Have you noticed lately who is getting hacked? Here is this month’s short list: U.S. Senate, Citigroup, Sony and Google. It has to make you wonder how anyone’s info can be really safe anymore, but there are things you can and should do. For this week’s Saturday Morning Post, let’s talk about protecting yourself online.
photo © 2007 Rupert Ganzer | more info (via: Wylio)
Using a recent ABC News article, a blog from Attack Vector (a self-proclaimed ex-hacker) and Creditorweb.com, I’ve compiled a list of 15+ things that are critical to your online safety. I’m sure there are many more, so please be sure to add your tips into the comment section at the end of this article.
The more complicated the password, provided you can still remember it, the better. A combination of letters, numbers, uppercase, lowercase and special characters is best. Also make sure you use a password that is not intricately connected to information about you, such as your date of birth or your mother’s name, because thieves might be able to track down that information.
From AttackVector.com, “Everyone in the IT industry keeps hounding you to use a complex password, yet I still see people using passwords like, “meow01″ or “woof02″ or “meowoof03″. Look at it this way, if you’re using a password that you can pronounce, it can be guessed easily. That said, if you were to use “Me0w0oF58″, that would be quite a bit better than any of the previous three. It’s really hard for any of us involved in computer security to feel too sympathetic for people who get their identity stolen, their accounts hacked, or whatever, if they’re using simple passwords to protect themselves. Use this rule: Two capital letters, two numbers, 8 characters long, not a word from the dictionary. Using that policy, your passwords should wind up looking something like this: Hg89yZ46 Say that a few times and you’ll start to hear a rhythm to it which will make it easier to remember.”
As I’ve shown here many times now, social networking provides a wealth of information to someone interested. Whether it’s your location, family, friends, etc., it’s all available there for someone looking. You want to share this information with your friends, but not with people who just stumble across your Facebook page. Right now, go spend 5 minutes checking and double-checking your privacy settings. It’s under “Account” at the top right of your Facebook page. Don’t divulge your address/phone number when posting on someone’s wall or responding to someone posting on your wall. Bad. Idea. Email it to them, if necessary. Or, pick up the phone!
3. Keep your computer up to date
Don’t put off updates. When a pop-up gets displayed saying that updates are available, it actually means something. Most of the exploits that are out there today would be obsolete if people followed a strict update policy. This also includes anti spyware/malware and virus software as well.
4. Secure your wireless network
Most people don’t really realize the risk of leaving their wireless network open. I think they understand that it means that anyone can use their internet connection, but I don’t think they understand the issues beyond that. Honestly, here’s what an open wireless network allows me to do:
I can sniff all of your information going out to the internet. Credit card numbers, social security numbers, pictures, chats, everything.
I can browse through your files, email, etc. Lets hope you don’t have any risque pictures on your computer of yourself, because if you do, I’ll have them, too
I can take over your computer, your web cam, your mic. So, not only will I see all of your communications, I’ll be able to listen to you and watch you when you’re not even ON the computer
I can commit crimes online and have you take the heat for them because I’ll be using your internet connection.
Are you taking wireless security seriously yet? Visit the website of the vendor of your wireless equipment and learn how to enable WPA level security. No, it’s not perfect, but if I’m faced with a house that has a WEP secured wireless and one that’s using WPA, I’ll choose the WEP network every time. Also, look into how to turn off SSID broadcasting. If I’m war driving and your SSID doesn’t pop up, I wont be targeting it. These are simple steps that you can take to mitigate your exposure.
7.1) Windows now ships with firewall software built into it. Spend some time configuring it and making sure that it’s set up properly. You can go through the document here to help guide you through the process of configuring it. If you’re using Linux, there are plenty of scripts out there to help with iptables, though if you’re running Linux, you really should know how to use iptables via the command line.. *cough*.
5. Use caution when clicking!
This one is huge, but it’s a little less of a threat if you followed #4. When you’re on the web (or in your email), the links that you click on can do things that you’re not expecting. On the internet, there are Rogue AntiVirus websites floating around that pop up and look almost identical to what you see when you go into “My Computer”. It also shows an apparent virus scan and then displays the results, indicating that you’re loaded with viruses. It then asks you to download something. If you know what you’re actually looking at, however, you can determine that this is fake. Also, NEVER download a .exe, .com, .bat, .vbs, .what, .ever unless you’ve specifically set out in search of this file and you’re downloading it from a trusted source. You can add .pdf to this list now, too, as .pdf’s are riddled with bugs.
6. Don’t randomly accept friend requests on social sites
I understand the idea is to be social and meet new people on these sites. However. If I can’t get information from your page anonymously, I will simply set up a fake Facebook account and send you a friend request. 9 times out of 10 it will get accepted and I will have all of the information that you spent the last 5 minutes trying to secure.
