Cybersecurity
Protection from harmful software
The first thing that will help you protect your devices from viruses is to install anti-virus software.
Recommended software: Avast, ESET, McAfee, Zillya.
How not to get attacked by fake antivirus?
Only download the antivirus software from the official developer’s website or from verified sources (Play Market, App Gallery, App Store і Google Play). If you can’t buy a paid version of the program, find a free analogue, but don’t download cracked versions of paid apps.
Update your antivirus regularly. Only then will the program warn you about the threat in time.
Antivirus is installed. What’s next?
Regularly scan your device for threats that could harm your data.
Also use the anti-virus to check USB sticks and other external devices that you connect to your computer.
Periodically “reset” the settings of your smartphone.
In this way you can neutralize the “keylogger” programs that track the user’s actions.
Do not click on questionable links. Such as:
received from unknown senders via email, SMS or messengers and social networks;
messages with a call for urgent action and those that use a highly relevant and frequently mentioned topic in the media;
those that lead to questionable sites or channels in social networks;
those that do not have a security protocol: https – safe, http – potentially dangerous;
containing the word /download/ – these links will immediately begin downloading the file. Attackers will probably download malicious code or lead to a phishing site.
Pay attention to a sharp and noticeable change in the operation of the device: a sharp decrease in charge, slow operation, the appearance of files that you did not create or programs that you did not install, the appearance of unknown programs in autoload when the device is turned on, etc. Maybe this is a consequence of the activity of harmful programs.
Set secure messenger settings. How to do this is explained here.
Set secure browser settings. How to do this is explained here.
Strong passwords
Keep your devices and accounts secure. Unreliable passwords – easy prey for hackers and fraudsters.
Follow these simple rules:
Change passwords on social networks, bank accounts and all websites where your personal information may be present, to safe ones. It is recommended to change all passwords once a month.
Check regularly if your password has been hacked. Here is a useful service where you can do it.
How it works: enter your email or phone number on the website. If the passwords of the accounts registered on them have been hacked, the site will notify you. If not, there were no breaches of your data.
Use password managers – these are special applications that keep your passwords in an encrypted form, and you won’t have to remember all the complex combinations, but only the password from the application itself. (Recommended: 1Password, KeePassXC, Dashlane or managers in antivirus programs).
Two-factor authentication – is a standard two-step verification when logging into an account. Set it up. Then, in case of a hack you will receive an SMS message asking you to confirm the login into account.
Set a screen passcode, pattern key, or biometric security (fingerprint, face ID or voice ID) to unlock your devices.
Change the standard PIN-code to SIM-card.
And what passwords are reliable? Those that…
don’t contain common letters and words combinations; symbols that repeat or follow each other (0000, 1111, abc123), your name, surname, date of birth, name, surname or date of birth of your parents, children, husband or wife
Instead, contain special symbols, numbers, upper and lower case letters in the number of more than 8, as well as words that don’t exist in Ukrainian or English, and preferably in other languages as well.
used only in one service (for each service or mailbox – a unique password)
not stored on your smartphone or laptop notes or on a sticker on a laptop standing in the middle of the office
they aren’t known by your relatives, loved ones, colleagues
those that are significantly different from the previous passwords used on the same service
Secure browser settings
Keeping browsers in working condition means updating them in time, as well as the rest of the programs installed on the device and the operating system itself. And also – download them only from official sites and use only a minimum of extensions for them.
Here are the indicators you need to adjust in your browsers:
Сhrome
In the “Settings” menu
Privacy and security – Security – Safe browsing – Enhanced protection
Privacy and security – Security – Advanced – Always use a secure connection
Downloaded files – Always specify the download location
Firefox
In the “Settings” menu
Files and Applications – Always ask where to save files
Browser privacy – Security – Block dangerous and fraudulent content
Browser privacy – Security – Enable HTTPS mode in all windows
Opera
In the “Settings” menu
Privacy and security – Security – Enable protection against malicious and always use secure connections
Download – Prompt for save folder before downloading
Tor
In the “Settings” menu
Privacy and security – Protection – Security level – High
Privacy and security – Protection – Fake content and Malware Protection – Block dangerous and fraudulent content
Privacy and security – Protection – Certificates – Request confirmation of the current status of certificates from OCSP servers
Privacy and security – Protection – Mode “Only HTTPS”
Basic – Files and Apps – Always prompt to save files
How to securely download and use applications and files
Cybercriminals are constantly inventing new ways to trick users with malicious apps and programs. Downloading a free movie, game or music – is always a risk of malware infection. And the gain of attackers is to gain access to your personal information.
For your data and devices security follow such rules of downloading apps and files:
Use only licensed software from verified sources (Play Market, App Gallery, App Store і Google Play or official developer sites). Pay attention to who published the app, as some shops have questionable copies of popular apps. Russian viruses are now often spread through “pirated” programs.
