Bad habits and poor security choices are often reasons why people have their accounts compromised and data leaked. Here are 7 tips to stay secure online.
Choose Strong Passwords
Passwords are often the first line of defence against an attacker. Many people make the mistake of using the same simple passwords over many websites. While this is convenient, it also makes easy work for an attacker. If a password for one account is known, say via a data breach, the attacker can use that to access all your online accounts.
Often in cases like this, you aren’t the target, but you may quickly become the victim.
If you have trouble remembering multiple passwords, write them down and store them securely at home (not a sticky note on your monitor or laptop). Better still, use a password manager like KeePass.
Some ideas on creating strong master password for KeePass (or other password managers) can be found here and here.
Two-Factor Authentication or 2FA, greatly increases the security of your accounts. If an attacker obtains your password he wont be able to log into your account if you have 2FA enabled.
Many online services now support 2FA and I highly recommend enabling it for any account that supports it.
You don’t have to rush out an activate 2FA on all your accounts right away. Start small and try it out on Banking and Email until you get used to it.
Installing updates, or patches, is very important as they are often patching vulnerabilities that could be exploited by an attacker. Depending on the kind of security vulnerability, the attacker could gain full access to your device, including your personal files. Which could then be used for identity theft or blackmail.
Microsoft and Google release updates once a month for their products. Use this time to ensure other software is also up-to-date. Most products have their own in-built updater to make this process simple.
Apple have a less predictable update schedule but manually checking at the same time you are checking for Windows updates will ensure your apple devices stay secure also.
Remove Admin Rights
By default the first user created on a device is an administrator. Because of this most people use the administrator account for their everyday computer use. Creating a “standard” account to use can dramatic decrease the affects of some malware, and even stop some variants from being able to run on you machine in the first place.
Using a standard user account will not have any affect on the device. Everything will work as before.
It is important to have an up-to-date functional antivirus software. Why the traditional signature based antivirus is quickly becoming a thing of the past, many AV companies include a vast variety of tools within their package. These tools include website filters, anti-malware, spam filters, potentially unwanted program detection and more.
The antivirus I recommend is ESET, which can be purchased in store at the Internet Centre.
A bare minimum, Windows Defender (Microsoft Security Essentials) should be running on your machine.
Advertisements on websites are often a quick easy way to get some malware installed on your machine. Ad-blockers block you from ever seeing the ‘click-bait’ links that may link to malware, unwanted ‘clean-up’ software, or survey websites.
Advertising on websites is often run by a third party. This means that even a trusted website could be linking to a malicious file via the ad network. Ad networks often don’t have the same security as the trusted website.
Many websites do rely on advertising for survival, so if you do decide to block ads, consider a donation to that particular website.
uBlock Origin is an ad blocker available for free for both Chrome and Firefox.
Links and attachments in email can be maliciously crafted to exploit vulnerabilities in your device, or download a payload that installs malware such as ransomware onto your device.
Before clicking a link or opening an attachment, think; are you expecting this attachment? Is it from someone you know? If you are not expecting the attachment and the source is unknown to you, it would be unwise to open the attachment.
Does the email require some urgency? Does the email require you to update your details to keep your service alive? This is often another way to identify a spam email.
Spam and Phishing email can often be very hard to detect. Often services, such as PayPal or Banking will have an email you can contact to verify the legitimacy of and email. This is often found vai the support section of their website.
You can also verify an email by calling the supposed company, look the number up in a phone directory, not the number provided in the email.
For more ways to protect your self, be sure to read our Tech Tips.