Now and again, a news report gets published about some high-profile hack and a wholesale theft of personal data. Many people find it worrying and try to minimize their use of online services. Elderly people are especially susceptible to all this negative information and many of them refuse to use computer outright.
However, this shouldn’t necessarily be so. Your personal data and any online transactions that you make are much safer than many people think, provided that you take necessary basic precautions. Today, we will show you how to keep your personal data safe.
1. Use different passwords for different sites
This is a cliche that you have probably heard many times; however this rule is very important. The reason is obvious. I you keep the same password for anything and if anyone would ever find out what your password is, he or she would be able to log into any of your accounts that use the same password.
The good news is that there can be very easy ways of remembering several unique passwords. For example, use the same base combination of characters in every one of your passwords followed by another combination associated with a particular account based on some rules known only to you.
For example, you may use a rule where the account-specific name would be the last letter of the website name in capital followed by the first letter of the website name in lower-case followed by the number of characters in the website name multiplied by some number that is significant to you. For example, if you have “P@$$w0rd” as you base combination and the multiplier as 567, the password for Facebook would become “P@$$w0rdKf4536”. Try to guess this one!
2. Use complex passwords
Many hackers still use brute force attack to break into people’s accounts. The method consists of trying every possible combination until the correct combination is found. This is the most primitive method of hacking; however it often works.
A typical brute force attack would start with trying every password from the list of most popular passwords. So, if you use “password” or “1234567”, prepare to be hacked very quickly!
The next stage of brute force attack is usually to try all possible combinations of numbers only up to a specified password length. Because the brute force process would be ran by automated software, it is a matter of hours before your numeric password is cracked if attack on your account is initiated!
This is why a password should use a combination of numbers and letters, both upper-case and lower-case. The same letter of different case is treated as two different characters, so the ways in which characters can be mixed are virtually unlimited and the chance of your password being discovered through a brute force method becomes negligibly low.
It is even better to through some non-alphanumeric characters into your password for a good measure. It would literally take decades for the brute force process to find the correct combination in this case and nobody would run the algorithm for so long.
3. Never share your passwords. Ever!
People do get caught out by scammers posing as the members of website support team asking for account password as the security question. Please be aware that a legitimate technician would never ask you for your password, especially to confirm your identity. The reason is that it would be of no use to them for this purpose.
It will come as a surprise to many that when you set up an online account, that the password that you chose never gets saved into the database. The password that you enter gets passed through a one-way encryption, so the value that is actually stored in the database is seemingly random combination of characters of a fixed length that doesn’t even remotely resemble your password.
When you enter the password next time you log in, the same encryption algorithm gets executed and the result is compared against the value stored in the database.
Because of this, nobody in a reputable organisation will know (or even be able to find out) what your password is. This is why when you forget your password, you are most often asked to create a new one instead of being sent an old one.
So it is most definitely a scam if you are asked to reveal your password. Also, I personally would not trust an organisation which does send you your password if you tell them you forgot it. Assume that their employees are snooping on your data, because they totally can!
4. Make sure your sensitive connection is encrypted
Some people are worried about making any financial transactions online for the fear of their data being readable by hackers. However, this type of online activity is completely safe if you follow the rule of using encrypted connection.
Security socket layer (SSL) encrypts any data traveling between your computer and the remote server, so, even if it is intercepted in transit, all the hackers would get would be unintelligible garbage instead of your credit card detail.
To determine whether SSL encryption is enabled is simple. The page address should start with HTTPS (not HTTP) protocol and there should be a padlock icon either in or next to the address bar on top of your browser.
Don’t trust the pages which which start with HTTPS but don’t have the padlock icon. This would mean that some components on the page are not encrypted, so the data contained within them is transmitted as a plain text. As it is not always simple to determine which components are insecure, it is best to take your business elsewhere.
SSL-enabled communication should not only apply to online payments, but also to any online services where secure login credentials are used, such as emails and social networks. Otherwise, there is a risk that someone may intercept your credentials and steal your data.
5. Don’t be fooled by phishing
Phishing is the most popular type of social engineering where hackers use deception to make people reveal their username and passwords. The methodologies of this technique vary and range from very obvious to exceptionally sophisticated.
An example of phishing is an email allegedly from your bank telling you that there is a problem with your account and that you need to send them your card details so it can be rectified. Another example would be a Facebook message telling you that your profile is infected by a virus and that it can be cleared by entering your username and password on a dedicated Facebook page.
Although these scams are not always obvious, there are some basic rules that you can follow to protect yourself. For example, treat with suspicion any email from your bank which comes from an address with a domain different from what your bank normally uses. If it comes from a public email domain such as Gmail or Hotmail, it is definitely a phishing attempt.
Also, make sure that any page where you are asked to enter credentials is genuine. A page may look like it does belong to Facebook, but the URL in the address bar may be something like “fecebook”, which is not that easy to spot.
More information about phishing can be found here.
6. In case of high-profile hack, check if you are affected
Occasionally, a successful large-scale hack makes it into the news headlines, like Sony PlayStation wholesale account hijacking. If this happens, it would make sense to check if any of your accounts were affected.
For example, Heartbleed hack has been able to break OpenSSL encryption used by many online services, so the hackers gained the ability to decrypt any encrypted online communication with those services.
When Heartbleed attack made it into the news, many reports appeared with the advice on how to check whether any websites that you are using are affected and what to do if they are. So, if something of this magnitude happens again, look out for this information.
7. Regularly update your browser
This is a good practice for two reasons. Firstly, older browsers may not be able to render some modern websites correctly. Secondly, older browsers have been there for a while, which has probably allowed some hackers to find various security vulnerability in them.
Although this is a commonsense practice, many enterprises don’t follow it. There are still many places where I worked that used Internet Explorer 8 in 2015, although the browser has been around since 2009! If this is the case with your workplace, the advice would be to keep any online transactions to the bear minimum.
8. Don’t download unknown attachments, even from your friends
You have received an unexpected message from your friend with a file that your friend is asking you to have a look at. And why not? After all, it came from a person who you know and trust, right? Wrong!
This is what often happens when someone’s account gets hijacked. Hackers would then send a virus to all contacts on the account’s list, which would install itself onto the computer if the file is clicked.
Of course, not all files from your friends are viruses. It is usually obvious if a file genuinely came from them; however, if in doubt, just phone your friend and ask.
9. Don’t click on suspicious links
This is about the same principles as in the previous point. Link that you see on a web page is not necessarily what it appears to be, as the display value and the actual address are controlled by two completely distinct attributes.
The biggest danger with an unknown link is that it can point to some virus-infected file, so clicking on it would be exactly the same as clicking on a virus-infected attachment.
The address of a link is quite easy to determine if you are using computer with a mouse: just hover over the link with your mouse pointer and the actual address will appear at the bottom.
10. Google your name now and again
Want to know what information about you is already available to everyone? There are two steps to find out. Firstly, log out of all of your social networking and email accounts. Afterwards, type your full name as a search query in Google. Please note that the first step is important, as otherwise the search results may show you more data than a random member of the public would be able to see.
Perhaps, this will be a shocking eye-opener. If you see something that you wouldn’t want a total strangers to see, take immediate action. Adjust privacy settings on the offending account or delete the content if you can.
Please be aware that any changes to your personal pages would not be reflected by the search results immediately, as it would take some time for search engines to re-index the content.
For more information on how to keep your mobile phone safe from hackers, you can visit this page from Tiger Mobiles.