The session was a cybersecurity awareness training led by Ms Maria Bicsi (CyberSecurity Project Manager at PSYND) with clarification on technical details by Mr Mauro Verderosa (Founder & CEO of PSYND).
The experts provided an overview of three main cybersecurity principles: confidentiality, integrity, and availability of data. Bicsi explained the danger of a common stance that ‘I have nothing to hide, so I don’t care about cybersecurity’. She provided an analogy with the words of E. Snowden that ‘I don’t care about freedom of speech because I have nothing to say’. Then she explained that cyberenemies could be insiders or outsiders and moved to discuss the particular steps of ensuring personal cybersecurity.
Verderosa explained the necessity for complex multi-character passwords and their frequent change, and the importance of two-factor authentication procedure for better security. Also, he advised not to save passwords in a web-browser cache to avoid their exposure, and to use unique passwords for each particular service.
In addition, the experts discussed the ubiquitous threat of radio-frequency identification (RFID) reader devices. These devices can read the data encoded in RFID smart labels and thereby steal personal data or money, if it is a debit/credit card. Bicsi demonstrated examples of specially protected wallets and top cases for personal devices that can be used to protect from RFID. She mentioned that one can protect cards using simple aluminium foil.
Finally, the two speakers exhibited examples of social engineering to execute cyber-attacks. First, an attacker may try to discover your personal psychological profile in order to find a weakness and exploit it to get the data he or she wants or compel you to perform some action. ‘Spear phishing’ emails are among the most popular types of social engineering. Bicsi asked the audience to participate in an exercise to identify phishing emails by noting several indicators: email address, signature, design of the letter, catching words denoting that something is blocked or expired, etc.
Finally, Verderosa asked the audience to attend to online security principles while surfing the web. It is important to check the digital certificate that enables a trusted connection to a website through the HTTPS protocol.
By Ilona Stadnik