9. The Application of Cybersecurity: Principles and Practices 251 on the link. Phishing emails will sometimes include an official-looking subdomain to trick users into clicking. For example: www.amazon.customerhelp.com/feedback connects to a customerhelp.com server, not an Amazon server (i.e., the primary domain is not amazon.com). URLs with such a deceptive structure are indicative of phishing attacks. Copying and pasting from online can also be dangerous, especially if copying and pasting computer code or commands. It is common for programmers (especially novices) to search online or query AI for code or a command to accomplish a task. While many of the results are helpful and legitimate, it is possible that a hacker could have planted a backdoor in code or inserted a malicious command. It is important that users trust the source of the information, and if they do copy and paste code or commands, that they have reviewed the text and understand how it works. When in doubt when it comes to downloading, clicking, or copy and pasting, users can take these actions from within a sandboxed environment such as a VM. This will likely confine any fallout to the VM, and if a VM is compromised, it can easily be destroyed and recreated. Once a host computer is compromised, on the other hand, it is difficult to ever verify with certainty that the threat has been completely eliminated. Users must also exercise caution when uploading files and typing information into webpages. This certainly includes anything posted to a public website such as a social media page or a web forum, but it is not limited to only these types of websites. Once data has been uploaded or input online, even if it is not posted publicly, it is shared with the web server. If a bad actor runs the web server or if it is compromised, that data can potentially be used for nefarious purposes. Company employees sometimes unwittingly share proprietary information or source code online while searching for answers to questions, dialoguing on forums, and when using AI tools. Although they may not realize it, they have caused a data breach because they have sent sensitive information out of the company’s network. Once out, that data cannot be retrieved. Even non-nefarious AI tools might store user inputted data and later output it in response to future user queries. Being cautious about posting online goes beyond the risk of sharing sensitive or proprietary company data. In general, users should never put anything online or send anything through cyberspace, including text, pictures, and videos, that they would not want their parents to see. Following this principle promises to save future pain and regret. This includes pictures and videos that are synced to the cloud, like most of the data on smartphones is by default, and also data sent via messaging apps. Once something enters cyberspace, it is forever out of the user’s ability to completely control. Even if a user deletes something online, it is impossible to be sure it is really permanently deleted.
RkJQdWJsaXNoZXIy MTM4ODY=