Don’t download files and apps from unknown sources (dubious sites, pages and channels in social networks, unknown senders).
-
Potentially dangerous file extensions: .exe, .bin, .ini, .iso, .dll, .com, .sys, .bat, .js, .apk;
-
Potentially safe file extensions: .docx, .zip, .rar, .pdf.
The file has been installed – check it with an antivirus. But new malware or code can only be detected by an antivirus which is regularly updated.
If you can’t purchase the paid version of the program, find a free counterpart, but don’t download cracked versions of paid programs: they usually contain malicious software code.
Select the prohibition of installing apps from unverified sources and automatic file downloads, and for the browser – the function “ask for the location of the file before downloading every time”. If you accidently click on a link that automatically starts the download process, it won’t start until you confirm it.
Avoid using applications from russian developers: VK, Odnoklassniki, Yandex.Browser, 1C, Mail.ru and others russians may track them. Before downloading, necessarily check the information about who is a developer and owner of the app, and if it’s not forbidden in Ukraine.
Control the permissions the program requests during installation. Not all applications need access to your geolocation or personal information to function properly.
Update apps on your smartphone and software on your computer. This is necessary because developers are constantly working on improving their security protocols.
How to protect yourself from malicious messages in messengers
The enemy doesn’t stop trying to cyberattack Ukrainians. Hackers can send dangerous files in the messengers we use.
Often, the enemy disguises such messages as coming allegedly from Ukrainian state structures or law enforcement agencies.
Remember: State structures and agencies don’t send messages in messengers with a request to open an attached file and don’t ask to provide bank card data, passport information, data of personal accounts in social media, etc.
Here are the rules for safe setting up of popular messengers:
Telegram
Open the “Settings” menu and go to the “Privacy and Security” section.
Select the following items in it:
Who can see the phone number – Nobody
Who can find via the number – My contacts
Who can see the time of my latest activity – Nobody
Who can see my profile photos and videos – My contacts
Who can link to my account when sending my messages – My contacts
Who can call me – My contacts or nobody
In the “Calls” section, Peer-to-peer should also be set to – My contacts
(this is an option that allows users who call you to receive or not to receive your IP address)
Who can add me to the chats – My contacts
Two-step verification – Set password
Open the “Settings” menu, go to the “Account” section, in which select “Privacy”.
Choose the following items:
Last time online – Nobody
Profile photo – My contacts
Groups – My contacts
“Settings” – “Account” section – Two-step verification – Enable
Viber
Select the “Advanced” menu and configure the following items there:
Settings – Calls and messages – set the toggle opposite to “Block unknown callers”
* “to set” or “to remove the toggle means to press the switch next to the parameter. If it’s purple – the function is enabled, if it’s transparent, the function is not active.
Settings – General – Use a proxy server
Configure the “Privacy” tab as follows:
- set the toggle opposite to “Automatic spam check”
- remove the toggle opposite to “Peer-to-peer”
- set the toggle opposite to “Requests”
- Control who can add you to the groups – go to “Settings to add to groups” and set a check mark opposite to “My contacts”
- remove the toggle opposite to “Offer friends”
- Personal data – remove the toggle opposite to “Collect analytics”, “Allow personalization of content” and “Allow precise geolocation services”
Pay attention to functions “Request your data” and “Delete your data” and see exactly what data about you is stored in Viber’s servers.
Как защитить данные в соцсетях?
Private information, especially during martial law, can be used by the enemy against Ukrainian military and civilians. In order to keep your personal social media accounts safe, we recommend that you:
Set a strong password to log in to your account. Read how to do this here.
Use the double authentication function. This means that when someone tries to log in to your account from an unfamiliar device, the service will require additional identification. In this case, a message with a confirmation code will be sent to the phone number or mailbox you specified. You will be able to prevent account hacking.
Review your social media profile settings and use all possible ways to protect your account.
When creating social media accounts, use an email address of a reliable service, such as Google or Yahoo, as a login. But by no means a Russian one!
Do not log in from unfamiliar or unprotected devices. After you finish your work, you may forget to log out of your account or the device may remember the login and password you used when you logged in. In addition, the device may be infected with malware that collects and transfers password and login information to third parties.
Do not open attachments in messages from suspicious or unfamiliar people. After all, phishing is the most common way for criminals to obtain passwords to mailboxes and social media accounts.
Install antivirus programs on your device. They will help protect you from viruses. Read more here
Russians are actively using social media to gather additional information about the locations of the Ukrainian army. It is important for the military and their families to remember:
Do not post information on social media that could endanger the life of your loved ones. This refers to photo and video materials that can be used to determine the location of a military or a member of their family.
Restrict access to private information (place of residence, date of birth, educational institution, etc.) in the privacy settings of social media.
Restrict access to private information (place of residence, date of birth, educational institution, etc.) in the privacy settings of social media.
