If you keep track of the news, you’ve probably seen different data breeches or cyber security issues publicized, along with the recommended steps for consumers to help fix and prevent the problem in the future. However, many of these “consumer level” advisories and advertisements leave out key context and don’t give a full picture of how the steps they recommend would (or wouldn’t) help. We’ll investigate three of these such topics today: VPNs, password managers, and router updates.
Myth: A VPN is the ultimate privacy tool and makes you anonymous online.
Truth: VPNs just route the same traffic elsewhere, and in most cases it can still be traced.
When you access the internet using your home router, the sites you visit and what public IP address they’re being visited from are visible to your internet provider (even if they say they aren’t, speaking from experience here), advertisers, and companies (like the creepy stalker company Facebook, which follows you everywhere). There’s a plethora of other data that’s collected though and much of it can be traced directly back to you even when using a VPN – the companies or individual tracking you just uses the IP the VPN provider is routing your traffic through. Because of this, to maximize the security benefits of a VPN, you need to select a VPN provider with zero logs (like NordVPN), use a browser that blocks cookies and fingerprinters (I run Firefox in Strict Mode for enhanced tracking protection) and don’t log into any sites unless you’re okay with being traced.
Myth: Password managers are inherently insecure by just making one point of entry to your digital life.
Truth: Password managers can be less secure if not used properly, but if used correctly are an essential part of your security toolkit.
After every big data breech (Target 2013, Equifax, 2017, and most recently SolarWinds 2020) people speak about the importance of using unique and reasonably complex passwords for their accounts. This is fantastic advice! But it’s pretty much impossible to remember 32 character random strings for every account. Unless you’re Adrian Monk… That’s where a password manager comes in, generating and storing passwords for all of your accounts. But to avoid the possibility of it becoming your one weak link, you need to use a long master password and two-factor authentication. Some good ones are Dashlane and LastPass.
Myth: Home routers are secure and will protect your network if you keep their firmware updated.
Truth: Many home routers are riddled with security vulnerabilities, even with upgraded firmware.
In a study published by the Fraunhofer Institute, 127 different common home routers were tested for various vulnerabilities. Every single one had at least some known vulnerabilities. Though it’s true some of the routers tested were well-beyond support, the study itself shows the general discrepancy between integrating new technologies (WEP to WPA2 encryption, wireless N to wireless AC and wifi 6, etc) and patching security holes. Some new routers claim to have firewall support and it’s often over-stated (like the Netgear Nighthawk series). The best thing to do is choose a brand that is known to have more frequent updates like Asus or the AmpliFi lineup in addition to upgrading as soon as new updates are available, and using a strong admin password.
While the mass media can be useful for publicizing positive steps for people, it often paints an incomplete picture in the case of cyber security. Knowing more about how VPN’s and password managers can help you, and what some best practices are for your home router will better equip you to secure your digital life. If you have any questions about what we’ve discussed here, please reach out to us and we’ll be happy to assist!