by Kevin Graham, October 8, 2018 in Wellness
This is certainly up for debate, but an argument could be made that the internet is perhaps the greatest invention of mankind since electricity. We are able to connect to friends and family, find information at the touch of a button and order pizza with a click or even your fingerprint.
However, when you’re surfing the information superhighway, it’s important to be safe. Everything I’ve just described involves a certain amount of your personal information. You don’t want someone getting grandma’s top-secret cookie recipe, finding out what health conditions you have by looking at your Google searches or getting your credit card number when you order a large supreme.
While all of these things could happen if you’re not careful, it’s no reason to turn off your computer and smash it to bits before going to live in a homemade bunker under 6 feet of cement. The internet is too great a utility for that. What we can do is practice a few safe browsing habits.
For the last 15 years, October has been celebrated as National Cybersecurity Awareness Month. Let’s take a look at some ways to protect yourself online.
Keep Computers and Devices Up-To-Date
The biggest thing you can do to protect against flaws in operating systems for computers and mobile devices is to run the latest updates you can when they come out. Apple, Microsoft, Google and other device manufacturers put feature upgrades in these updates, but they also take the opportunity to push important security patches to you.
Criminal hackers then analyze these updates to figure out what the software engineers fixed and work to exploit the flaws in unpatched systems, so it’s crucial to install updates as soon as you get them, especially if they’re labeled as having a security focus.
If you have an older device that can’t be updated to the absolute latest version of the operating system, make sure you’re on the latest version your device can run. You should be able to check for updates within your device settings (often under the general, about or help menus.) If you’re unsure where to check for updates, Google your computer or device. If automatic updates are an option, it’s a good idea to turn them on.
Even if you’re on an older device, check for updates periodically. When features aren’t being updated, sometimes you’ll still get security patches for a period of time beyond when you would receive feature upgrades. Sometimes manufacturers will also release patches for unsupported, older devices if the flaw is considered very serious as well.
Account Security
There are three great ways to make sure your account is secure: biometrics, long and strong passwords and two-factor authentication. Let’s briefly go over these.
Biometrics
Whenever possible, if your device offers biometric authentication, take advantage of it. Biometric authentication relies on a person’s characteristics to verify who they are. Someone would generally have to go to great lengths to get a copy of your fingerprint and transfer it to a medium that will mimic skin enough in terms of heat and texture to fool your phone or computer. These scanners have come a long way. The same applies to facial or iris recognition systems.
It may have once been possible to form these things with a picture, but now device manufacturers like Apple and others are taking advantage of faster processors and
a variety of sensor and light techniques in order to get an accurate map of your face in seconds.
Strong Passwords
Having a biometric option available to you will make it easier to have a long, strong password to get into your computer or phone if you only need to type it in every once in a while. Passwords that are 12 characters or higher are harder to crack because it takes longer for even supercomputers to brute force those. Also, you should try to use passwords that you’re going to remember, but that aren’t based on words in the dictionary. It’s pretty well established that “Monkey123” isn’t a great password, but “Chimpanzee123” isn’t much better.
You should also try to use passwords with numbers, symbols and a combination of upper and lowercase letters. If you’re in a work environment where you have to change passwords often, but you want to be able to remember them, it helps to come up with a strategy.
You’ll find one that works for you, but here’s an example that works for me. Just in case you were wondering, I won’t be using an actual password. But this will give you a flavor for something you might try. I happen to be a big Beatles fan.
So, a long but memorable passphrase might be something like:
Beatles+yellow-Strawberry
I used my favorite band and references to a couple of their big songs. If I wanted to get a numeral in there, I might replace the S with a 5.
Passwords should also be unique, so that if one is compromised, not all of your accounts are accessible. Will all of these unique passwords, things could get obnoxious. I recommend using a password manager like
LastPass or
1Password.
The way these password managers work is that you remember one strong password that serves as your master password to get into your password vault. From then on, every time you log into a site, it will save the passwords for you. Better yet, because you don’t have to remember the logins, you can have it generate a longer password (say between 16 – 64 characters depending on what the site allows) that is complete random gobbledygook. Then reset your password. This really protects you against brute force attacks.
