HOME
NEWS

Cybersecurity Myths You Might Still Believe – Debunked! By Sophos Home


By VARINDIA - 2022-01-04
Cybersecurity Myths You Might Still Believe – Debunked! By Sophos Home

Over time, the state of cybersecurity evolves. New threats emerge, but so do new security technologies. As encryption has become more prevalent, many threats that were once serious have been diminished. Other attacks that were performed once or twice as a proof of concept never evolved into the widespread threat that we were warned they could.

 

Your online safety practices should make you feel safe and comfortable. But there’s real value in knowing which threats are serious, and which ones are mostly hot air. Sophos Home debunks five common cybersecurity myths.

 

1) Juice jacking – don’t charge your phone via a public USB port

 

One common piece of travel advice is to avoid using public USB ports to charge your devices. Because USB can transmit data as well as power, the story goes that bad actors might place fake USB chargers in outlets in places like airports and coffee shops. When you plug your phone in, these rogues could steal the information stored on your phone. The practice even has a name: “juice jacking.” And it got a huge boost in awareness when the Los Angeles County District Attorney’s Office spoke out against it.

 

There’s just one problem: like urban legends of razor blades in Halloween apples, it’s technically possible. But nobody’s actually doing it, aside from some initial proof of concept attacks at events or conventions. In fact, when TechCrunch followed up with the LA County DA’s office about their warning, they admitted that they didn’t actually have any confirmed reports of juice jacking they could point to.

 

If you want to play it safe, it doesn’t hurt to bring your own portable battery when you leave the house, or to charge your devices at an outlet. But don’t be scared to use a public USB charger. Most modern phones will warn you if data is being transferred, and the likelihood that it will happen at all is far lower than the awareness-raising campaigns makes it seem.

 

2) Tap-to-pay cards are targeted by criminals

 

Tap-to-pay cards have been used around the world for a long time, and as the technology finally started coming to the U.S., it was greeted with suspicion. Some people worried that touchless transactions could be carried out by thieves. You can actually buy special wallets that block the radio frequencies these cards use to protect yourself.

 

The truth is that swiping these cards would require someone to stand incredibly close to you for the several seconds to ring up the transaction. You would almost certainly become uncomfortable and move before they succeeded. But suppose someone did swipe your tap-to-pay debit card. What are they actually stealing?

 

Your tap-to-pay card uses a process called tokenization. For each transaction, your card generates a new set of numbers and symbols for verification. If someone managed to get close enough to you to swipe your card, they’d wind up copying your token for the next transaction. So they could only use your stolen info once. And they couldn’t spend much, because tap-to-pay cards have a transaction limit on every tap.

 

The limit varies across countries and vendors. Visa and Mastercard tap-to-pay cards have a maximum of $250, while Apple Pay requires a signature for anything over $50. That means your fraudster would wind up with a limited amount of money, that they could only spend in one transaction. On top of that, they’d need to spend the money before you did. Since your card generates a new token for each swipe, if you used your card before they did, their copy of your token would be rejected.

 

If that sounds ridiculously complicated, it is! It would be a tremendous amount of effort for an extremely limited payoff. The fact is there are much easier kinds of theft to commit. Anyone looking to commit credit or debit card fraud will have a much easier time doing so with an old-school magnetic strip card.

 

3) You should always use a VPN

 

The question of when and whether to use a VPN is complicated. The short and simple answer is you should always assume someone is tracking you on the internet. How much you care about that and what you choose to do about it is up to you. Your traffic is being snooped on by most of the people who handle it, including your internet service provider, big data brokers like Facebook and Google, and the cloud companies that host most websites. Many of these companies can and do sell your browsing information, your location history, and more. VPNs will help with some of these would-be snoopers, but not all of them.

 

Tracking from your ISP

 

When you go online, your internet service provider is allowed to collect your traffic data and sell it. This data could theoretically point back to you, but there’s so much of it that nobody is ever likely to dig through it. Modern encryption means that they don’t see much of your traffic, but a VPN could protect you from them a little.

 

Tracking from hosting companies

 

Most sites these days live on cloud hosts like Cloudflare and Amazon Web Services. While your ISP can’t see your traffic, these companies can, which is another issue. A VPN could theoretically protect your privacy from them. But they aren’t the only snooper, either.

 

Tracking from data brokers

 

Once you’re on a webpage, data brokers like Google and Facebook are peeping on you from the page itself. If you’re logged into Facebook as you browse, any web page with a Facebook “like” or “share” button can connect you to your profile. Likewise, Google Analytics reports your traffic back to Google. These companies are very good at what they do, which is using your traffic to serve you very targeted ads. And when you’re logged into these accounts, a VPN can’t help you.

 

It’s not hopeless. Firefox has a fairly robust built-in feature set intended to cordon off how much of your browsing Facebook can access, but no other browser currently does.

 

Tracking from your phone

 

You have another potential tattletale: your phone. If you have apps like Facebook or Google Maps, your phone is sending info on your location back to FB and Google constantly. Even with your location services off, nearby available networks can give data brokers a great idea of where you are. Again, that’s not really something a VPN can protect you from.

