In today’s digital word, Internet security has become very important, but it is often overlooked. Online users, subscribers, and consumers must take proactive steps to ensure that their personal or financial information is protected even if it is with a trusted entity’s online store, banking website, or log-in portal. Here are a few best practices that you can follow to help keep you protected as you venture out into cyberspace:
The Golden Rule: “Total security” is a myth – First and foremost, remember that there is no such thing as “total security” online. You can have all of the technical safeguards in world and follow every best practice guide available for responsible computing, but there is always the potential for a security risk when using an online service. You put a lot of your trust in a third party, and as such, your Internet security posture is only as robust as the weakest link. Be sure that you have confidence in the entity or business that you are using for online shopping, banking, etc. If you shop online frequently, keep an eye on your credit card and bank statements for odd activity. If your account in compromised, finding out sooner than later will save you many headaches in the long run!
HTTPS (SSL or TLS) – When you login to a portal, proceed to a checkout section on a website, filling out a form, or use online banking, make sure you are connecting over a secure channel. Look for the lock symbol within your browser and/or look for ‘HTTPS’ in your web browser’s address bar. This is a security protocol that allows the creation of secure channel using a digital certificate between your computer and an entity’s web site, server, or other service. Without going into technical detail, a successful connection using HTTPS verifies the identity of the entity as a ‘trusted’ entity and encrypts the transmission between you and the entity’s server.
If your web browser indicates an error with an entity’s certificate (i.e. name mismatch, expiration, or revocation), do not proceed with checkout, logon, or submission of a form. Additionally, if you are presented a form asking for personal/financial information or a login prompt and you do not see HTTPS or the lock, do not proceed any further. This means that you are sending your information in clear text, and anything that you submit, can easily be intercepted.
When I was taking the steps to purchase a home, I dealt with a mortgage company that wanted me to submit my information using a form on their website. I declined to fill out their online form because it asked me submit personal information over an unsecure, unencrypted (non-HTTPS) connection. In essence, be sure to keep an eye out for examples like this because they are more common than you may think!
Beware of hyperlinks – Think twice before you click that link! Nowadays, it seems that everyone is sharing links through social media sites such as Facebook and MySpace. Clicking on a mysterious hyperlink can open up your computer to a host of threats including pop-ups, viruses, and spyware and can potentially steal your personal information. In other cases, login accounts (i.e. for your bank account logon or a social media service) can be easily hijacked by clicking on a malicious link, so be cautious when surfing the World Wide Web!
Watch out for phishing scams – At some point you may have gotten a phishing e-mail about your bank account or about a password expiration that is absolutely false. Basically, phishing is a scamming method where malicious adversaries pose as legitimate individuals or entities to obtain personal information, financial information, login accounts, etc. Some of these can be easily detected while others can be very hard to distinguish because they are targeted and tailored to a very specific audience (This is called “spear phishing”). Here are some things to look for in a phishing message:
- Suspicious e-mail address – Take a look at the sender’s e-mail address. Many e-mail addresses will appear to be from a source that is like the organization in which the phisher is trying to pose (i.e. email@example.com vs. firstname.lastname@example.org). Be aware of suspicious e-mail addresses!
- Malicious hyperlink – If you highlight over a hyperlink and see a URL at the bottom of the task bar that does not appear to be from the issuing entity’s website, this is usually a good indicator that it is a phishing scam. Do not click on the link!
- Suspicious headlines and requested reply – Some indications of a phishing e-mail will request that you take reply to an e-mail with personal information or request that you take action on item. If you receive a message indicating that you need to “change your password that is expiring in 6 days” or you need to “verify that your account is still active by replying to this message with your password” is usually a good indicator that it is a phishing scam. Do not reply to such a message!
As previously stated, if you suspect that an e-mail or message that you receive can be classified as a phish, do not reply to it or click a link that may be associated with it. Report this to the entity or individual that the phisher is attempting to pose. If you accidently “click through” to a link that you suspect is a phish, immediately change your account password and contact the impersonated entity or individual.
Practice Due Diligence – It is important to keep your personal computer secure and ultimately your personal information safe. Here are a few tips to for responsible computing:
- If you have a laptop and travel frequently, do not leave your laptop unattended in public areas.
- Be sure to password lock your computer account to prevent unauthorized use.
- Use an unprivileged account (non-administrator) for everyday computer use. If you need to do something that requires administrative privileges like installing software, then use the administrator account to do so. Using an administrator account for everyday computer use can be a security problem. If you visit a malicious website that executes malicious code while logged in as an administrator, the health of your computer and the security of your personal information are at risk.
- Install security updates, service packs, and software updates regularly.
- Install a host-based firewall and anti-virus software. Install anti-virus signature updates regularly and run scheduled scans on your hard drive(s).
- Encrypt your personal data! There are good (and free) software packages that provide encryption capabilities for files and entire drives.