Vietnam has nearly 98 million people, with 73.7% of them active social media users — a figure higher than other Asian economies. In fact, Vietnamese are considered the most active on the Internet and social media platforms in the region, outpacing South Koreans and Chinese Internet users. That doesn’t come as a surprise, though. Vietnam’s connection speed is commendable; not to mention the affordability of smartphones and the availability of free Wi-Fi just about anywhere.
But as Vietnam becomes more wired than ever, such digital connectivity has also presented disturbing realities not too many know about: compromised personal data, stolen identities and leaked information. For regular Internet users, getting their Twitter account hacked for a few hours would raise concern, but not enough to push them to re-evaluate their data privacy and protection. But, do we really know how much data we’re “voluntarily” sharing online?
What better way to answer this question and gauge just how vulnerable our privacy is in cyberspace than to ask one of the world’s most prolific hackers and identity thieves, Hieu Minh Ngo.
Hieu, who grew up in a quiet Vietnamese seaside town, ran Internet scams since he was a teenager, stealing more than 200 million personal and financial data. In 2013 at the age of 25, he was arrested by the US Secret Service in Guam, and served seven years in federal prison. When he was released in November 2019, Hieu returned to Vietnam, settled for a new life in Saigon, and is now a cybersecurity specialist, offering training and consultation for nonprofit organizations and Vietnam’s National Cybersecurity Center.
While Hieu still vividly remembers how scared he was during detention, he doesn’t shy away from his storied past. A quick check on his LinkedIn and you’d find the words “Former Cybercriminal and Convicted Hacker” on his bio. “My information is all over the Internet, there’s nothing else to hide,” he said in our previous interview with him.
Today, as he strives to lead a more honest life, Hieu shares practical tips on how Vietnamese Internet users can protect their data — names, birth dates, social security numbers, bank account, etc. — from online villains lurking behind unsuspicious names and icons.
1. Keep your software up to date
Patching obsolete software, both operating systems and applications, is one of the most critical cyber security strategies for preventing ransomware. This aids in the elimination of significant vulnerabilities that hackers exploit to gain access to your devices. Here are some pointers to help you get started:
Set your device to receive automatic system upgrades.
Make sure your desktop web browser downloads and installs security updates automatically.
Make sure your browser's plugins are up to date.
Remove any program that is no longer needed.
2. Use anti-virus protection and firewall
To combat malicious attacks, anti-virus (AV) protection software has been the most widely used approach. Malware and other harmful viruses are prevented from entering your device and corrupting your data by antivirus software. Use only one anti-virus tool on your device, and be sure it's from a reputable vendor.
When it comes to protecting your data from hostile attacks, using a firewall is essential. A firewall protects your device by filtering out hackers, malware, and other dangerous behavior that occurs over the Internet and deciding what traffic is allowed to enter. Windows Firewall and Mac Firewall are the firewalls that come with Windows and Mac OS X, respectively. Your router should also have a firewall built in to prevent attacks on your network.
3. Use strong passwords and use a password management tool
Strong passwords are essential for internet security, as you've probably already heard. Passwords are crucial in keeping hackers away from your information.
Dropping the insane, confusing mix of uppercase characters, symbols, and numbers are something you should think about. Instead, choose something more user-friendly that is at least eight characters long and no longer than 64 characters.
Do not re-use the same password.
At least one lowercase letter, one uppercase letter, one number, and four symbols are required, but not the characters & percent #@. (Tip: To build a strong password, use a password generator service like https://passwordsgenerator.net/.)
Choose a password that is simple to remember, and never put a password hint out in the open or in a place where hackers can see it.
If you forget your password, you can reset it. However, as a general refresh, alter it once a year.
Check haveibeenpwned.com to see whether your information was leaked or hacked; if your information or password was leaked/hacked, you should change your password right away to secure all of your online accounts.
Try utilizing a password management tool or a password account vault to make managing your passwords easier.
4. Use multi-factor authentication
Two-factor authentication, often known as multi-factor authentication, is a service that adds additional layers of security to the traditional password-based method of online identity. You would ordinarily input a username and password without two-factor authentication. However, if you use two-factor authentication, you will be asked to provide an extra authentication method such as a Personal Identification Code, another password, or even your fingerprint to ensure that you are the real owner of the account you’re trying to log in to.
5. Learn about phishing scams – be very suspicious of emails, phone calls, and flyers
In a phishing technique, the attacker impersonates someone or something that the sender is not in order to mislead the recipient into disclosing credentials, clicking a malicious link, or opening an attachment that infects the user's machine with malware, trojans, or zero-day vulnerability exploits. In reality, phishing attempts are the source of 90% of ransomware outbreaks.
The following are some crucial cyber security tips to keep in mind when dealing with phishing schemes:
Do not open emails from persons you do not know.
Know which links are safe and which are not — hover your mouse over a link to see where it leads. If you're wondering about the link, you can use urlscan.io / browserling.com to test it.
Be wary of emails sent to you; check to see where they came from and if there are any grammatical issues.
Friends who have also been affected can provide malicious links. Take extra precautions.
6. Protect Your Sensitive Personal Identifiable Information (PII)
Personal Identifiable Information (PII) is any information that may be used to identify or locate a person by a cybercriminal. Name, address, phone numbers, date of birth, identification information, IP address, location details, and any other physical or digital identity data are examples of PII. You should be very cautious about the information you provide online in the new “always-on” world of social media. Examine your privacy settings on all of your social media platforms, especially Facebook. Adding your home address, birth date, or any other personally identifiable information (PII) increases your chance of a security breach significantly. Hackers make use of this knowledge!
7. Use Your Mobile Devices Securely
Here are some short security recommendations for mobile devices:
Make a Difficult Mobile Passcode that isn't your birthday or your bank PIN.
Apps from Reputable Sources Should Be Installed
Ensure that your device is up to date — Hackers Use Vulnerabilities in Older Operating Systems That Haven't Been Patched
Sending PII or sensitive information through text message or email is not a good idea.
Use iCloud to backup your phone on a regular basis, or enable Android Backup & Sync.
Leverage Find my iPhone or the Android Device Manager to prevent loss or theft
8. Backup Your Data Regularly
Regularly backing up your data is an often overlooked aspect of personal internet security. The 3-2-1 backup guideline is followed by the best IT and security executives. In essence, you'll store three copies of your data on two distinct types of media (local and external hard drives), as well as one duplicate off-site (cloud storage).
If you've been infected with ransomware or malware, the only method to get your data back is to wipe your computers and restore from a recent backup.
9. Don’t use public Wi-Fi without a VPN
Use a Virtual Private Network (VPN) when utilizing public Wi-Fi. The traffic between your device and the VPN server is encrypted when you use VPN software. This makes gaining access to your data on your device considerably more difficult for a cybercriminal. When security is a concern, use your cell network if you don't have a VPN.