now that you know a few things, let's move to the second part of the securing your devices. 67 68 00:04:47,240 --> 00:04:52,130 In this section, we will talk about software updates, operating systems and apps, how to avoid being 68 69 00:04:52,130 --> 00:04:58,550 scammed by fake websites and why you should enforce the principle of least privilege if you have unexperienced 69 70 00:04:58,550 --> 00:05:00,270 users accessing your devices. 70 71 00:05:00,860 --> 00:05:03,980 Number one, you should always keep your software up to date. 71 72 00:05:04,160 --> 00:05:05,580 But why is really that? 72 73 00:05:06,290 --> 00:05:10,880 Well, it's because this is the easiest way hackers can exploit vulnerabilities and gain access to your 73 74 00:05:10,880 --> 00:05:12,350 devices, accounts and so on. 74 75 00:05:12,710 --> 00:05:17,750 When there is a major update that solves a critical vulnerability, the hackers will use it to find 75 76 00:05:17,750 --> 00:05:23,960 devices that are not updated and try to breach them using the information provided by the update. Number 2, 76 77 00:05:23,960 --> 00:05:26,750 enforcing principle of least privilege. 77 78 00:05:27,860 --> 00:05:32,150 If, for example, you have different users that are unexperienced to use your, let's say, Windows 78 79 00:05:32,150 --> 00:05:37,820 machines, you may want to create a separate account for them that doesn't have local admin rights and 79 80 00:05:37,820 --> 00:05:42,500 even further implementing some restrictions, like not having access to certain drives, folders and 80 81 00:05:42,500 --> 00:05:47,270 so on, to prevent any damage or accidental deletion of documents and software. 81 82 00:05:47,780 --> 00:05:54,380 Example, if they download an infected file, then without any local admin rights, the virus cannot do much 82 83 00:05:54,380 --> 00:05:54,620 harm. 83 84 00:05:55,120 --> 00:06:01,250 Number three, how can you avoid falling for phishing attempt or how do you actually see if a website 84 85 00:06:01,250 --> 00:06:01,700 is legit? 85 86 00:06:01,880 --> 00:06:03,530 Well, let's see 86 87 00:06:03,530 --> 00:06:08,330 in our example. There are a few steps to identify, for example, if a PayPal link is legit. 87 88 00:06:08,690 --> 00:06:10,880 Number one, always check the domain name. 88 89 00:06:10,880 --> 00:06:15,920 Scammers are becoming more and more creative and they are using subdomains like PayPal.YourPayment.net 89 90 00:06:15,920 --> 00:06:22,030 which looks legit because it has the PayPal subdomain and the other words are somehow related. 90 91 00:06:22,370 --> 00:06:25,130 But in reality, it's actually not an official website. 91 92 00:06:26,120 --> 00:06:32,180 To the second step is a bit more advanced because it involves diving a bit deeper into your browser's 92 93 00:06:32,180 --> 00:06:38,810 menu. If a website has the green address bar or as in our example, the lock, it means the connection 93 94 00:06:38,810 --> 00:06:43,070 is secure and no third party can eavesdrop and steal information. 94 95 00:06:43,580 --> 00:06:45,610 However, this does not make it safe. 95 96 00:06:46,750 --> 00:06:52,570 That's because you don't know who is on the other end of the connection, because the scammers can register 96 97 00:06:52,570 --> 00:06:58,510 an SSL certificate on the account PayPal.YourPayment.net and everything would seem to be 97 98 00:06:58,510 --> 00:07:00,160 OK from the browser's point of view. 98 99 00:07:01,320 --> 00:07:04,270 Fortunately, this information can be further checked. 99 100 00:07:04,290 --> 00:07:05,690 And here is how you can do it. 100 101 00:07:06,760 --> 00:07:13,300 In our example, we are using Google Chrome as a browser, you can click on the lock, click on certificate 101 102 00:07:13,720 --> 00:07:23,410 and in the new window check "issued to". In our case we should have their www.paypal.com, which is 102 103 00:07:23,410 --> 00:07:27,840 the official PayPal domain, and which means that the website is legit. 103 104 00:07:28,390 --> 00:07:35,650 If you have any other type of mixes, even if they contain PayPal, it's probably a scam website. 104 105 00:07:36,400 --> 00:07:41,800 You can find a link with further information in the document from the resource section. Now that you know 105 106 00:07:41,800 --> 00:07:45,730 a few things about how to secure devices and how they connect to the world, 106 107 00:07:46,210 --> 00:07:47,740 let's take a look at your data. 107 108 00:07:49,350 --> 00:07:50,100 The basics. 108 109 00:07:52,000 --> 00:07:55,870 We will touch here 4 areas, the first one, how to encrypt your data. 109 110 00:07:56,470 --> 00:07:59,020 We will focus this on Windows and Mac machines. 110 111 00:07:59,350 --> 00:08:02,920 For Mac, you have the file vault that can be directly activated. 111 112 00:08:03,140 --> 00:08:08,770 And for Windows, you have the bitlocker that is available on most newer Microsoft operating systems. 