Two-Factor Authentication
Another excellent way to protect the security of your account is to use two-factor authentication to protect yourself in case your password gets out. When you do this, there’s a two-step process to get into your accounts. Let’s break it down.
The first factor is something you know (e.g. password) or something you are (biometric identification such as face or fingerprint scan). After you’ve given the first factor, there’s a second step that takes place.
The second factor is based on something you have, so typically a phone or tablet device. If you have a mobile app for that particular website, you often get a push notification asking you to confirm login through that app.
Alternatively, there are two-factor authenticator apps like
Google Authenticator and
Duo Mobile. When you go through the process of setting up two-factor on websites, there will be a QR code (those funny-looking things that look like new age barcodes). You open your two-factor app of choice and scan this with your phone or tablet camera. From then on, it will generate a new random numerical string every 30 to 60 seconds. When you log into websites, you’ll be asked to supply this code.
Another way to get codes on your phone is via text message or even phone call. This works if the website you’re logging into offers no other option, but you should always use apps to log in when it’s available. If someone were to call up and
socially engineer the cell phone company to send your text messages or calls to a different SIM card, you would be in trouble.
If you don’t want to enter a code on your phone all the time, a physical device that you simply have in your possession can also work.
Consider a YubiKey.
Look for HTTPS
When you provide your credit or debit card information to sites or even simply put in your password, make sure that your information is being passed through in a secure manner. How do you know that?
Different browsers may have slightly different icons, but there will be a green padlock on the left-hand side of the address bar with a green “https” as opposed to the regular “http.” The S stands for secure. You may also see the word secure in the address bar. If you click on this icon, you can get more info on the security certificate itself, who it was issued to and how long it’s good for.
Modern browsers are doing a really good job of clearly marking when sites are not secure and, in many cases, it won’t even let you go to a page with an expired security certificate unless you explicitly allow it, but you should still check for the “https” just in case.
Watch Out for Scams
There are things you can do to protect yourself from being compromised on the net. Here are a couple of tips to help you remain vigilant.
Don’t Fall for Phishing
Be really careful what you click in emails and on the web. A good rule is that if you didn’t ask for it and you don’t recognize it, it’s probably not real. Occasionally, a site will reach out to you and ask you to change your password if they’ve been breached. To check the veracity of these emails, follow these steps.
- You’re looking for email addresses that are slightly mistyped in order to mislead (e.g. Mark@Faceboook.com).
- Very generic terminology in the email (just talking about your account without giving any identifying details such as the last four digits or having “Dear Sir/Madam,” etc.).
- Similarly, if you notice terminology that’s different from the way the business or brand normally talks, that’s a red flag. If the company normally says team members and you see employees, that would be worrisome.
- Spelling mistakes are a problem.
- If the email displays a sense of urgency and says to input your password or anything else in the next 24 hours, look up the company’s customer service line and call to see if there’s an actual problem with your account. People who phish for personal details are hoping you’ll act without thinking in a moment of worry.
- If you are suspicious of any email asking you to log in, it’s best to call a customer service number and verify.
- Check the links in an email by hovering over the link to see what pages it actually takes you to. Avoid destinations that don’t seem right.
- If the email has an attachment, that can be a way to get viruses and other nasty things onto your computer. You shouldn’t download attachments you don’t expect.
- If anything in the mail sounds too good to be true, it probably is.
Be Careful What You Click On
Going along with what’s above, you should also be careful what you click or tap on web pages and in email. If it doesn’t make sense, or is too good to be true, don’t click.
Let’s run through a couple of common schemes.
- If you get a pop-up on a website that says you have a virus that they can remove from your computer if you only pay $50, don’t click. You likely don’t have anything if you run even the built-in security software in Windows on its default setting. Android, Mac and iOS also have built-in security measures of their own.
- You can also be pretty sure that you didn’t win a sweepstakes or contest that you don’t remember entering. Don’t fall for these ploys to get your personal information.
Protect Your Connection
In addition to vigilant browsing, there are actions you should take to protect your internet connection and browsing history from prying eyes.
