With the holidays just behind us, you may have received a gift — an appliance, computer, smartphone, tablet or TV — that connects to the internet. It’s important to keep in mind that internet connectivity gives hackers an opportunity to take control of your device. Vulnerabilities, such as common, default or simple passwords, enable intruders to easily gain access and control of a device. Read on for tips on how to deter hackers and prevent your financial and personal information from being stolen or compromised.
Updates
It’s important to keep your devices up to date. This includes:
- Turning ON automatic updates for your operating system.
- Checking for and taking the time to install manufacturer updates.
- Using secure web browsers, such as Chrome and Firefox.
- Using a third-party application, such as Secunia Personal Software Inspector, to identify insecure programs and automatically update installed applications.
Phishing
With tax season approaching and 1099s soon to be issued, it will be the busiest time of the year for “phishing” — social-engineering tactics that attempt to trick you into divulging personal information such as your login ID and password, banking or credit card information.
- Be suspicious of any email message or phone call asking for personal or financial information. If you receive such a message, contact the company to confirm whether the communication is legitimate. NEVER reply to or click the links in an email message. If you think the message may be legitimate, go directly to the company’s website (i.e., type the real URL into your browser) or contact the company to see if you really do need to take the action described in the message.
- Phishing scams may be carried out by phone, text or social networking sites, but most are delivered via email. Many look authentic. Below is an example of a phishing email and how to recognize it:
Passwords
Practice strong password management. We all have a lot of passwords to manage these days, and while it’s easy to use short and simple passwords that are easy to remember, they leave us vulnerable. Most importantly, use a new password for each new website or service you sign up for and never re-use a previous password. Use a unique, long (12 characters or more) password for each site. Here is a simple way to help you create strong and unique passwords:
- Use a passphrase – think of a long, easy-to-remember passphrase such as ‘myfavoritepizzaispepperoni’. This creates the base to your password. Now add four characters to the beginning ‘AAaamyfavoritepizzaispepperoni.’ In this case, using As can customize your password for Amazon. Finally, add four special characters to end ‘AAaamyfavoritepizzaispepperoni++!!.’ You now have a unique, easy-to-remember and very strong 34-character password.
- Test the strength of your passwords at https://howsecureismypassword.net.
- Keep track of your passwords by using a password manager such as keepass.
Antivirus and Backups
Install a good anti-virus program. There are many free programs available online, but purchasing a home version will offer even better protection. A good one to consider is Bitdefender. (This is what CIRI uses internally and we routinely test it against new vulnerabilities.) It is also very important to back up your data on a regular basis as this is the only way you will be able to retrieve your data if your system security is compromised. Back up to an external hard drive and keep it disconnected while not performing backups, or use a cloud-hosted backup service like Google Drive.
Here are some additional tips that will help keep you secure while online:
- Use an online DNS service (OpenDNS).
- Check to make sure your Windows Firewall is turned on and up to date.
- Install an ad blocker (Privacy Badger).
- While public Wi-Fi is convenient, it generally is not secure and could enable a hacker to intercept your data. It is better to use a secure WiFi — for example, a password-protected WiFi network in your home — instead of using networks provided by coffee shops, hotels, etc.
- Lock down your social media websites such as Facebook and LinkedIn by making them private. These sites can be utilized to obtain personal information about you. Only share data with friends or connections, and don’t accept invites from people you do not know.
Questions?
Do you have additional questions about IT security? CIRI’s IT department has set up a mailbox that will be active for the next 30 days. Send any questions you may have to ITQuestions@ciri.com.
References
- https://www.eff.org/privacybadger
- http://www.nytimes.com/2014/09/20/business/ex-employees-say-home-depot-left-data-vulnerable.html?_r=0
- http://dealbook.nytimes.com/2014/10/02/jpmorgan-discovers-further-cyber-security-issues/
- http://en.wikipedia.org/wiki/Sony_Pictures_Entertainment_hack
- http://en.wikipedia.org/wiki/2014_celebrity_photo_hack
- http://www.kaspersky.com/about/news/virus/2014/Kaspersky-Lab-is-Detecting-325000-New-Malicious-Files-Every-Day
- http://en.wikipedia.org/wiki/Surveillance#Corporate
