In today's day and age, the threat risk online is continually evolving and developing. Companies and individuals have lost significant amounts of money and time, as well as personally identifiable valuable data. Staying prepared and educated about the threats and risks is important to reduce the chances of being taken advantage of. In this blog rant, here are some of the steps you can take to hopefully reduce the risk of losing a fortune or important personal files.
Protect your Devices
Whether it's your computer, laptop, Ipad, Iphone or android phone, make sure it's legit (fake brand copies generally carry fake insecure software) and has legal software which is kept up-to-date. Software companies/organisations regularly release patches to cover new found threats. Use an all-round security solution to protect from Viruses and Trojans. You can purchase packages which will cover your home or office computers with a bulk licence from companies such as Bitdefender or Norton, and these can often include your mobiles or/and tabs too. Password your devices or add a security code. Some solutions (such as Bitdefender) have a feature that you can add trusted wifi's such as your home and work, so you do not need to unlock your phone at those locations but if you are out and someone gets hold of your phone, they will need to enter a pin.
I thoroughly recommend Bitdefender's Total Security solution. You can purchase this for up to 10 devices, for 1 or 2 years. Purchase it direct from Bitdefender here.
We all need online accounts for various reasons and for different services, such as Facebook, email, accounts on websites where you purchase regularly. Ensuring a decent level of security on the account is important. The required security is proportional to the confidential or personal data your online account has.
It is shocking when you look at the statistics when hackers release their latest password finds of how many people use a simple password (such as "password"!) or they use a password which is personal such as a pet, childhood place or kids name. Passwords like this are easy to break. If a hacker gets part of your personal details and wishes to crack your password on an account, he/she will probably try the most common passwords and potential personal passwords first. There is a reason that many websites now require you to have a capital (upper case) letter, a number and even symbols in your password and the solution is not a password such as "password123!". Apple recently went as far as to prevent passwords with number sequences such as 123!
The best technique is on a quiet day, give yourself time to commit a completely random password to memory which has no relation to you. Have it written down at the beginning of a quiet weekend at home and by Sunday night be at the stage that you can destroy the written copy. No hacker is going to guess a password as crazy as "np43AN!n0?" for example, or it will come a long long way on the hackers list to try as there are so many random passwords before it. If this is difficult, try taking a name or memorable word that is not commonly known or widely associated with you, break the word up (split it in two or three) and put symbols and numbers in/or around it and make something uppercase (i.e. If I like swimming, "-swi1000Mming!" is not a bad password, sticking in the 1000 for the 1000m swim?!).
For sensitive and important accounts, never use the same password twice. Your online banking should be unique, and so should your email. Your email is pretty much the next most important after your online banking as it's your email which if compromised can allow a hacker to access and reset the passwords on many of your online accounts (including resetting the password and gaining access to your Facebook account for example).
Sometimes passwords are not enough. Hackers and automated bots/programs designed for cracking purposes are relentless and are getting better by the day at trying more password combinations and better guessing of basic passwords. Many sites now offer additional security on top of your password. For simple online accounts with sites that do not hold sensitive information (such as your credit card info!) there is limited need for this, but for sites which have more details such as credit/debit card info, personal history (i.e. Facebook), or accounts which could be used to gain access to other accounts (such as your email), it is recommended. Mailchimp who offer a newsletter management service to companies believe this is so important, they give the incentive of a 10% discount if you use the additional security on your account.
There are several forms of the "Two Factor Authentication" method which work well for this, but there are three main versions:
- A Code is texted to your phone which you input on the website. The code is only valid for a few minutes at most, and without your phone no one would succeed logging into your account past that stage.
- An authenticator App such as Google Authenticator which is installed on your smart phone. This is set up by scanning a secure code on the website offering the two-factor authentication onto your phone, which enables your phone to generate codes for that particular site which change every 30 seconds. Only your authenticator app can generate the code for your website account.
- Some companies (such as Microsoft) offer their own authenticator app which works similarly to Google Authenticator, but instead of requesting a code, it simply requests you confirm on your phone (tap "yes") if the PC trying to get access to your account should be allowed. Facebook also offer this through the smart phone Facebook App to allow a PC to log into the account.
