5 Bad Computing Habits People Needs To Stop
Building a habit is not a destination, but rather a process, for the purpose of arriving at the desired effect. There is no shortcut to building a habit, it takes a lot of time of repeated similar actions in order to produce a habit. This is the reason why it is very hard to break a long time habit, even in the world of personal computing and corporate computing. All of us basically have a 24/7 computer in our pockets, and it is very easy to continue the bad habits of computing from the desktop to a smartphone.
As we are in the age of GDRP and similar legislation in many countries in the world, firms need to train their employees to handle customer information. Bad habits are attack surfaces which phishers take advantage of, the easier employees trust a random message, the bigger trouble can happen to any companies. In this article we highlight some of these bad habits of computing that needs to stop:
1. The habit of trusting URL shortened websites
URL shortening services are like mushrooms on the Internet, their use increased thousands if not a million folds because of artificial restrictions in social media messaging (We are looking at you, Twitter). The danger of clicking a shortened URL is the lack of knowledge of the actual destination site, it may go to a malicious page or a phishing page. The bad news is the only time the user knows the actual destination of the URL is when he already clicked the shortened link, that means if the destination is malicious all is already lost. It is highly encouraged for everyone to maintain awareness of all the links shared in social media or in instant messages, stay-away from a shortened URL as much as possible.
2. The habit of trusting form webpages, even if it is not encrypted
We may not understand it at first, but the reality is phishing is a huge moneymaker right now for cybercriminals. Our data is like a treasure trove for them, as user data is the lifeblood of web services. Web forms from reputable sources are protected by TLS encryption, which can be verified on the address bar as it shows a green padlock icon next to the website address, indicating it is under an encrypted connection. A web form page without this green padlock icon means all the data submitted inside the form’s text boxes are sent in plain-text. The danger of doing that is anybody with the right tools can tap into the network or wifi connection can extract the data send without breaking a sweat.
3. The habit of trusting public wifi networks
When using public wi-fi, only submit information through websites that are encrypted. This is because any website interaction that uses HTTP-only webpages is not private, especially in a wi-fi network. The attacker only needs to download a network sniffer to capture the packets and extract information off non-encrypted traffic.
4. The next>next>next>finish habit of installing apps
Always read the fine print of software by not blindly clicking next>next>next>finish in the installation wizard. There are times that the software bundles 3rd party tools that the user may not need, this is usually how spyware gets installed in the system, as the user usually only accepts the default settings in a setup wizard. The software vendor is shielded from legal responsibilities since the user “consented” of installing the bundled spyware, because he just accepts the default due to next>next>next>finish bad habit of installing apps.
5. Using a password as it if is the one ring to rule them all
The Lord of the Rings is a nice trilogy movie, however, in the real world, such one ring (password) to rule them all is a terrible policy. The use of similar password across multiple online services is a huge risk as if a particular web service becomes a victim of a data breach, the attacker can use the extracted password credential database to brute-force password attack another web service.
Julia Sowells870 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.