Make Sure Your Wi-Fi Is Secure
If you’re on a wireless connection – and in this age of laptops and tablets, who isn’t? – you should make sure that your connection is secure.
The first thing you should do on your personal Wi-Fi is to change the default password for getting onto the Wi-Fi itself. That way no one can guess your password just by working on the side of the router or in the manual.
While you’re at it, you should absolutely change the default administrator password for your router so that no one can go in and mess with the settings to send your traffic through weird places. You should be able to change this in the same place you changed the password to get on the Wi-Fi itself. This is important because sometimes internet service providers (ISPs) value convenience over security to the point where someone could easily get in and mess with your settings. My ISP shall remain nameless, but I was horrified to discover that the username for the router was “admin” and the password was “password.” Yeah, not great.
Tips While Out and About
If you’re out in public, be careful logging into public Wi-Fi, especially if it’s unsecured. If there are no security measures in place, a skilled hacker can insert themselves between you and the website you’re visiting in order to snoop on what you’re doing.
In order to protect yourself, the easiest way is to use your cell phone data connection when you’re out in public. Many laptops and tablets now have the ability to connect to a data network as well. Cell phone providers often have agreements with certain services like Netflix or Spotify so that certain activities don’t count against any potential monthly data cap you may have, but most activity will count. That’s the downside. On the other hand, you’re secure.
In addition to Wi-Fi concerns, be careful using any public charging ports. Ideally, you can bring your own charger to plug into the wall. Don’t use someone else’s cable. Some cables and public charging ports can be compromised so that someone can see the data being transmitted to your phone and potentially send unwanted viruses and other malware back into your phone leaving it permanently compromised. This is called
juice jacking.
Make Sure to Download Trusted Apps
You should only download apps and programs you trust because these can be used as vehicles to get viruses and programs that will spy on your activity (spyware) on your system.
On Windows or Mac, you should either download things from the Windows or Mac App Store or directly from the website of the software provider. Amazon is also a big retailer of both Windows and Mac digital downloads. If you’re looking for video games, Steam or Origin are big retailers of PC games.
On mobile, there’s the App Store on iOS and the Google Play Store or Amazon Appstore on Android. Things do occasionally slip through the cracks, but apps on these stores are somewhat vetted. If you have doubts about any particular app or program before downloading it, you should Google it and also check out the reviews.
Be Careful About Publishing Personal Information Online
If you’ve ever signed in to a website for the first time from a new computer or even called the bank about a problem with your account, they’ll do certain things to try to make sure that you’re you.
They’ll ask you security questions. Popular ones might include mother’s maiden name or father’s middle name, but it could also ask about your favorite book or your dream car.
Someone might be able to find records of your family and figure out the name questions, and if you’re like me, your obsession with Harry Potter is well-documented.
If you have accounts that you are concerned about people compromising, maybe you switch up the answers when you’re setting them up online. If you’re using a password manager like those recommended earlier, there is often a place to store secure notes. If you save the answers with the passwords, you’ll have them when you need to access the account, so maybe your mother’s maiden name is actually listed as Windows 95 or a completely random string of characters.
In addition, be careful about listing or giving out things like your phone number, address, Social Security number (SSN) and other sensitive information online. If someone needs to know, make sure you trust the person and message them directly.
Remove Data Before Donating Computers or Devices
If you have a computer or device you’re looking to donate, follow the manufacturer’s instructions to delete your data and reset it to factory settings.
The exact instructions for doing this will vary depending on your device, but you want to make sure this gets done. Manufacturers and makers of all the major operating systems will have documentation on what you need to do. If there’s anything you’re unsure about, you can always contact a friend who’s good with technology to help you out.
Our devices are lasting longer and longer, so it makes complete sense to give a device you’re no longer using to someone who will make good use of it, but you’ll just want to make sure that all of the data is cleared off to protect yourself and make sure it’s ready for the other person.
Hopefully this has helped you think about practical steps you can take to increase your level of cyber security. If you’re looking for more, it’s not a bad idea to also take a look at
your backup strategy in order to make sure you have copies of that data you can’t afford to lose.