Choose the settings that best protect additional information about the account holder. In particular, do not specify geolocation (location).
Periodically review your list of “friends” on social media. If there are any unfamiliar or suspicious accounts, delete them, as the “friend” status provides access to more private information about a person.
Do not use
- Russian social media VKontakte and Odnoklassniki, as well as the messenger Qip;
- Russian search engines Mail.ru and Yandex.
At the request of the Russian special services, they can transfer information about the personal data of account holders (email, mobile phone number, date and IP address of registration, date and IP address of the last visit, etc.)
Do not use Russian mobile applications such as DMB Timer, DMB, DMB Timer+, Dembel and others. When you register there, you provide your own personal data and the military unit in which you serve, as well as the data of your fellow soldiers. Then they get automatic access to geolocation, personal contacts, photos, multimedia, files and documents, allow them to read, modify or delete content on the SD card, view network connections and get full access to the network.
For cybersecurity tips for those in the temporarily occupied territory, please read the sections on communication under occupation and data protection.
How to store data securely
Keep important personal files encrypted or in hidden folders and albums. For this:
- For Samsung devices: use Knox secret folder. You can transfer some applications, photos and other content to it.
- For all Android devices: Gallery – Albums – press and hold the required album – in additional menu select Hide
Or: Gallery – Albums – slide your finger on the screen from top to bottom – a hidden folder will open, on which you need to set a password or graphic key.
Or the “Second storage” function (available in some Android devices)
- For iPhone, iPad or iPod touch: Photographs – choose photo or video, which you need to hide, – press the button more – Hide – confirm.
Use encryption to exchange information and correspondence. For E-mail, it can be asymmetric PGP encryption, for which there are special programs, and for messengers – encrypted chats and messages that disappear after a while. This will keep your data private if your computer, phone or email account is hacked. Hackers won’t be able to read your messages without the encryption key.
Keep copies of important files in cloud storage. For example, Dropbox, OneDrive, Google Drive, etc. From there you will be able to recover data if the phone will be jailbroken. Also, back up important documents to separate devices or secure cloud storage. When hackers gain access to the device, it’s not always possible to recover the information.
Don’t store information in the smartphone memory that could harm you in case of occupation and search. Immediately delete such files and chats from the smartphone memory. And what’s important to keep, pre-download to the cloud storage.
How to protect a child on the internet
Law enforcement officers have already detected cases when the occupiers used the Internet to involve the minors in gathering information about the location of strategically important objects. Therefore, it’s important to explain to children that internet security is as important as the rules of safe behavior in real life.
The main rule is to talk to your children about cyber safety:
Remind that you can’t post private photos, disclose personal information (address, phone numbers and other personal data) in social networks, in communication in messengers and chats, as well as participate in online surveys.
Remind about the risk of catching viruses when opening suspicious links, attachments, files. Help your child install the necessary programs for protection and configure all his gadgets.
Agree on time limits for smartphone games and Internet surfing, and monitor their observance
Discuss the information your child reads on the Internet. Talk about fakes.
Teach your child to create reliable passwords and not share them with anybody.
You can also periodically check what sites your child visits: this can be done using the “History” tab in the browser. However, make sure that the child doesn’t feel afraid if he does “something wrong” on the computer or smartphone. In case of any non-standard situations, you should not hide them, but immediately seek help.
And remember: strict prohibition usually doesn’t work. It’s much more important to build a trusting relationship and teach the child to be responsible and careful on the Internet.
*The recommendations were prepared jointly with the State Service of Special Communications and Information Protection of Ukraine.
Important information for the media, bloggers and all citizens who photograph or write about war and the army
What is categorically prohibited to be covered by the mass media during wartime:
- names of bases and subdivisions, as well as their locations
- the number of soldiers in bases and units
- the number of weapons and equipment, their condition and place of storage
- conditional marks of objects
Any information about:
- operations carried out or planned
- system of protection and defense of military units
- available military protection such as: weapons and equipment(except visible or obviously expressed)
- procedure for engaging forces (military) and facilities (weapons)
- intelligence gathering
- movement and deployment of troops (names, numbers, routes)
- military units and their tactics, methods of action
- unique operations and their execution methods
- the effectiveness of the enemy’s electronic warfare
- postponed or canceled operations
- missing or crashed aircraft, ship and search and rescue operations
- plans for the security of our troops (disinformation, camouflage, countermeasures)
- informational and psychological operations carried out or planned
- propaganda or justification of russia’s large-scale armed aggression against Ukraine.
Do not post on social media:
- consequences of hits by enemy’s missiles or projectiles or moments of their flight in the sky. By doing so you will help the enemy to adjust the fire.
- time and place of “hits” (neither in publications nor in comments)
- information about the work of the Ukrainian Air Defense Forces
- a photo showing numbers, special markings and markings on destroyed or downed enemy equipment.
- unverified information about victims or dead.