Once set up, you often have the choice to save a browser (such as your home computer browser) as a safe one and you will not need to go through this security process on that device again unless you clear your browser files/cache or change browsers/device.
Other security measures exist such as secret questions. If you do this, use sensible answers, not random ones you might forget, but they won't be considered secure if your questions are your birth place and first pet which can be found on your public Facebook page!!
Spam and Junk Email
This is a big issue and the downfall of many individuals, companies and even Government departments. An email gets through the spam system pretending to be something which it is not, with links to malicious downloads, attachments or websites. Email programs/clients are designed to warn you of these types of emails but they can't do much if you over-ride them thinking it's ok or you get curious to see what it is in Pandora's box. Before following any link or viewing an attachment, check it is who it says it is, particularly if it's someone new. For example, an email with HSBC Logos in it and a disclaimer at the bottom stating something appearing trust-worthy is not enough. Check the email which sent it. In Gmail or Outlook on a desktop, you can point with the mouse at the senders name and it will show you the email which sent it. On other apps, you can usually find a function to see the original message or email source, which will then show you the fine detail of who actually sent it. If it's from ""somethingrandom @ hgpghspg . com' then it is probably not HSBC! Banks continually remind their customers they generally do not send out emails requesting information via forms with links, and will never ask for access codes to be entered via email links. Retail and supplier companies are continually targeted with encouraging emails such as big buyers who have their credit card details ready and review the attached purchase order with a file of unknown type(!). If you have a suspicious email, you can actually copy a paragraph or two of the plain text and paste it into a search engine and it may find a site where the scam email has been identified as such. Be careful with all emails from new contacts.
Other forms of scams involve people who send you business proposals or your lost fortune has been found, in an effort to obtain further personal information from you. It is unlikely you are going to win a foreign lottery or have a distant relative you never knew who wishes to have your full financial details so they can supposedly transfer your new fortune. It is also not legally advisable to earn commission of 20% for transferring unknown funds from sources to unknown individuals! Don't waste your time or give details to people like this. If you are curious, see this funny talk instead, https://www.ted.com/talks/james_veitch_this_is_what_happens_when_you_reply_to_spam_email!
Likewise, common emails such as who thinks your profile looks stunning and wants to meet you, or the latest medicine for whatever physical result is not a wise email to investigate.
If spam/scam emails get to your inbox, you can report them to your email provider or IT Manager. This helps them protect you. Google and Outlook provide links for submitting spam/phishing emails to them that slip through their checks into your inbox. Report them and delete them.
General Online Safety
Bad websites can steel personal data. Even sites listed in Search Engine results, which the search engines endeavour to remove as it is a difficult time-consuming process on the vast World Wide Web as new malicious sites are set up daily as fast as they are removed. Whether you (accidentally) visit such a site or a guest or child inadvertently visits such a site, this puts your computer at risk. Especially with children, you are limited to what you can do but it would be wise where possible to have a separate device for your financial and personal information so you can better protect your child's online activities without limiting what you require or putting your security at risk. Having an all-round security solution for your device helps protect against these sites (anti-virus, anti-malware, firewall and ransomware protection). Having separate devices for your children and your own online work means better protection for your whole family. Separate user accounts on a device has some benefit if you cannot have separate devices in your house.
Be wary of free programs, and avoid cracks or copies of software which are often hiding Trojans, Viruses or Ransomeware. If you have a doubt about some software, ask an IT guy. If the software you require is expensive, there is often an alternative legit one that will meet your needs, or a subscription option if you require it temporarily.
Use your resources. If your knowledge of online security is limited, ask friends, family, use your work IT guy who may be able to provide advice. Use trustworthy sites for advice. Be careful what you put on the internet about yourself. A full public Facebook page with your day by day history can seriously compromise your security. Review your social network privacy settings. It's amazing how much you can find out about a person online in this day and age, and it makes you think when you find the date someone moved house or their birth place, that these types of things are what the bank may ask among other security checks. Try a complex password and "Two Factor Authentication" on important accounts such as your email and Facebook. Use security software on your devices. Keep safe!