This way, if your information is compromised, you know exactly which card is breached. If you are notified of a breach, get a new card. Although your credit card company might offer monitoring services, you will be safer getting a new card, especially if you only have one credit card.
8. Use updated reputable anti-viral and anti-malware software
Norton and McAfee are the best known but there are also several free options available online. AVG free download also works great and has been recommended by Consumer Reports.
9. If breached, change the password and security questions
Many people simply change their passwords if they believe there accounts have been compromised. Make sure you also change the security question that many sites ask in conjunction with a password. Use common sense, if you talk about your current pet on social networks, it might not be best to use its name as the answer to your security questions.
10. Understand how your data is shared
Although you might have provided your contact information to your local supermarket, they might not be the ones storing that information. Many companies outsource that kind of storage to a third party. “The answer is not to say, ‘I will never use the Internet’. The answer is to say, ‘I’m going to hold the companies I do business with, both online and offline, accountable for their actions,” Hilbert told ABC News.
11. Be wary of “phishing” attacks
“Any time you see a link in an email, be wary,” Rasch said. “The problem is these are all games of abuse of trust. They want you to trust the email so you’ll click the link. If they’ve compromised your best friend’s email, you’re going to get an email from your best friend.”
A good rule is: When in doubt, type it out. Although the URL may look trustworthy, con men hide bad links in hyperlinks. “If you type in the thing yourself, you’ll be able to see if that email was real or not,” Hilbert said.
In general, read the URL and use a common sense approach. If it says “.ru” instead of “.com,” ask yourself, “Does it make sense that my bank site is being hosted in Russia?”
From AttackVector.com, If you get an email from one of your contacts that seems out of character that has a link or attachment, don’t click on it. If a web site opens a window asking you to download something, don’t download it. If someone contacts you, asking for information that you normally wouldn’t give out, but this person is in need of some kind of help, don’t go against your better judgment. When posting stuff on the internet, don’t divulge personal information. When shopping online, verify that it’s secured before submitting your credit card #. The use of common sense would greatly reduce the issues that we face online. Don’t send your passwords through email.
If I asked you.. if some person in Nigeria emailed you, saying that they had $14.2 million dollars in an offshore account and just needed help getting it to a US account and were willing to give you half of it if you helped them.. would you give them your account information? No? Why not? Don’t laugh.. hundreds of people have fallen victim to this scam. It exploits two human vulnerabilities.. kindness and greed. Again, common sense and intuition could prevent this from ever working.
12. Guard your information as if your life depended on it
So often I come across information on the internet that I simply cannot believe people intentionally put out there for other people to find. Addresses, personal information, where you went to school, for how long, names of your children, name of your spouse, full names, etc…
A real simple way to keep yourself in check: Would you like everyone in the world to know the information that you’re posting? Do you want someone in North Korea to have your cell phone number and home address? “*shrug* I don’t care..” Ok, do you want ME to have your cell phone number and home address? If not, don’t post it on the web! Google will find the information and index it. Once indexed, it’s indexed for life. It wont go away. Ever.
13. Pay attention to misspellings
If the site doesn’t look right, check your spelling. If you spell Google or Disney wrong, you might not be in the right place. “People buy those domains and monetize off of those. They make money if you click on a link and it takes you someplace else,” Hilbert said.
14. Google yourself
Be aware of the information about you that is available online. One of the ways in which individuals are compromised is when a hacker or con man uses information that they’ve found out about you through a simple search and manipulate it.
15. Don’t use the same ID and password
“Just like you have a ring of keys, you have a key to your house and a key to your car, you need a different key for each site,” said Hilbert. “If I get your Facebook account, because your email account is your logon, then I probably also have your email account. And then if I have your email account, I can probably get your bank account and things like that.”
And here’s one more, a bonus for Mobile Users…
15+ for Mobile users- Download Reputable Applications for Handheld Devices
Third party software developers are constantly creating new applications for various handheld devices. While users find many applications helpful, there are risks to downloading some of them. It’s one more avenue for online identity theft. If you choose the wrong application to download, you could end up giving access to the financial data on your device to a thief without even knowing it. You should only download applications from reputable companies and websites, and research the application you want to download ahead of time.
This has been Social Energizer’s Saturday Morning Post, a less business oriented, more personally related edition than our blog that is offered during the week. Social Energizer’s purpose is to help companies develop lasting relationships with their customers and increase their conversion rates by adding proven online marketing techniques to their marketing mix.
We do this by integrating inbound marketing techniques into each business’ current marketing plan and by utilizing digital channels and strategies like Blogs, Twitter, Facebook, LinkedIn, Search Engine Optimization, and Web-integrated Email Campaigns.
We invite you to comment and rate each blog, so we can ever improve our offerings to you. Are you venturing into online marketing? Give us a call!