Don't get "pwned" - 5 ways to stay safe online
A few days ago, we learned of the largest data breach there’s ever been. All three billion of Yahoo’s registered user accounts were compromised; to what extent we’re not entirely sure, but it’s a major problem nonetheless. This comes a mere few months after the “Onliner” spam-bot’s database of more than a billion email addresses - many with associated passwords - leaked online. These are big breaches, and big breaches are big business.
Obviously, if your personal data was caught up in these big reveals, you’re not to blame for it. When you hand your data over to a business, you’re trusting them to be responsible with it, and clearly something’s gone wrong in these cases. However, there are steps you can take to ensure you’re secure, whether it’s yourself that suffers data loss, or a company which holds data about you as in these instances. You don’t have to be a tech wizard to take these steps - a few simple actions, and simply being more aware of where your data is stored and how safe it is - can work wonders.
1. Use stronger passwords - and more of 'em
When a hacker breaks into your password-protected account, it's usually in one of two ways. Either they used “brute force”, where their computer rapidly punches in passwords in the hopes that yours is easy to guess, or your password was involved in a data breach and they've gotten hold of it.
To avoid falling victim to the former, ensure your passwords are strong. This doesn't have to mean using impossible-to-remember combinations of numbers and letters - instead, use words that you can easily remember and be sure to sprinkle in at least one number, upper and lower case letters, and special characters like underscores. Lots of websites have a minimum password length requirement, say 8 characters, but when was the last time you hit a maximum length requirement? Be generous.
As for the latter, that's where having multiple passwords comes in. You won't always know that a breach has taken place and that you should change your password, so having different passwords for different sites ensures you don't give hackers a skeleton key to your online accounts if one of your passwords is breached.
You may want to consider using password manager software, which can automatically generate complex unique passwords for every site you visit. The only password you need to remember is the master password to access the software. Examples include LastPass and KeePass, but there are numerous others and a bit of Google-fu will help you there.
2. Use two-factor authentication
Have you ever signed up or logged in to something and received a verification code via text message? That’s two-factor authentication (2FA) at work. It’s not a standard feature across the Web yet, but more and more services are taking it up, and you should do so as well. Businesses are finding ever more creative ways to authenticate their users, from simple text messages to biometrics, proprietary devices you can keep on a keyring, and more. Always check the settings of the services you use to see if they offer 2FA.
As a nice bonus, not only will nobody but you be able to authenticate and access your online accounts, but you’ll know whenever a scammer tries to access them and that your account details may be compromised.
3. Use multiple email addresses
We sign up for a lot of things online in our tech-savvy age - most of them legitimate, some of them questionable, and all of them potential targets of a data breach. It’s therefore prudent to use different email addresses for different purposes. We’re not just talking about separation of your work and personal email addresses, but having multiple personal email addresses.
For example, you may wish to have a “trusted” personal account, and an “untrusted” one. The trusted account you use for secure services like online banking, whereas the untrusted one you can safely give out to that guy who’s buying your old sofa on Gumtree. In this way, you’ll maintain distinct “online identities” which you can keep separated. Your untrusted account can be safely used to sign up on any website where you’re concerned about its security or legitimacy.
Having multiple accounts is also greatly beneficial in the fight against spoof emails, or “phishing” scams. If you’ve got an email address associated with, let’s say, Facebook, and you receive an “official” email from Facebook to your other address, you know it’s a scam.
4. Be smart about click-bait and phishing
No, you’re not this website’s 10 millionth visitor, and you haven’t won a fabulous prize. You’re also not due a large sum of money from a Nigerian prince. And that big flashing “download” button? Don’t click it. Nothing good will come of it. The internet is a harsh place. If you’re naive about it, it’ll take advantage of you, whether you’re unfamiliar with the ins and outs of the World Wide Web, or you’re a senior IT expert. We can all fall victim to “click-bait”; content on the Web that’s deliberately designed to mislead and trick users.
There’s no hard and fast solution to keep from being led down the digital rabbit hole; being a little more savvy about what you’re clicking on is essential. If you’re not trying to download a particular file, your internet browser shouldn’t be trying to get you to download something. If you click on a link and it open multiple tabs of adverts, you should get out of there. And if a pesky page is trying to keep you from closing it - well, you know something’s fishy. We won’t get into the ethics of using ad-blocking software, but it can certainly help protect your browser from being overwhelmed by advertising - and the Internet is all about freedom of choice, so using an ad-blocker is entirely up to you.
Another place you’ll be challenged by scammers is in your inbox. That email from “accounts” may look trustworthy at a glance, but take a closer look and you’ll see that clicking on that enticing link could well pump your PC full of malware. If you’re unsure about the legitimacy of an email, the best thing to do is to take a second glance. Don’t click that link, don’t open that attachment. Check the address that the email has come from (not just the name of the sender, as this will likely be fake). Look for poor grammar, or a difference in writing style from what you’d expect from that sender. If you’re still in doubt, it doesn’t hurt to ask the supposed sender if they actually sent the offending email. And if the email purports to have come from a website, be it your bank, social media, or whatever - it should never be asking for your password or personal details. Legitimate sites don’t do that, so don’t click that link.
5. Stay in the know
If a website falls victim to a data breach, you’re going to want to change the password you used there - both on that site, and anywhere else you use it. But what if the site doesn’t notify you of the breach? Your account details could be out in the wild, and you’d be none the wiser! Scary, huh?
That’s why it’s vital that you keep track of the sites you have accounts with, and if they’ve suffered any breaches. The website “Have I Been Pwned?”, located at http://www.haveibeenpwned.com (now the title of this article makes sense, right?) keeps a thorough record of hacks and leaks across the net. Plug your email address into their database, and they’ll tell you if it’s on any compromised lists. They also allow you to enter any passwords you’re worried might have gone public, and cross-check them with leaked password lists. Of course, if your email address or password do flag as having been “pwned”, you’ll want to update your details right away. Don’t sit on that knowledge, because hackers certainly won’t.
With these simple tips at your disposal, you should be a little better protected against online outlaws, Internet infiltrators and mail marauders. Remember: use strong passwords and two-factor authentication, use multiple email addresses, always check before you click, and check your details against the “Have I Been Pwned?” database.
If you’re still unsure, or you’re interested in hardware and software solutions to keep your business secure, don’t hesitate to get in touch; we’ll be more than happy to help.
Share this on social media:
We support Fusion People with their IT and telecommunications. Watch how they made an annual saving of 40%.
Contact us today for help or advice on your IT & telecoms and receive a FREE Costa!
The player supports TAB to change the controls. Update Required<br/>To play the media you will need to either update your browser to a recent version or update your <a href='http://get.adobe.com/flashplayer/' target='_blank'>Flash plugin</a>.