When I sat down to write this article, the first thing that popped into my mind was the classic comedy Home Alone. I thought it was the Christmas spirit doing its thing. However, after rewatching, I left with a new appreciation of little Kevin’s security efforts.
The poor lad didn’t know his house resembled a luxurious treasure chest. With the fancy automatic light timers (it’s the early 90s!) and modern door locks, you just know there’s something good inside!
Jokes aside, it’s a common misconception that there’s no such thing as too much security. After all, you cannot be too safe. But as in the Home Alone example, you can, unwillingly, draw too much attention. The same logic applies to computer systems – the main topic of this article.
Having too much security can be nearly as dangerous as having none. So let’s shed some light on the issue and start with the basics.
Table of Contents
Two decades ago, cybersecurity was a catchword that hackers said in movies. It seemed as if it had something to do with the Matrix. Right now, it’s a priority issue during business meetings and personal responsibility for casual Internet users. A growing interest in cybersecurity is revealed by looking it up on Google Trends. Over a decade, the Search Interest grew from barely noticeable to the top positions.
The first introduction to cybersecurity is often unpleasant. Whether a computer virus infection or a stolen social media account, it makes one wonder: what else could happen?
Sadly, you should imagine the worst. Two years ago, Germany reported the first death directly linked to a cyberattack. In the tragic incident, a woman could not receive life-saving treatment because a ransomware attack paralyzed the hospital. A year later, ransomware attacked Ireland’s healthcare sector, denying the necessary treatment for thousands of patients.
At the same time, there’s an increase in cyber attacks against individual users. In 2017, WannaCry ransomware infected over 300,000 computers demanding a ransom to restore their functionality. Covid-19 healthcare-related Phishing scams are a more recent example. More and more businesses and regular Internet users get to know cyber threats tête-à-tête.
The urge to protect oneself online is complimentary. But sometimes, too much security can produce the opposite results. What’s the correct way of doing it?
Cybersecurity is extremely complex. Analyzing cryptography curves, Wi-Fi handshake cracks, or Stuxnet can blow your mind. Cybersecurity veterans are among the best-paid professionals in the current IT environment.
Luckily, their systems are developed with ease of use in mind. After all, what good is a cybersecurity system if no one knows how to use it?
Cybersecurity software is in huge demand. Businesses rush to implement information security to adhere to GDPR requirements. Covid-19 accelerated WFH policies and increased VPN demand by 224% in Egypt, 80% in France, and more than 40% in many other countries. Simultaneously, casual Internet users hasten to protect their Instagram, Steam, Spotify, and other online accounts. An (almost) annual Facebook data-leak fuels the fire.
So, where to start? There is no single answer to what software you should use first. It depends on the circumstances. For example, securing an Instagram account is your top priority if you’re a successful Instagram influencer. Because most Instagram account hacks relate to password hacking, you should consider using a reliable password manager.
On the other hand, maybe you’re not a fan of social media. You enjoy traveling. Often it’s accommodating to use public Wi-Fi spots when mobile data is unavailable. However, public Wi-Fi frequently lacks sufficient cybersecurity protocols inviting hackers to hack its users. In this case, you should look into VPNs that encrypt all online data flow protecting it from third-party spectators. If you plan on uploading travel videos and pictures to the Cloud, make sure it provides a secure storage space with additional data-at-rest encryption. It will prevent negative consequences from data leaks.
Business owners should introduce themselves to a layered cybersecurity model. Dividing corporate computer networks into separate segments makes them more manageable. Moreover, protecting each segment is easier than guarding the whole system.
On all occasions, security barricades should not overlap but complement each other. For example, you could have an AntiVirus on the network gateway and another installed on employee devices. The incoming traffic is scanned upon entering the network and rescanned on a device level – complementary procedures.
However, if you put too many security measurements on the gateway, they will start interfering with each other. To prevent this, avoid overloading your network with different cybersecurity applications. Carefully select the required software for very specific purposes. That brings us to the final question.
Firstly, let’s consider personal data safety. It’s no secret that BigTech corporations and governments collect vast user data. Facebook uses it for advertising, Google feeds it to its secret search engine algorithms, and China surveillance is an entirely different issue.
Online privacy is especially important for journalists and political activists. I once sat down for a conversation with a political activist regarding privacy protection tools. She showed me her laptop setup, which was nothing short of breathtaking.
The software package contained:
- A Virtual Machine.
- TOR setup with IP auto-rotation.
- Extensions for disabling trackers and deleting cookies (imported from Firefox).
- HTTPS Everywhere extension.
- An alternative user agent string.
Separately, all of these provide efficient online privacy solutions. However, they all at once generate the opposite effect, called anomalies. Most online websites have tracking methods for gathering data on user devices. When confronted with such a setup, it immediately marks it as suspicious activity.
For example, TOR has integrated forced HTTPS encryption since version 11.5, making this additional extension useless. It does, however, interfere, and some websites will see the extension is on. A rotating IP address won’t protect against contemporary tracking methods like Canvas Fingerprinting. An alternative user agent string conflicts with a Virtual Machine, which already pretends to be something else.
Moreover, browsing with such a setup is tedious. Often it messes with the screen layout, and cookie auto-delete forces repeated logins on all password-protected sites. Furthermore, it will happen with a new IP each time, alerting the website of suspicious activity.
In other words, too much security works as a beacon, like a luminous Home Alone house. The same applies to businesses. An unnecessarily large cybersecurity system can attract unwanted attention.
To summarize, it’s excellent to take the initiative regarding digital safety. But it’s best to resist the urge to install as many security programs as possible. Carefully consider the vulnerable parts of your devices and secure them, drawing as little attention as possible.