CyberSecurity Promises for 2025.

[Fixxx]

​

The outgoing year has brought several record-breaking incidents involving data leaks. AI technologies have rapidly developed and cybercrime has evolved. How can we take all this into account to ensure our personal security? Make these promises to yourself and keep them throughout 2025:

Learn to use AI Assistants safely!​

Over the year, the use of AI has gradually transformed from a trendy novelty into a daily activity, especially after AI assistants were integrated into standard smartphone functions. Given that AI is now always at hand, including during the most intimate moments of life, it's essential to carefully study the rules for the safe use of chatbots and other assistants to avoid harming yourself and those around you. To summarize them briefly, here’s a list:

• Double-check AI advice. Especially when asking for recipes, medical information, investment advice and any other data where the cost of error is high. Chatbots sometimes "hallucinate", so never follow their advice blindly.
• Disable AI features if you don’t clearly understand their purpose. The trend towards AI encourages large companies to integrate AI even where it is unnecessary. A prominent example is the controversial Recall feature in Windows 11, which constantly takes screenshots of the entire screen for AI analysis. Turn off AI if you are not actively using it.
• Don't send personal information to AI. Photos of documents, passport details, financial and medical documents are almost never needed for effective AI operation. Given that this data can be stored for a long time and potentially leaked, it’s better not to send it at all.

Educate your loved ones to recognize DeepFakes!​

The rapid advancement of neural networks for video generation has allowed scammers to move from creating deepfakes of celebrities to cheap and relatively mass attacks on specific individuals using fake voices and images…of anyone. Initially, deepfakes were used to lure people into financial pyramids or fake charities, but now targeted schemes have emerged. For example, calls from a fake "company director" or someone from your family. Creating a video in which a person you know well asks for money or to secretly do something strange has become much easier, so it’s crucial to remember the rule: double-check strange requests by contacting the requester through a different communication channel. Given that in 2024 there were leaks of vast amounts of medical information, new schemes for targeted fraud involving calls from fake doctors may also emerge.

Switch to Private Messengers!​

For those who still believe in the confidentiality of messaging, 2024 brought a couple of major disappointments. First, the arrest of Telegram founder Pavel Durov raised questions about which intelligence agencies and under what conditions they would gain access to messages on Telegram. Then, a massive scandal swept the United States when it was revealed that third-party intelligence agencies had hacked the legal wiretapping system implemented by all American operators, gaining access to the messages and calls of Americans. Authorities even advised Americans to switch to private messengers for greater confidentiality. To worry much less about such events, follow the same advice and along with your main contacts, switch to one of the messengers with end-to-end encryption.

Find and replace all Old Passwords!​

Despite the growing availability of passkeys, passwords will remain with us for many years, along with the risks of leaks and hacks. Old passwords that you created several years ago without much concern for their complexity are likely to be guessed or stolen. For instance, this year saw the release of a record-sized compilation of leaked passwords called RockYou2024, containing 10 billion (!) different passwords. Many of them are encrypted, but thanks to modern graphics cards, shorter passwords have been cracked. In a study on password resilience conducted by our experts, it was found that six out of ten user passwords discovered in this leak can be cracked in a time frame ranging from a few seconds to an hour. To avoid worrying about password cracking, go through all your passwords and if a password is short (less than 12 characters) or very old, visit the relevant service and reset it, creating a new one according to the best security practices. Of course, using repeated passwords is unacceptable, so it’s best to generate new passwords and save them in a reliable password manager.

Set aside a monthly "Backup Hour" in your calendar!​

If you can’t quite remember the last time you backed up your data, now is the time to systematize this operation, which is as important as annual car maintenance and spring cleaning at home. In fact, backups should be performed much more frequently—depending on the type of data, daily, weekly or monthly. Backups should be done in both directions. Data from your phone and computer should be backed up to cloud storage, while data stored in cloud services should be downloaded for local storage. This way, you will protect yourself from a wide range of problems: computer malfunctions, smartphone theft, ransomware attacks, etc.

Enter your card number less frequently! (for that you have other cards, you bastards)​

In 2024, there was a series of massive leaks stemming from the hacking of clients of the cloud service Snowflake. Among the affected companies were AT&T, Live Nation (Ticketmaster) and Santander. The detailed composition of the information that was leaked in each incident is still unclear.To avoid guessing whether payment information was included and to spare yourself the hassle of dealing with your bank and reissuing cards after each major leak, it makes sense to store your card in a few major and secure services and to pay for purchases only through them wherever these systems are supported. This approach complicates the interception of payment data by malicious actors.


Happy 2025!