112 113 00:08:09,190 --> 00:08:13,390 And now let's see how complicated it is to encrypt your drive using a bitlocker. 113 114 00:08:13,810 --> 00:08:15,640 Can we make it in 30 seconds? 114 115 00:08:17,710 --> 00:08:23,980 As I mentioned earlier, this option is available on most newer Windows operating systems, but let's 115 116 00:08:23,980 --> 00:08:25,840 actually see how you can do it. 116 117 00:08:27,110 --> 00:08:32,420 You right, click on the drive that you want to encrypt turn bitlocker on. 117 118 00:08:33,830 --> 00:08:42,350 Then select different things like the password that you want to encrypt with, then next next, start encrypting 118 119 00:08:42,500 --> 00:08:47,930 and the encryption will be in progress. Depending on how large a drive is, it will take a longer or 119 120 00:08:47,930 --> 00:08:48,700 a shorter time. 120 121 00:08:49,340 --> 00:08:53,870 If you want to see all the steps, you can find the full tutorial in the document from the resource 121 122 00:08:53,870 --> 00:08:54,290 section. 122 123 00:08:56,050 --> 00:08:58,120 Next, how do you back up your data? 123 124 00:08:58,810 --> 00:09:04,140 Well, this can be done using one of the cloud storage solutions like Google Drive, Dropbox, one drive, 124 125 00:09:04,150 --> 00:09:05,290 Apple Cloud and so on. 125 126 00:09:05,920 --> 00:09:12,490 If you're OK, of course, with uploading your data to the cloud, or you can also do it locally, offline, 126 127 00:09:12,850 --> 00:09:19,090 using, for example, a Mac time capsule or other external hard drives with backup software embedded 127 128 00:09:19,510 --> 00:09:20,860 for Windows and Mac. 128 129 00:09:21,310 --> 00:09:25,420 We will provide a list with the available options in the document from the resource section. 129 130 00:09:26,320 --> 00:09:31,210 Since the backup is quite important, I will spend a few extra minutes here because I've heard this 130 131 00:09:31,210 --> 00:09:33,510 phrase quite often, what can happen? 131 132 00:09:33,520 --> 00:09:35,620 I have the new X brand is bulletproof, 132 133 00:09:35,620 --> 00:09:38,010 my data is safe, it was super expensive... 133 134 00:09:38,470 --> 00:09:41,440 Well, I should tell you a few stories that I lived. Once, 134 135 00:09:41,440 --> 00:09:44,330 my house was broken into and they stole my laptop. 135 136 00:09:44,710 --> 00:09:49,900 Fortunately, my drives were encrypted with bitlocker and the data was synchronized with Google Drive, 136 137 00:09:50,080 --> 00:09:53,170 so I didn't lose anything and they didn't have access to my data. 137 138 00:09:54,940 --> 00:10:00,160 Also, some years ago, I had many friends that were storing their data on external hard drives. 138 139 00:10:00,520 --> 00:10:03,870 They were quite cheap, but I don't really recommend it. 139 140 00:10:04,510 --> 00:10:09,010 Back when I used to work for a distribution company, I was often going to the guys at the service and 140 141 00:10:09,010 --> 00:10:13,100 guess what kind of devices were in a huge pile of broken items sent for warranty. 141 142 00:10:13,510 --> 00:10:17,830 I'll let you guess that... Nowadays the SSD external hard drives are much better, 142 143 00:10:17,830 --> 00:10:23,290 but still, I wouldn't rely on keeping your data on one single device, even if it's the most expensive 143 144 00:10:23,290 --> 00:10:24,760 and the shiniest on the shelf. 144 145 00:10:26,330 --> 00:10:32,480 As I work many years within the IT department, I got some crazy stories on how data can be lost, like 145 146 00:10:32,480 --> 00:10:33,680 the laptop was stolen, 146 147 00:10:33,950 --> 00:10:39,710 the laptop was run over with a car, forgot it in the rain, forgotten a train, dropped from the balcony 147 148 00:10:39,710 --> 00:10:40,370 and so on. 148 149 00:10:41,370 --> 00:10:48,480 So to conclude this, always keep your data in at least two different places and if you're using mobile 149 150 00:10:48,480 --> 00:10:51,970 devices, always keep an extra eye on them. 150 151 00:10:52,590 --> 00:10:58,680 And now, going back to our list. Three, as we saw earlier in the bruteforce section, we should always 151 152 00:10:58,680 --> 00:11:02,050 use strong passwords and do not use them across different platforms. 152 153 00:11:02,580 --> 00:11:07,080 We highly recommend you to use a free or paid password manager like LastPass, KeyPass, 153 154 00:11:07,090 --> 00:11:14,390 Lockwise, and please refer to the previous chapter if you didn't watch it yet. Four, MFA. 154 155 00:11:14,670 --> 00:11:15,930 But first, what is this MFA? 155 156 00:11:16,530 --> 00:11:22,020 Well, this acronym stands for Multifactor Authentication, which is an authentication method that enforces 156 157 00:11:22,020 --> 00:11:29,070 the user to have two or more authentication factors to gain access to a resource such as an online account 157 158 00:11:29,310 --> 00:11:30,750 application or device. 