As much as those of us who work in the security industry love the work we do, sometimes you feel like banging your head against a wall. It seems like no matter how frequently or how loudly we try to educate people on basic cyber hygiene, there are still those who go against common sense – despite the hundreds of warnings – and then wonder why their devices have been hacked.
Today, almost our entire lives are online. Rather than a physical burglary or a break-and-enter, criminals are going digital in an attempt to pilfer the troves of personal records, bank accounts, social media accounts, etc. that are all now online. That, I suppose, is the price we pay for the innumerable benefits of the internet – it’s efficient for us, but it’s also efficient for criminals who no longer have to risk a physical altercation.
It is critically important to keep your personal information safe by taking precautionary measures when online. Here is a list of four of the most basic, fundamental steps one can take to stop personal information from falling into the wrong hands.
1. Don’t take the bait – avoid Phishy emails
The most common way hackers get into your computer or phone is through phishing emails. These are fake emails that say you’ve won a prize, “click here” to avoid IRS fines, or any other message that seems strange. Avoid clicking any suspicious links or attachments you may receive in an email, as it probably leads to malware. Even trying to unsubscribe to an email that looks completely legitimate can lead to malware or a key logger installed on your machine. Make sure the email is from a legitimate source before you give out any information, if it isn’t, delete the email immediately.
When in doubt, throw it out. If you need to verify whether an email has come from a particular source, you can always contact the institution – whether it be a bank, government department, etc. – and confirm the email’s legitimacy. This also notifies the organisation being imitated so they can then warn their other customers.
2. Keep your software updated
This includes your phone and computer operating systems, your anti-virus software, and any other applications you use. The majority of these updates include security enhancements which close the vulnerabilities hackers exploited in previous versions of the software. As painful as it is to have to sit and wait for the software to update and restart the system, it is well worth it.
3. Use a secured internet connection
Be careful what you do when you are connected to public Wi-Fi. You have no control of the security on the network and hackers can use the connection to hack into your device. So, if possible, it is best to avoid public Wi-Fi. If you must use it, avoid accessing any critical personal information such as bank accounts. This also includes not logging into any accounts or shopping online on public devices (like in an internet café or other public terminal). Your passwords or payment information could be copied, stolen or even accidently saved to that device.
4. Use multiple strong passwords or multi-factor authentication
Lastly, and perhaps most importantly, ensure you are using strong passwords or multi-factor authentication where available. Strong passwords are those that do not contain any information that can be easily obtained, like birthdays or names of family members and pets. It is also crucial not to use the same password for everything. This way, if someone were to get a hold of one of your passwords, they do not have access to everything. Additionally, you should change your passwords every few months.
Unfortunately, the majority of people continue to use the same password across multiple web sites and applications. Think about it, your credentials are most likely for sale on the dark web right now (a rudimentary check of if you’ve been compromised is available here). Anybody could use them to access your corporate applications and your personal accounts. We’re not just talking about Facebook, Twitter and Instagram but also Onedrive, Dropbox, iCloud, iTunes and Office 365. Think about what could happen if a criminal accessed your ISP, insurance, super fund, bank, and Government accounts – in effect ,they could tap into every corner of your existence, reset your passwords, lock you out and take over your life.
It’s that easy and all because you couldn’t be bothered to use more than one password.
These tips may seem glaringly obvious, but they’re the simplest ways to ensure your private information does not become public.
I’ve lost count of the number of times I’ve had to come to my mother’s rescue because she’s opened an email that was clearly part of a phishing campaign.
Not expecting an invoice from Svetlana in Belarus? Never met a Nigerian prince? Haven’t entered the Bahamas lottery? Well, don’t open the email. You wouldn’t let a stranger into your house so they can rummage through your drawers, so don’t invite them into your devices.