Weblog (or Blog)

Monday, September 18, 2017

Online Security Today

More and more, our everyday activities are conducted online, over the Internet. More and more, we hear horror stories of identity theft, cybercrime, companies with whom we do business hacked and personal information stolen, and individual's personal computer files held hostage to ransomware. Do you know how best to minimize the chance that you will be one of the unlucky ones who gets attacked by cybercriminals and hackers? Let's talk about the things you ought to do to protect yourself online, whether you are using a computer, a tablet, or a smartphone.

If you only use the Internet for entertainment and maybe a little Facebook or other social networking, you may think that you are not vulnerable. But you are. Every time you put some personal information on the web, you make yourself vulnerable to identity theft. A friend asks for your email address and you post it to her on Facebook. A relative wants your street address and you post it to him on Facebook. Now a hacker has two pieces of important information about you, enough for him (or her, but the fact is that most hackers are male) to take a closer look to see if you are worth the time to pursue. In any event, he may do nothing more than add you to a list of email addresses that he sells to spammers. So now you get more spam.

Hackers collect lots of information automatically by computer, save it into a database, and have the database mix and match the information to put names, street addresses, email addresses, social security numbers, etc. together for the same person. Over time, they accumulate enough information to access your banking and credit card information. It takes years of work to correct an identity theft. Protecting yourself is easier (but not necessarily easy).

Your first line of defense is to keep your operating system, whether Microsoft or Apple, up to date on your computer, tablet, or smartphone. These companies are constantly improving the security of the operating systems and you leave yourself more vulnerable than necessary by not staying up to date.

Use the latest version of a browser to access the Internet. The browser suppliers are also constantly improving the security provisions of their products. If your preferred browser is Window's Internet Explorer, you should be running version 11 (which also means you should be running Windows 7 or later).

Maintain up-to-date security software, such as anti-virus and anti-malware (malicious software) on your computer. The best of these are paid products, such as ESET, TrendMicro, Norton, BitDefender, and McAfee. There are some good free products available, such as Avast, Avira, and AVG. If you are on Windows, at a minimum, you should run Windows Defender. You should only install one anti-virus product on your machine; anti-virus software works so closely with the operating system that if two are installed, they may compete with each other and hang-up your computer, requiring you to re-start it.

Once you are online, your basic line of defense is your account password. Always use a different strong password for each important account. The strength of a password is based mostly on its length, how many characters it has. Your passwords should have at least 12 characters. Length is more important than symbols and punctuation in the password (although many accounts require them). That is, a password like "HOUSE BLUE DINNER WATER" is more secure than "jU?&_2n." (Note: most of the strength meters available on the Internet do not give accurate results.)

So how do you remember all those long, strong passwords? Two ways: keep a dedicated notebook (that is stored securely, away from your computer, when you are not using it) or use a software password manager such as LastPass, 1Password, KeePass, or clipperz (you can search for those on Google or other search engine to learn about them).

Always use two-step authentication if it is available. This authentication adds a second step to logging in to an account. After you enter your password, the authentication process sends a code to your cellphone or to an email account that you own. You have to submit the code to the account to successfully access it. Since the code is being sent to a physical device or email account that you control, someone trying to break into your account will not have access to it. This is not as inconvenient as it sounds as you can register your computer, tablet, or smartphone with the account so it doesn't ask for the second code if you are accessing the account from that device. The intent is to keep others out of your account.

Once you are online, be wary of any link or popup that is not familiar. Be especially wary of any link sent to you on Facebook, Twitter, Instagram, or other social networking site. If you have decided that a site is safe and it asks you to submit personal information, make sure the URL (the Internet address in the address bar of the browser) begins with https://, not just http://. The "s" in the former indicates that information sent to the site will be encrypted, making it much harder to use even if it should be intercepted by a hacker.

posted at: 12:36 | path: /www | permanent link