the opinions and musings behind the expertise
Internet Security and You
Posted: July 18, 2013
A little while ago, the Dow Jones index plunged 136 points when someone hacked the Associated Press’s Twitter account and tweeted that President Obama had been injured in an explosion at the White House. Now the economy will not grind to a halt if you are hacked, but it may feel like the world is crumbling around you. By taking sensible precautions and being aware, you can reduce the chances of malicious intruders interfering in your online business.
- Make sure you have strong passwords. Some sites will let you know the strength of your password and force you to add numbers and capital letters, but others won’t, so make it a habit.
- If you are not the only person that uses your computer, do not save your passwords or usernames in your browser. Yes, it’s a pain, but better than the alternative. You wouldn’t leave your credit card statement on a park bench, why should personal information on public computers be any different?
- Always log out of your account when you are done. Simply closing the browser’s tab is not the same. You will be surprised how easy one can reactivate your last opened tab and resume your account access.
- Keep a list of user names and passwords, along with the names of the individuals who have the account information. Keep this list in a secure location (ie. not on a post-it next to your computer. Try something with a lock). Although some may see this as a vulnerability, unless you have an unusually good memory, this is likely your best bet, especially if you are the password-holder for multiple accounts. It is not whether you record the information; it is where you place the information that counts.
If you’d like an extra layer of security, try a simple substitution or append a personal number to all your passwords, but omit the information in the recorded list.
- Never release your passwords to an unconfirmed source. I know this seems obvious, but the most common phishing scam involves email from a supposedly trusted source (email provider, bank, etc.) asking you to log in using a (malicious but not always apparent) link. When in doubt, type in the web address yourself instead of using the link provided in the email.
- If you must share a password with someone, break up the message so that even if it is intercepted, it won’t leave you vulnerable. Send an email with the username and what it’s for and let them know you’ll call or text them the password. And while we are on the subject of phones…
- Lock your phone. Seriously. Right now. Do it, we can wait. Done yet? Good. Smart phones are amazing things and we sometimes wonder how we ever got by without them, but they are a treasure trove of sensitive information. Emails, social media accounts, personal information, contact lists, and photographs are up for grabs. Literally! So be sure you have a password on your phone and make sure you know what to do if it is ever lost or stolen. Most phones have recovery tools or procedures to allow remote locks / wipes to protect your information. Familiarize yourself with these functions.
- Never open any email or attachments, click any links, or install software from an untrusted source. If you are unsure, a quick google search or verification with your network admin usually does the trick.
- Turn off the preview pane on the inbox. While Outlook’s preview pane is convenient, it allows the execution of malicious codes embedded in the email. By the time you deleted the mail, the damage is already done.
- Ensure that you have a frequently updated antivirus software (AVS) installed on your computer. This is your last line of defence. Paid version of the AVS offers added features and convenience, but free or low-cost options are readily available as well. AVAST and Kaspersky (scan tool / free trial) are my personal favourites.
By taking a few basic precautions, you can save yourself massive headaches down the line. In general, guard your information like you would guard your purse or wallet, because it’s just as valuable.