It’s not just government officials or celebrities who are at risk of being hacked anymore. In reality, anyone who is present on social media uses online banking, checks their email, watches TV online might get on the list of people that lost their privacy or money.
Criminal hackers are looking for an easy “in” that allows them to steal your privacy, data, and finances. They can use your devices for a botnet. They can install ransomware and charge you money to get your own files back.
The risks are out there. However, prevention is key. Understanding the threats is a must. Obviously, if you are a home user, your viable threats are different from that of a controversial political journalist. Therefore, it is important to assess what your needs are in terms of security. From there, you can take the necessary, realistic precautions.
Password safety: reset and manage
- Do not reuse or share passwords. If you must share a password (for instance, on Netflix or HBO), make sure that is it completely different from passwords you use for other accounts.
- You do not necessarily have to be changing your passwords all the time. However, if a website gets breached, or you suspect that your password may have been stolen, you should change it immediately.
- Use a password manager. It can be hard to remember a million different passwords for the millions of accounts we have. That’s why you should be using a password manager, such as LastPass or Dashlane. They generate unique, strong passwords for you so the only password you have to remember is the one to your password manager. One password to rule them all.
- Set up two-factor authentication (2FA). A good way to create another barrier between your account and a hacker. It requires you to input the password you know along with another, temporary code, that the company sends you. The only thing is that we do not recommend using SMS for 2FA. For the reasoning behind this, check out a previous post. Hackers can easily intercept this method with hacks are low tech and mostly rely on social engineering. Some websites, such as Twitter, only allow you to use SMS for 2FA. If this is the only option, you should still take this option. Regular folks are probably not as susceptible to this kind of hacking and it still provides an extra security barrier. Although imperfect, it is better than nothing. In a perfect world, the ideal way to use 2FA is through apps such as Google Authenticator. The apps make it much more difficult for hackers to access the constantly changing codes.
Patching: update and then update some more
- Go to your settings and update your programs to the latest version. Often, manufacturers release products with existing security flaws. Periodically, as these flaws are discovered, they release patches to protect their customers. When criminal hackers discover these flaws, they find ways to exploit them. The problem is that many people do not update their machines regularly, so even though the solutions exist, they are still vulnerable.
This was the case with the WannaCry ransomware. Microsoft had released the security patch that could have stopped the ransomware in its tracks back in March of 2017. However, when the attack occurred in May, many people and businesses had neglected to update their software and therefore fell victim to this large scale attack. The sad part is how easily it could have been mitigated. Even major institutions and corporations failed to patch.
- Set your software to update automatically. Make sure you are constantly up to date and as safe as possible without even having to think about it.
For Mac OS X: Go the Apple menu, choose System Preferences → Go to the “App Store” panel → Check the boxes for “Automatically check for updates”, “Download newly available updates in the background”, and “Install OS X updates”.
For Windows 10: Select the Start button, then select Settings → Update & security → Windows Update → Select Advanced options, and then under “Choose how updates are installed”, select Automatic.
VPN: don’t be an easy target
Be wary of public networks at coffee shops, airports, hotels, public libraries. There are many ways hackers can infiltrate your devices through these public networks. They can intercept your connection by way of a man-in-the-middle attack. Because the data that is transmitted is usually unencrypted, a hacker can easily see anything that you are doing on a public network. If you check your email, log in to online banking, or post on social media, all of that information is fair game.
Instead of connecting directly, use VPNs. A virtual private network routes your traffic through a middleman server. You can use either a paid or unpaid service depending on your needs.
Hard drive and data: backup and encrypt
- Backup your files. With all the ransomware disasters of 2017 (WannaCry, Petya, NotPetya), it is of utmost importance. Do this on an external drive while disconnected to the network. This way, even if you get ransomware, the files on your backup drive are safe and you do not have to pay a cybercriminal to get your own data back. Using a service such as Dropbox is another great way to go. For more on cloud storage solutions, check out this post.
- Encrypt your documents. For most, it would be catastrophic to lose access to their data. Still, it could be even worse if that data gets into the wrong hands. This does not just apply to high ranking CIA officials. If your data is not encrypted, someone could steal your laptop or hard drive and immediately, all of the information is theirs. They could even do this remotely. For example, this business man had his company sabotaged because malicious ex-coworkers were able to get a hold of his data. This is where encryption comes in.
In order for a hacker to read encrypted data, they have to have access to a secret ‘key’ that lets them decipher it. Without this key, the files are completely illegible.
For Mac users with Mac OS X 10.3 and later, there is a built in disk encryption option called FileVault.
For Windows users, there are other simple alternatives. You should also be encrypting your backup option, which varies by your preferred method.
Antivirus: install and update
- Install antivirus (AV) software to your computer. It is important to have this barrier if you surf the web because we are constantly bombarded with malicious traffic. Yet, there are serious limitations to AV. Traditional AV software only protects devices that you can install it on: usually your laptop. However, it leaves the slew of other internet connected devices in your home completely unprotected. This means smart TVs, thermostats, door locks, and baby monitors are left completely unprotected. They can act as entry points for hackers to get into your home network.
- Keep your eyes open. Additionally, anti-virus software can only protect against hacking methods that have already been used and identified. The problem with this is that hackers are clever. They are constantly updating their techniques and finding new ways to sneak into your system. Therefore, AV software often fails to protect against serious new attacks.
Common sense: a remedy for most problems
- Do not open an attachment unless you know the sender or are expecting said attachment. Do not open emails that seem suspicious. If you receive an urgent email from your bank, asking you to reply to the email with secure information, call your bank immediately. Do not, under any circumstances, reply to an email with a password or bank account number. If there was a genuine problem, an email from your bank would redirect you to their secure website.
- Check the link before clicking on it. Before you are about to click a link, hover over it and make sure the URL matches the address you want to visit. One of the main ways that hackers infect your computer is by taking advantage of people and sites you trust. If they can impersonate one of these people or websites, and get you to click their malicious link, your computer is immediately infected. If you receive a strange file, you can save it to Google Drive and open it there. That way, if the file is malicious, it is saved to Google Drive instead of your computer.
- Don’t overshare. It is easy to share every little thing that you do on social media, from the latte you drank to when you are going on vacation to the name of your pets. Please remember that once you put something out there, that’s it. There is no saying who has access to it. Keep that in mind before posting your home address or specific details about your life.
- Keep your pet’s name to yourself. Posting information such as birthdates, graduation dates, or mother’s maiden name can be dangerous because they can be used in social engineering schemes. The more a hacker knows about you, the more likely they will be able to answer well-crafted security questions or even call your phone company pretending to be you.
In the case of online security, ignorance is not bliss.
Keep in mind this 10 pieces of best advice about staying safe online:
- Do not reuse your passwords
- Change the passwords when you hear about a threat
- Use a password manager
- Set up two-factor authentication
- Constantly update your programs to the latest version
- Don’t connect to public networks
- Use VPN
- Backup your files
- Encrypt your documents
- Install antivirus (AV) software to your computer.
Oh, and by the way: we work at CUJO because we believe it’s the best tool to protect your home and family from hacking, malware, and other online threats.
And it is.
- Your smartphones, laptops, tablets, gaming consoles and smart gadgets are safe
- Your financial and personal information is guarded from hacking, phishing, malware
- Your kids are protected from threats online
Follow us on Facebook and get more useful tips and exciting tech industry news!