1. NEVER CLICK ON A LINK YOU DID NOT EXPECT TO RECEIVE
The golden rule. The main way criminals infect PCs with malware is by luring users to click on a link or open an attachment. “Sometimes phishing emails contain obvious spelling mistakes and poor grammar and are easy to spot,” says Sidaway of Integralis. “However, targeted attacks and well-executed mass mailings can be almost indistinguishable from genuine emails.” Social media has helped criminals profile individuals, allowing them to be much more easily targeted, he adds. “They can see what you’re interested in or what you post about and send you crafted messages,inviting you to click on something. Don’t.”
2. USE DIFFERENT PASSWORDS ON DIFFERENT SITES
Any word found in the dictionary is easily crackable. Instead, says Sian John, online security consultant at Symantec, have one memorable phrase or a line from a favourite song or poem. For example: “The Observer is a Sunday newspaper” becomes “toiasn”. Add numerals anda special character thus: “T0!asn”. Now for every site you log on to, add the first and last letter of that site to the start and end of the phrase,so the password for Amazon would be “AT0!asnn”. At first glance, unguessable. But for you, still memorable.”
3. NEVER REUSE YOUR MAIN EMAIL PASSWORD
A hacker who has cracked your main email password has the keys to your virtual kingdom. Passwords from the other sites you visit can be reset via your main email account. A criminal can trawl through your emails and find a treasure trove of personal data: from banking to passport details, including your date of birth, all of which enables ID fraud.
4. USE ANTI-VIRUS SOFTWARE
German security institute AV-Test found that in 2010 there were 49m new strains of malware, meaning that anti-virus software manufacturers are engaged in constant game of “whack-a-mole”.
5. IF IN DOUBT, BLOCK
Just say no to social media invitations (such as Facebook-friend or LinkedIn connection requests) from people you don’t know. It’s the cyber equivalent of inviting the twitchy guy who looks at you at the bus stop into your home.
6. THINK BEFORE YOU TWEET AND HOW YOU SHARE INFORMATION
Again, the principal risk is ID fraud. Trawling for personal details is the modern day equivalent of “dumpster-diving”, in which strong-stomached thieves would trawl through bins searching for personal documents, says Symantec’s John. “Many of the same people who have learned to shred documents like bank statements will happily post the same information on social media. Once that information is out there, you don’t necessarily have control of how other people use it.” She suggests a basic rule: “If you aren’t willing to stand at Hyde Park Corner and say it, don’t put it on social media.”
7. IF YOU HAVE A “WIPE YOUR PHONE” FEATURE, YOU SHOULD SET IT UP
Features, such as Find My iPhone, allow you to remotely erase all your personal data, should your device be lost or stolen. “Absolutely, set it up,”advises Derek Halliday of mobile security specialist Lookout. “In the case where your phone is gone for good, having a wipe feature can protect your information from falling into the wrong hands. Even if you didn’t have the foresight to sign up, many wipe your phone features can be implemented after the fact.”www.PattenTitle.com
8. ONLY SHOP ONLINE ON SECURE SITES
Before entering your card details, always ensure that the locked padlock or unbroken key symbol is showing in your browser, cautions industry advisory body, Financial Fraud Action UK. Additionally, the beginning of the online retailer’s internet address will change from “http” to “https” to indicate a connection is secure. Be wary of sites that change back to http once you’ve logged on.
9. IGNORE POP-UPS
Pop-ups can contain malicious software which can trick a user into verifying something. “But if and when you do, a download will be performed in the background, which will install malware,” says Sidaway. “This is known as a drive-by download. Always ignore pop-ups offering things like site surveys on e-commerce sites, as they are sometimes where the malcode is.”
10. BE WARY OF PUBLIC WI-FI
Most Wi-Fi hotspots do not encrypt information and once a piece of data leaves your device headed for a web destination, it is “in the clear” as it transfers through the air on the wireless network, says Symantec’s Sian John. “That means any ‘packet sniffer’, a program which can intercept data or malicious individual who is sitting in a public destination with a piece of software that searches for data being transferred on a Wi-Fi network, can intercept your unencrypted data. If you choose to bank online on public Wi-Fi, that’s very sensitive data you are transferring. Either use encryption software, oronly using public Wi-Fi for data which you’re happy to be public – and that shouldn’t include social network passwords.”
11. RUN MORE THAN ONE EMAIL ACCOUNT
Thinking about having one for your bank and other financial accounts, another for shopping and one for social networks. If one account is hacked, you won’t find everything compromised. And it helps you spot phishing emails, because if an email appears in your shopping account purporting to come from your bank, for example, you’ll immediately know it’s a fake.
12. MACS ARE AS VULNERABLE AS PCS
Make no mistake, your shiny new MacBook Air can be attacked too. It’s true that Macs used to be less of a target, simply because criminals used togo after the largest number of users – ie Windows – but this is changing. “Apple and Microsoft have both added a number of security features which have significantly increased the effectiveness of security on their software,” says Sidaway, “but determined attackers are still able to find new ways to exploit users on almost any platform.”
13. DON’T STORE YOUR CARD DETAILS ON WEBSITES
Err on the side of caution when asked if you want to store your credit card details for future use. Mass data security breaches (where credit card details are stolen en masse) aren’t common, but why take the risk? The extra 90 seconds it takes to key in your details each time is a small price to pay.
14. ADD A DNS SERVICE TO PROTECT OTHER DEVICES
A DNS or domain name system service converts a web address (a series of letters) into a machine-readable IP address (a series of numbers).You’re probably using your ISP’s DNS service by default, but you can opt to subscribe to a service such as OpenDNS or Norton ConnectSafe,which redirects you if you attempt to access a malicious site, says Sian John. “This is helpful for providing some security (and parental control)across all the devices in your home including tablets, TVs and games consoles that do not support security software.
15. ENABLE TWO-STEP VERIFICATION
If your email or cloud service offers it – Gmail, Dropbox, Apple and Facebook do – take the trouble to set this up. In addition to entering your password, you are also asked to enter a verification code sent via SMS to your phone. In the case of Gmail, you only have to enter a freshcode every 30 days or when you log on from a different computer or device. So a hacker might crack your password, but without the unique and temporary verification code should not be able to access your account.
16. LOCK YOUR PHONE AND TABLET DEVICES
Keep it locked, just as you would your front door. Keying in a password or code 40-plus times a day might seem like a hassle but, saysLookout’s Derek Halliday, “It’s your first line of defence.” Next-generation devices, however, are set to employ fingerprint scanning technology as additional security.
17. LOCK DOWN YOUR FACEBOOK ACCOUNT
Facebook regularly updates its timeline and privacy settings, so it is wise to monitor your profile, particularly if the design of Facebook has changed. Firstly, in the privacy settings menu, under “who can see my stuff?” change this to “friends” (be warned: setting this to “friends of friends” means that, according to one Pew study, on average you are sharing information with 156,569 people). Also in privacy, setting“limit old posts” applies friends-only sharing to past as well as future posts. Thirdly, disable the ability of other search engines to link to your timeline. Also, remove your home address, phone number, date of birth and any other information that could used to fake your identity.1
8. REMEMBER YOU’RE HUMAN AFTER ALL
While much of the above are technical solutions to prevent you being hacked and scammed, hacking done well is really the skill of tricking human beings, not computers, by preying on their gullibility, taking advantage of our trust, greed or altruistic impulses. Human error is still the most likely reason why you’ll get hacked. www.PattenTitle.com