158 159 00:11:31,170 --> 00:11:37,170 The multifactor can be a mix of password, plus a code that you get via SMS, voice call or from an 159 160 00:11:37,170 --> 00:11:38,400 authenticator application. 160 161 00:11:39,490 --> 00:11:45,580 And now jumping to our example, we have two scenarios, Bob, with and without MFA. In the first 161 162 00:11:45,580 --> 00:11:51,280 case, Bob is able to login to his PayPal account using just the username and password. 162 163 00:11:51,610 --> 00:11:58,630 And in the second one, he needs an extra step an SMS message sent to his phone that he defined 163 164 00:11:58,630 --> 00:11:59,810 in his PayPal account. 164 165 00:12:00,340 --> 00:12:04,930 This makes it almost impossible for hackers to access his account unless, of course, they have access 165 166 00:12:04,930 --> 00:12:07,230 to his phone or clone his SIM card. 166 167 00:12:07,870 --> 00:12:12,400 So now that you know what it is, please use MFA whenever possible. 167 168 00:12:12,880 --> 00:12:15,270 Some platforms already force you to use it, 168 169 00:12:15,430 --> 00:12:18,040 and this is the best way to secure your online accounts, 169 170 00:12:18,340 --> 00:12:23,840 but even your own Windows or Mac devices. Adding an extra step keeps the hackers away, 170 171 00:12:24,100 --> 00:12:29,080 well, at least for now... We will drop a link with further details in the document from the resource 171 172 00:12:29,080 --> 00:12:29,510 section. 172 173 00:12:30,100 --> 00:12:32,110 And now let's see some further advanced tips. 173 174 00:12:33,970 --> 00:12:35,570 Further securing your data. 174 175 00:12:37,060 --> 00:12:41,110 My personal favorite, the 3.x backup, what does it mean? 175 176 00:12:41,410 --> 00:12:48,490 It's having a secondary device in case you lose/break your smartphone, a backup SIM, and some backup 176 177 00:12:48,490 --> 00:12:53,910 MFA codes written somewhere or embedded in your mind if you have such a good memory. 177 178 00:12:55,090 --> 00:13:01,000 Having all this will give you a door to access your account if your main smartphone is lost and you 178 179 00:13:01,000 --> 00:13:03,730 have, let's say, MFA activated for your main account. 179 180 00:13:04,730 --> 00:13:10,280 Second, the screen, what many people don't pay attention to is that if you're, for example, traveling 180 181 00:13:10,280 --> 00:13:15,680 a lot and sometimes working from the airport or public places, other people may see some confidential 181 182 00:13:15,680 --> 00:13:21,260 or personal information that they can later use, like, for example, your account and what password 182 183 00:13:21,260 --> 00:13:21,790 you typed. 183 184 00:13:22,750 --> 00:13:29,620 Please always be careful, and if you're using a laptop, for example, you can also go for a privacy 184 185 00:13:29,620 --> 00:13:35,150 screen so like that people cannot see what you have displayed at a certain moment. 185 186 00:13:35,860 --> 00:13:40,200 Third, always but always pay attention to your personal data. 186 187 00:13:40,600 --> 00:13:44,160 Always double check before you enter this information. 187 188 00:13:44,500 --> 00:13:48,990 If you consider that some information may be too confidential, it's most likely a scam. 188 189 00:13:49,510 --> 00:13:53,350 For example, a bank will never ask you for the PIN code. 189 190 00:13:54,400 --> 00:14:00,580 Always set an alarm in your mind to pay extra attention whenever some personal information are requested. 190 191 00:14:01,450 --> 00:14:07,480 Last but not least, the communication channels, as you know, recently, there were many discussions 191 192 00:14:07,480 --> 00:14:12,970 on the WhatsApp privacy rules and some messaging platforms were even cracked by the authorities like Sky ECC. 192 193 00:14:13,990 --> 00:14:19,420 Of course, there is probably no ideal app for communicating, but we will have a link in the document 193 194 00:14:19,420 --> 00:14:24,610 from the resource section with applications that are taking privacy rules seriously. And with this we would 194 195 00:14:24,610 --> 00:14:26,470 like to close the personal protection chapter. 195 196 00:14:26,920 --> 00:14:32,500 Now you know more about how you can protect your devices, how you can protect when connected to a public 196 197 00:14:32,500 --> 00:14:38,680 Wi-Fi, how to secure your home network, how to spot phishing websites, how to encrypt and backup 197 198 00:14:38,680 --> 00:14:46,540 your data, best practices for passwords, and what the MFA stands for, and how it can be used to secure 198 199 00:14:46,570 --> 00:14:51,730 accounts. As discussing the slide before you can find all the links in the document from the resource 199 200 00:14:51,730 --> 00:14:52,210 section. 200 201 00:14:52,450 --> 00:14:55,620 And if you have any questions, please feel free to ask us. 201 202 00:14:55,930 --> 00:14:58,390 Thank you and see you soon in our next chapter. 23366