How many devices do you have at home? Plenty, no? Our physical life today is deeply entangled with our digital one. Best example: ask yourself where your smartphone is. Do you recall the nervousness and restlessness when you cannot find it immediately? Digital devices, i.e. laptops, tablets and smartphones, have become fundamental parts of our lives. We communicate with our friends and family, we take and store pictures and videos, we do Internet banking and shopping. Have you ever thought about the consequences if one or more of those devices was lost? Or stolen? Or compromised?
Our digital life today is centred around the laptops, tablets and smartphones we own. But have you ever thought about the consequences of those devices being stolen or compromised? Depending on the protective measures you have put in place, an attacker might be able to extract all the data from your device. All your personal documents. Bank statements. Confidential letters. Your private photos. Your family videos. Your music and videos. The attacker might use this material to blackmail you and extort money (see our Bulletin articles on “An old scam in a new disguise”, ““WannaCry”? The importance of being patched”, and “Ransomware - when it is too late..”). If your device is compromised and remotely accessed by the attacker, your private life becomes public. The attacker can follow online any activity on your device: registering every keystroke you make and waiting for you to type a password; taking videos or screenshots of your digital desktop, of all open windows, of your browser sessions and monitoring how you do Internet banking; enabling your web camera and your microphone to watch and listen to you while you believe you are safe in your home. All this gives an attacker ways to commit more crime. Going for the web services you have accessed, tweeting or posting in your name, buying at your expense, stealing money from your bank account, blackmailing you once more with the material recorded from your webcam and microphone…
So, protect yourself and your family! Protect your private life! And once you have done that, protect your professional life and your CERN devices, too!
1. Make sure that all your computers, laptops, smartphones and tablets are up to date. Have your operating system’s update mechanism enabled and ensure that it is automatically applying any new security patches. If possible, run some decent antivirus software on it, and remember that CERN’s antivirus software for Windows computers and Macs is free to you, even for home use;
2. Do not click on links or attachments sent to you in unsolicited e-mails (remember “Curiosity clicks the link”?). Instead, check the context first: is the e-mail addressed to you? Is it relevant to you? Does it look legitimate? If in doubt, contact us at Computer.Security@cern.ch. The same is true of browsing web pages. Watch where you click. Better to Stop – Think – Don’t click! Again, if in doubt, contact us;
3. Finally, back up your important data. CERN data should be backed up on AFS, DFS or EOS – services that are designed not to lose data. At home, back up to an external hard disk (but don’t keep it permanently connected!) or buy a network-attached storage (NAS) device. If you are blackmailed, it’s unfortunate, but do not pay any ransom.
…and check out our best practices.
Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.