First of all, if you haven’t done it yet, please take this quick quiz to find out if you’re smarter than the guy in the video below. (After you complete the quiz, you can enter to win an Xbox 360 and a Kinect.)
Now that took the quiz know how much smarter you are than John, here’s a quick review of why you shouldn’t do anything John does online.
1. Use unique, strong passwords for all of your important accounts.
John uses the same password for every account. That means if a hacker gets a hold of John’s Twitter password, that hacker would have access to every account John uses at work or at home. Creating and remembering unique, strong passwords is a must for your most important accounts. This system for creating and remembering strong passwords makes it easy.
2. Keep your computer’s software patched and protected.
You probably know which operating system you’re running. John doesn’t. He thinks it’s the one with the “windows.” A PC or a Mac running the latest versions of Windows 7 or OS X is probably as safe as any PC since the birth of the virus. However, if your OS and your applications aren’t patched you may be vulnerable to the kind of attacks John has to deal with on a daily if not hourly basis. Checking all of your applications for updates on a regular basis can be time-consuming. Our free Health Check makes it easy.
3. Realize that you’re vulnerable when you’re on an open Wi-Fi network.
When you use an open Wi-Fi network, the data you enter is only encrypted on secure pages, which start with https. Banks and credit card companies encrypt their sites however not all web email is encrypted. If you’ve ever emailed passwords or personal information, it could be accessible to a hacker. On an unsecured Wi-Fi network, you could get sidejacked by someone using a tool like Firesheep. Using the tracking data in your browser, a hacker can easily pretend she or he is you.
If you have to check your email or get on a social network and you only have open Wi-Fi, make sure you are using a secured session.
How to Secure Sessions
A virtual personal network is the best way to defend yourself from any snoopers. Most large companies insist on their employees using a VPN while doing any business over a wireless network. That’s a strategy John would never follow, but you should, especially if you make purchases or work with confidential information while on public Wi-Fi. Here are some strong VPN options for you to consider.
If you use Firefox, you can use HTTPS Everywhere by The Tor Project and the Electronic Frontier Foundation, which will encrypt your communications on several major websites.
You can secure any Twitter session by typing in an “s” after the http in the browser bar. If you click here, you’ll go to https://twitter.com and session will remain secure until you log out.
This feature is still being rolled out to some users. And it is not entirely secure.
You can activate secured browsing by logging in. Then go to Account> Account Settings> Under “Account Security”, check the box for “Browse Facebook on a secure connection (https) whenever possible”.
PLEASE NOTE: If you use an app, any Facebook app, you’ll get this warning:
PLEASE NOTE: If you use an app, any Facebook app, you’ll get a warning that you are now entering unsecured browsing.
If you continue on to unsecured browsing, your session is not unsecured and you are now vulnerable to a sidejacking attack. You will have to return to the same setting when you are done with the app to enable secured browsing again.
John was recently sidejacked by a friend who posted a hilarious Photoshop of John in the bathtub. Too bad it happened on a day when the HR department of a company that was about to hire John checked out his profile.
Login and go to the “Options” wheel in the uppermost right corner.
Select “Mail settings”.
Under “Browser connection”, select “Always use https”.
Go to https://account.live.com/ManageSSL and login if you have to.
Select “Use HTTPS automatically (please see the note above)”. And check out the note for the exceptions, of course.
4. Check to make sure a site is legitimate and secure before you make a purchase.
John will buy anything from any site. He bought his Snuggie from a website that had more pop-ups than the old AOL. Don’t be like John. Stick to online stores with good reputations. When you try out a new retailer, do a quick search for customer feedback. If you are still unsure, save yourself the trouble and money. Even if you trust a site, always check the URL of the page for two things before submitting your credit card number: 1) Is it a secured https page that will encrypt your information? 2) Am I really on the site I meant to be on? Try to use one credit card for all your online shopping and check the activity on that account often. Check out these safe shopping tips.
