How to WhatsApp Safely
In our “How to securely” series we asked our followers what tools they would like a simple guide on to help them stay secure online. WhatApp came out high on the requests so here we are, How to WhatsApp Safely.
WhatsApp is among the fastest-growing instant messengers out there. It is a social network on its way, and although it is already somewhat secure, some settings will enhance your security and privacy. WhatsApp has built-in end-to-end encryption which is enabled by default and can’t be disabled. This end-to-end encryption ensures only your recipients’ phone can read the message, as well as your voice and video calls.
Checking your Encryption
Although WhatsApp encrypts all chats by default, sometimes you want to double-check. It’s good practice to do that while sharing sensitive information like a credit card number with a trusted contact. To verify the encryption, start a conversation with that contact. In the chat window, tap the contact’s name, and then tap Encryption. You’ll see something like this:
The above image shows the 40-digit pattern. It is your security code, and you can use it to by comparing the digits, asking your contact to scan that QR code, or scanning your contact’s code with the “Scan Code” button. If both match then the encryption is good. It is best to use a different messenger to verify that these numbers match.
Activate Security Notifications
The generation of a new security code happens when a new phone or laptop accesses an existing chat. WhatsApp can, if enabled in the settings, send a notification when the security code changes for that chat. You can then check the encryption with your friend over a different messenger using the method above. It helps ensure the security of the encryption.
This is in Settings > Account > Security
Enable Two Step Verfication
You should use two-factor authentication (2FA) whenever possible. WhatsApp has a form of two-factor authentication within it, through the use of a PIN code. It is a periodic passcode to WhatsApp, which ensures that prevents someone else accessing your data. To activate the 2FA feature, go to:
Disable Cloud Backups
End-to-end encryption is excellent and should be in the standard in every form of digital communication. There is, however, one place where the chats and videos are not encrypted, and that is in the backups. This may affect your ability to use WhatsApp safely. WhatsApp backs up the chat information to either Google Drive or iCloud, depending on your handset. The backup is not encrypted. If you are using WhatsApp for discussions you would rather not have people find out about; you should disable the backup.
To disable the automatic cloud backup on iPhone go to Settings > Chat > Chat Backup > Auto Backup > Off.
On Android go to Menu > Settings > Chat > Chat Backup > Backup to Google Drive > Never.
Lock Down your Privacy
WhatsApp has done a lot for communications security. While it is not the most private messenger out there, it does give users at some control. In the privacy settings, you can update WhatsApp with how you wish your privacy to be set.
Using WhatsApp safely means keeping up to date with security fixes. You should make sure you WhatApp client is updated regularly but only every download from the genuine WhatApp updates. If you are installing a new version, make sure it is the genuine version from WhatsApp. You can use the links provides at https://www.whatsapp.com/download/ to download and install directly too.
How to Whatsapp Safely
And there we go, how to whatsapp safely. If there is a tool you would like a simple guide on how to use safely and securely then please do let us know.
If you have any questions about this article on how to WhatsApp safely or you would like to know more about what Hedgehog do then please do get in touch. You can reach us on +44 3333 444 256 or by using the form below.
Peter has been in the Information Security world since 1999 and in IT in general since 1996. His work history contains a unique blended balance between the development of exceptional technical capabilities and business knowledge. Peter is a proud father of twins and enjoys GT endurance racing on the weekends.
Last week saw SB Tech Breached by the hacking group Maze. It seems that every week the group are announcing more victims. GameOn asked our CEO Peter Bassill, to give us some insight into the attack. The GameOn article is here.
In our “How to securely” series we asked our followers what tools they would like a simple guide on to help them stay secure online. There seemed to be a lot of confusion as to what a VPN is and why you should or should not use one. So we asked Peter to help.
WhatsApp is among the fastest-growing instant messengers out there, and almost a social network in its own way. But if you are using it, there are some steps you should take to protect your security and privacy.
The UK’s highest court ruled that Morrisons can not be liable for a criminal act of a person seeking to harm their business. On April 1st, 2020, a panel of five justices unanimously ruled that Morrisons was not “vicariously liable”.
With the current pandemic situation, we all need to be taking remote working considerations. While adjusting the work paradym, it is vital to keep a mind’s eye on the security and safety of the businesses information assets
In this guide we are looking at how to go about securing zoom. Since the onset of the global pandemic, we have seen surge in “zoom bombing”. This is where people with malicious intent look for in-progress zoom meetings to join and cause trouble.
On March 27th, Hiscox Insurance Company Inc. filed a complaint against law firm Warden Grier for concealing a data breach that occurred back in 2016.
Chubb Cyber Ransomware Attack? Really? Well yes. It seem that, according the operations of Maze Ransomware, there really was a Chubb Cyber Ransomware Attack.
In a surprising announcement Fortune 500 technology giant General Electric (GE), an organisation that should have this all sown up, disclosed that personally identifiable information of current and former employees, as well as beneficiaries, was exposed in a security incident experienced by one of GE’s service providers. Shock, Horror, Information Security in the supply chain yet again.
NutriBullet has become the latest Magecart victim with skimmer code planted within their domain in order to steal customer financial data. RiskIQ published their research on Wednesday of this week, and it make very good reading.