 

Will a VPN really help?

 

In the long run, a VPN can help protect you from some kinds of internet snooping. But so much data collection is taking place on you, all the time, that if you really want to protect yourself, a VPN is only going to be one piece of a much larger puzzle. For most of us, the necessities and conveniences of modern life mean that we’re not likely to go to the extreme lengths needed to truly hide ourselves away from data collection.

 

One final thing to bear in mind: even if you don’t trust your ISP, cloud hosts, Facebook, or Google, handing your traffic over to a VPN means trusting the VPN company. Like all companies, some VPNs are much more respectable than others. Any web activity is an act of trust. As an internet user, it’s up to you to decide who to place that trust in.

 

4) Public Wi-Fi isn’t safe

 

For years now, the common wisdom has been to avoid connecting to public Wi-Fi. But the truth of the matter is that modern web traffic is encrypted enough you don’t really need to worry about it.

 

Most websites you visit are secure. On a secure website, you should see a lock on the left hand side of your address bar, and the web address should start with “https” instead of “http”. As of 2019, 80% of websites are protected with https secure encryption.

 

This encryption is meant to protect you from snooping or tampering, regardless of where you are. Even if you connect to the Wi-Fi at your coffee shop, a potential scammer would have to know exactly which website you were going to and set up a fake version to divert you to. The odds against that happening are pretty astronomical, so go ahead and check your email while you wait for that mocha.

 

5) Apple MacOS is not affected by malware or cyberattacks

 

One of the benefits and weaknesses of Apple products is the relatively closed environment that they represent. Selling apps for the iPhone requires rigorous approval, as they seek to protect their brand, enhance security, and preserve their revenue streams. Apple’s preference for proprietary processors also gives them a little extra safety.

 

Because Apple had strong security for so long, it was commonly accepted for years that Mac machines and iPhones can’t get viruses. But that’s simply not the case. Just like any other machine, there are plenty of dangers out there, including the Shlayer trojan that’s infected nearly 10% of Apples.

 

That means that having strong antivirus software is important. A solid antivirus program can help protect you from malware, block viruses, check for trojans, and more.

 

Stay protected from the right threats

Everyone wants to stay vigilant and stay protected online. But part of effective protection is knowing which threats are serious and which ones are exaggerated, so that you put your time and effort into the right places. Watch out for scams and phishing attempts, and always have reliable security software protecting your devices, to make sure that you stay as safe as possible.

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Zscaler announces AI innovations to its Data Protection Platform
Technology

Zscaler announces AI innovations to its Data Protection Platform

by VARINDIA 2024-05-20
SHIELD to enhance Swiggy’s fraud prevention and detection capabilities
Technology

SHIELD to enhance Swiggy’s fraud prevention and detection capabilities

by VARINDIA 2024-05-20
Axis Communications announces its first thermometric camera designed for Zone/Division 2
Technology

Axis Communications announces its first thermometric camera designed for Zone/Division 2

by VARINDIA 2024-05-20
SOFTWARE
View All
Hitachi Vantara and Veeam announce Global Strategic Alliance
Technology

Hitachi Vantara and Veeam announce Global Strategic Alliance

by VARINDIA 2024-05-16
Adobe launches Acrobat AI Assistant for the Enterprise
Technology

Adobe launches Acrobat AI Assistant for the Enterprise

by VARINDIA 2024-05-11
Oracle Database 23ai offers the power of AI to Enterprise Data and Applications
Technology

Oracle Database 23ai offers the power of AI to Enterprise Data and Applications

by VARINDIA 2024-05-10
START - UP
View All
Data Subject Access Request is an integrated module within ID-REDACT®
Technology

Data Subject Access Request is an integrated module within ID-REDACT®

by VARINDIA 2024-04-30
SiMa.ai Secures $70M Funds from Maverick Capital
Technology

SiMa.ai Secures $70M Funds from Maverick Capital

by VARINDIA 2024-04-05
Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure
Technology

Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure

by VARINDIA 2024-02-08

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
GoDaddy harnesses AI power for new domain name recommendations

GoDaddy harnesses AI power for new domain name recommendations

by VARINDIA
UAE’s du Telecom selects STL as a strategic fibre partner

UAE’s du Telecom selects STL as a strategic fibre partner

by VARINDIA
JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

by VARINDIA
Rapyder partners with AWS to accelerate Generative AI led innovation

Rapyder partners with AWS to accelerate Generative AI led innovation

by VARINDIA
ManageEngine integrates its SIEM solution with Constella Intelligence

ManageEngine integrates its SIEM solution with Constella Intelligence

by VARINDIA
Elastic replaces traditional SIEM game with AI-driven security analytics

Elastic replaces traditional SIEM game with AI-driven security analytics

by VARINDIA
Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

by VARINDIA
Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

by VARINDIA
Dassault Systèmes to accelerate EV charging infrastructure development in India

Dassault Systèmes to accelerate EV charging infrastructure development in India

by VARINDIA
Tech Mahindra and Atento to deliver GenAI powered business transformation services

Tech Mahindra and Atento to deliver GenAI powered business transformation services

by VARINDIA