Our guide for your data protection
Data protection: Protection of the privacy of each individual's data. The right to self-determination and protection against misuse of data.
Data security: Protection of data, regardless of whether the data is personal and digital or analog. Protection from: Manipulation, loss or unauthorized access.
Main objectives of data security according to the BSI (Federal Office for Information Security)
Confidentiality, integrity, authenticity, authorization and availability.
Passwords
6 rules how to create a "good password"
- 12 characters long, except for certain encryption methods. (WPA; WPA2; WPA2; WLAN)
- Use at least four types of spellings
- Avoid terms that might have originated in the dictionary
- No common variants & repeat or keystroke patterns
- No attempt to embellish simple passwords with special characters
- Passwords with umlauts could not be entered abroad (Other keyboard constellations e. g. Ä; Ö; Ü; Ü -> not found in Italian keyboard)
You can visit https://checkdeinpasswort.de/ to find out whether your password is safe to use or not, since the page will show you the according Password security details.
What should you consider when dealing with passwords?
- Remember passwords instead of writing them down
- Never store passwords unencrypted on PC or on notepad next to the screen or computer
- If you simply cannot remember them then either write them on paper that you lock away and or in an encrypted file on the computer
- Also Online management tools like keepass are useful
How to remember a good password?
- write a sentence
- Just take the first letters.
- Replace letters that are suitable with numbers and/or special characters
- Make up your own sentence - no quotations
Change passwords regularly!
- Change all passwords at regular intervals
- There are programs that remind you of changing your password
- Do not use unified passwords!
- Do not use passwords for multiple accounts (If used more than once, the chance of being hacked is higher. In case of hacker attack: everything can be spied out)
- Always change default passwords! (During the installation of the software product, often empty passwords or generally known passwords are preset -> are first tried by hackers to check if they have forgotten a private password.)
- Protect screen saver with password! (It is possible to lock the keyboard and screen after a certain period of time without using the device. Unlocking: Only after entering the correct password. Otherwise: access by a third party.)
Do not give passwords to third parties or send them by e-mail!
E-mails are usually sent unencrypted. But:
Can be read on the way through the internet or can get lost
In this way your Password control may be lost!
Two Factors Authentication
Two Factors Authentication serves as proof of identity for a user by combining two different factors in order to enable him or her to log in somewhere or to carry out bank transfers.
Possible components of these two factors can be:
- Knowledge (name, PIN, password)
- Ownership (key, bank card)
- Property (fingerprints, voice, iris recognition)
Disadvantages of this concept can be:
- That the Token must be carried with you at all times
- Theft, loss, forgetting
- High acquisition cost/replacement purchase price
Ho to deal with these disadvantages ?
- Ownership: Smartphone
- Knowledge: Personal access license & once valid code (received via SMS, e-mail etc.)
This bears the following advantages:
- No additional token required
- Code will be replaced automatically after a certain time if not specified
Examples of the use of 2FA
- Apple ID
- Amazon Google
- Sparkasse Cologne/Bonn
- Microsoft Outlook
- paypal
Protecting Mobile Devices
5 ways to protect your mobile phone/tablet from hacking
- Password protection (password or fingerprint)
- No apps from unknown sources or jailbreak
- Do not surf questionable/virus-infected pages
- Antivirus software for Android
- Encryption of the mobile phone (iOS: By default by a PIN, Android: Edit Settings)
Aims of criminal attacks on mobile devices
- Obtaining access data
- Use data to transfer money from the victim's bank account to their own account or to order goods and commodities for own use / to resell them and make money
- hackers will be able to establish connections without the knowledge of the device owner due to a malicious app after installation
- to replicate other malware/to send data such as personal information from the device to other servers
- to transfers access data as well as private keys and certificates
- to block the entire device and to encrypt personal data in the background and ask for ransom between 200 and 300 US dollars as blackmail
7 simple protective measures
- always use passwords
- use unusual combinations for your password and keep it hidden
- update operating system regularly (Download updates & patches immediately)
- Disable automatic function of apps in setting via data exchange/transmission
- Secure W-LAN using a password
- install a serious virus protection ( only load reliable guard software)
- load only apps that are needed
- disable loading of apps from unknown sources
- only approve authorizations that require APPs for their purpose
- do not forget to log out
- control access to other APPs
- do regular data backups
- save important data externally (e. g. saving a cloud)
correct user behaviour
- only click on serious sources
- do not respond to notifications of external services
- do not transmit sensitive data via public W-LAN
- do not leave your equipment unattended
written by Karolin VR