10 Internet security tips that John would never follow

First of all, if you haven’t done it yet, please take this quick quiz to find out if you’re smarter than the guy in the video below. (After you complete the quiz, you can enter to win an Xbox 360 and a Kinect.)

Now that took the quiz know how much smarter you are than John, here’s a quick review of why you shouldn’t do anything John does online.

1. Use unique, strong passwords for all of your important accounts.
John uses the same password for every account. That means if a hacker gets a hold of John’s Twitter password, that hacker would have access to every account John uses at work or at home. Creating and remembering unique, strong passwords is a must for your most important accounts. This system for creating and remembering strong passwords makes it easy.

2. Keep your computer’s software patched and protected.
You probably know which operating system you’re running. John doesn’t. He thinks it’s the one with the “windows.” A PC or a Mac running the latest versions of Windows 7 or OS X is probably as safe as any PC since the birth of the virus. However, if your OS and your applications aren’t patched you may be vulnerable to the kind of attacks John has to deal with on a daily if not hourly basis. Checking all of your applications for updates on a regular basis can be time-consuming. Our free Health Check makes it easy.

3. Realize that you’re vulnerable when you’re on an open Wi-Fi network.
When you use an open Wi-Fi network, the data you enter is only encrypted on secure pages, which start with https. Banks and credit card companies encrypt their sites however not all web email is encrypted. If you’ve ever emailed passwords or personal information, it could be accessible to a hacker. On an unsecured Wi-Fi network, you could get sidejacked by someone using a tool like Firesheep. Using the tracking data in your browser, a hacker can easily pretend she or he is you.

If you have to check your email or get on a social network and you only have open Wi-Fi, make sure you are using a secured session.

How to Secure Sessions

VPN
A virtual personal network is the best way to defend yourself from any snoopers. Most large companies insist on their employees using a VPN while doing any business over a wireless network. That’s a strategy John would never follow, but you should, especially if you make purchases or work with confidential information while on public Wi-Fi. Here are some strong VPN options for you to consider.

HTTPS Everywhere

If you use Firefox, you can use HTTPS Everywhere by The Tor Project and the Electronic Frontier Foundation, which will encrypt your communications on several major websites.

Twitter
You can secure any Twitter session by typing in an “s” after the http in the browser bar. If you click here, you’ll go to https://twitter.com and session will remain secure until you log out.

Facebook
This feature is still being rolled out to some users. And it is not entirely secure.

You can activate secured browsing by logging in. Then go to Account> Account Settings> Under “Account Security”, check the box for “Browse Facebook on a secure connection (https) whenever possible”.

PLEASE NOTE: If you use an app, any Facebook app, you’ll get this warning:

PLEASE NOTE: If you use an app, any Facebook app, you’ll get a warning that you are now entering unsecured browsing.

If you continue on to unsecured browsing, your session is not unsecured and you are now vulnerable to a sidejacking attack. You will have to return to the same setting when you are done with the app to enable secured browsing again.

John was recently sidejacked by a friend who posted a hilarious Photoshop of John in the bathtub. Too bad it happened on a day when the HR department of a company that was about to hire John checked out his profile.

Gmail
Login and go to the “Options” wheel in the uppermost right corner.

Select “Mail settings”.

Under “Browser connection”, select “Always use https”.

Hotmail

Go to https://account.live.com/ManageSSL and login if you have to.

Select “Use HTTPS automatically (please see the note above)”. And check out the note for the exceptions, of course.

4. Check to make sure a site is legitimate and secure before you make a purchase.
John will buy anything from any site. He bought his Snuggie from a website that had more pop-ups than the old AOL. Don’t be like John. Stick to online stores with good reputations. When you try out a new retailer, do a quick search for customer feedback. If you are still unsure, save yourself the trouble and money. Even if you trust a site, always check the URL of the page for two things before submitting your credit card number: 1) Is it a secured https page that will encrypt your information? 2) Am I really on the site I meant to be on? Try to use one credit card for all your online shopping and check the activity on that account often. Check out these safe shopping tips.

5. Don’t be afraid to reject or ignore a Facebook friend request.
On Facebook, wrong click and you could end up spamming your friends with something that will definitely waste their time and possibly your money. The best way to avoid becoming a victim or perpetrator of spam is to eliminate spam from your news feed. This requires you only friending people who are careful where they click. John, of course, lets spammers go on spamming as he adds more and more friends. You, however, should be careful who you add. If a friend shares some spam, inform them in a friendly way that they may have made a mistake. If it keeps happening, unfriend her or him.

Something else to remember: If you wouldn’t tell someone in person that you’re going to be out of town, don’t use Facebook to do so. If your Privacy Settings are set to “Friends of Friends”, you could be sharing your travel plans with thousands of people when you post them on Facebook. Before you post anything, ask yourself, “Would I be okay if all the friends of my friends’ friends knew this?” If your friends are anything like the average Facebook user, you could be thinking about more than a million people. (The average Facebook user has 120 friends. 120 X 120 X 120 = 1,728,000 friends you could be sharing with.)