5. Don’t be afraid to reject or ignore a Facebook friend request.
On Facebook, wrong click and you could end up spamming your friends with something that will definitely waste their time and possibly your money. The best way to avoid becoming a victim or perpetrator of spam is to eliminate spam from your news feed. This requires you only friending people who are careful where they click. John, of course, lets spammers go on spamming as he adds more and more friends. You, however, should be careful who you add. If a friend shares some spam, inform them in a friendly way that they may have made a mistake. If it keeps happening, unfriend her or him.
Something else to remember: If you wouldn’t tell someone in person that you’re going to be out of town, don’t use Facebook to do so. If your Privacy Settings are set to “Friends of Friends”, you could be sharing your travel plans with thousands of people when you post them on Facebook. Before you post anything, ask yourself, “Would I be okay if all the friends of my friends’ friends knew this?” If your friends are anything like the average Facebook user, you could be thinking about more than a million people. (The average Facebook user has 120 friends. 120 X 120 X 120 = 1,728,000 friends you could be sharing with.)
6. Never use a password that is in the dictionary or could be guessed by a friend.
We’re back to passwords again because they can tend to be a weak link in many users’ security. And this weak link can be easily strengthened. The number of people who use “password” or their first name to secure their accounts is mind-blowing. Even John wouldn’t be that silly. It’s just as silly to use any word in the dictionary. Why? Because when a hacker uses a program to figure out your password, what do you think it tries first? Your passwords have to be unique and complex. They should also not be anything that could be guessed by a friend. If someone you know can guess your password, a stranger might be able to do the same thing by studying your Facebook profile.
7. Keep an eye out for Phishing Scams, even when you’re on your phone.
A Phishing Scam is a sneaky attempt to get you to turn over your financial data to criminals. That’s right crooks have found that Internet users, like John, will occasionally just hand over the account information needed to commit credit card fraud. All they do have to do is pretend to be a trustworthy site with official looking graphics and people fill in the forms and click submit. The best way to avoid Phishing scams is to check the URL of the webpage you are on to make certain it is on the domain of the bank or institution you think it is. Also, be skeptical of any email that contacts you asking you to change your password. If you’re ever in doubt, contact the institution directly. All of your accounts have values to a scammer, so keep in mind that you can even be phished for your Facebook account—and even when you’re on your phone. That’s why our Mobile Security blocks such scams.
8. Password protect your Wi-Fi network.
There’s plenty of good reasons to secure your home Wi-Fi network. You don’t want your neighbors to have access to private info. You don’t want strangers to slow down the connection you’re paying for. You don’t want people to use your connection to take part in illegal activities. The only reason to leave it open is if you want to give someone like John access to your digital life. Here’s how to set up a security key for your wireless network.
9. Don’t open strange email attachments (without scanning them).
The first computer security rule you probably learned was “Don’t open email attachments from strangers.” This is still true—even though John forgot it long ago. In fact, targeted attacks that use social engineering and profile their victims are becoming more advanced all the time. You should still refuse to open any attachment that you were not expecting. If you feel you must open an attachment, download it to you PC and scan it with your Internet security software first. Here’s more on how to deal with email attachments.
10. Don’t expect anyone else to protect your privacy.
Do you blame your telephone when you use it to tell someone something you shouldn’t? Then you can’t only blame Facebook when you post information that may cause you trouble. Even when you use the privacy settings correctly and keep your account under control, your information is only as secure as the people you share it with. If you need to share any information that could cause you trouble at work or could be used to answer your security questions, use private messages, email or even that old-fashion marvel the telephone. And never, under any circumstances, shout your password in public through a megaphone. John still hasn’t learned that one yet.
Which of these tips is most important? Which is John least likely to follow? Let us know in the comments.
After F-Secure principal security consultant Tom Van de Wiele stepped into the #CyberSauna for the second episode of…
January 19, 2018
The email subject line says “Scanned from Lexmark” and the attached file is “image2017-11-23-9292134.7z". Seems…
November 29, 2017