6. Never use a password that is in the dictionary or could be guessed by a friend.
We’re back to passwords again because they can tend to be a weak link in many users’ security. And this weak link can be easily strengthened. The number of people who use “password” or their first name to secure their accounts is mind-blowing. Even John wouldn’t be that silly. It’s just as silly to use any word in the dictionary. Why? Because when a hacker uses a program to figure out your password, what do you think it tries first? Your passwords have to be unique and complex. They should also not be anything that could be guessed by a friend. If someone you know can guess your password, a stranger might be able to do the same thing by studying your Facebook profile.

7. Keep an eye out for Phishing Scams, even when you’re on your phone.
A Phishing Scam is a sneaky attempt to get you to turn over your financial data to criminals. That’s right crooks have found that Internet users, like John, will occasionally just hand over the account information needed to commit credit card fraud. All they do have to do is pretend to be a trustworthy site with official looking graphics and people fill in the forms and click submit. The best way to avoid Phishing scams is to check the URL of the webpage you are on to make certain it is on the domain of the bank or institution you think it is. Also, be skeptical of any email that contacts you asking you to change your password. If you’re ever in doubt, contact the institution directly. All of your accounts have values to a scammer, so keep in mind that you can even be phished for your Facebook account—and even when you’re on your phone. That’s why our Mobile Security blocks such scams.

8. Password protect your Wi-Fi network.
There’s plenty of good reasons to secure your home Wi-Fi network. You don’t want your neighbors to have access to private info. You don’t want strangers to slow down the connection you’re paying for. You don’t want people to use your connection to take part in illegal activities. The only reason to leave it open is if you want to give someone like John access to your digital life. Here’s how to set up a security key for your wireless network.

9. Don’t open strange email attachments (without scanning them).
The first computer security rule you probably learned was “Don’t open email attachments from strangers.” This is still true—even though John forgot it long ago. In fact, targeted attacks that use social engineering and profile their victims are becoming more advanced all the time. You should still refuse to open any attachment that you were not expecting. If you feel you must open an attachment, download it to you PC and scan it with your Internet security software first.  Here’s more on how to deal with email attachments.

10. Don’t expect anyone else to protect your privacy.
Do you blame your telephone when you use it to tell someone something you shouldn’t? Then you can’t only blame Facebook when you post information that may cause you trouble. Even when you use the privacy settings correctly and keep your account under control, your information is only as secure as the people you share it with. If you need to share any information that could cause you trouble at work or could be used to answer your security questions, use private messages, email or even that old-fashion marvel the telephone. And never, under any circumstances, shout your password in public through a megaphone. John still hasn’t learned that one yet.

Which of these tips is most important? Which is John least likely to follow? Let us know in the comments.

Cheers,

Sandra



More posts from this topic

Unbenannt-2

Why your Apple Watch will probably never be infected by malware

On Tuesday Apple announced its latest iPhone models and a new piece of wearable technology some have been anxiously waiting for -- Apple Watch. TechRadar describes the latest innovation from Cupertino as "An iOS 8-friendly watch that plays nice with your iPhone." And if it works like your iPhone, you can expect that it will free of all mobile malware threats, unless you decide to "jailbreak" it. The latest F-Secure Labs Threat Report clears up one big misconception about iOS malware: It does exist, barely. In the first half of 2014, 295 new families and variants or mobile malware were discovered – 294 on Android and one on iOS.  iPhone users can face phishing scams and Wi-Fi hijacking, which is why we created our Freedome VPN, but the threat of getting a bad app on your iOS device is almost non-existent. "Unlike Android, malware on iOS have so far only been effective against jailbroken devices, making the jailbreak tools created by various hacker outfits (and which usually work by exploiting undocumented bugs in the platform) of interest to security researchers," the report explains. The iOS threat that was found earlier this year, Unflod Baby Panda, was designed to listen to outgoing SSL connections in order to steal the device’s Apple ID and password details. Apple ID and passwords have been in the news recently as they may have played a role in a series of hacks of celebrity iCloud accounts that led to the posting of dozens of private photos. Our Mikko Hypponen explained in our latest Threat Report Webinar that many users have been using these accounts for years, mostly to purchase items in the iTunes store, without realizing how much data they were actually protecting. But Unflod Baby Panda is very unlikely to have played any role in the celebrity hacks, as "jailbreaking" a device is still very rare. Few users know about the hack that gives up the protection of the "closed garden" approach of the iOS app store, which has been incredibly successful in keeping malware off the platform, especially compared to the more open Android landscape. The official Play store has seen some infiltration by bad apps, adware and spamware -- as has the iOS app store to a far lesser degree -- but the majority of Android threats come from third-party marketplaces, which is why F-Secure Labs recommends you avoid them. The vast majority of iPhone owners have never had to worry about malware -- and if the Apple Watch employs the some tight restrictions on apps, the device will likely be free of security concerns. However, having a watch with the power of a smartphone attached to your body nearly twenty-four hours a day promises to introduce privacy questions few have ever considered.    

Sep 9, 2014
BY Jason
Unbenannt-4
Aug 28, 2014
BY Jason