Don’t be a victim online – get smart
24 Jul 2016
A few simple practices can increase the security of the average citizen. Ignoring them makes you a victim waiting to happen.
Not a week goes by without a report of a cyber attack revealing sensitive information or damaging an organisation. This can be extremely daunting for the average citizen, who although they are all too well aware of the risks on the Internet, doesn’t know how to effectively counter these threats. This can lead to two different responses, neither of them helpful. For older people it may mean a reluctance to engage with the Internet at all, cutting them off from a world of opportunity and experience, often hugely enabling for those less able to leave the home. For current Internet users it can lead to a “head in the sand” approach where users simply hope the next attack won’t happen to them.
Beyond installing, and regularly updating, an antivirus package from a reputable vendor, there are a number of basic steps the consumer can take to make sure they are secure on the web or using apps on their smartphone, allowing them to interact securely without becoming the next victim.
Personal information, or Personal Identifiable Information (PII) to use the technical term, can be a goldmine for criminals looking to spoof our identity, it’s vital that citizens protect theirs. That doesn’t mean paranoia, but a sensible approach to disclosure. On social media sites like Facebook and Twitter, users should set privacy settings so only their chosen friends can see details. They can also restrict the amount of information they publish.
Phishing is now one of the most common types of computer attack, whereby a criminal pretends to be from a legitimate source, often a bank or utilities provider, to trick customers into giving out passwords or even making a direct payment. As a very basic rule do not respond to anyone requesting your banking ID, account numbers, username or password, or passport ID, be that by SMS, email or an old-fashioned phone call. Most reputable banks make clear that they never ask for this information in whole after your account has been set up.
Buying goods and services on the Internet is now a daily event for most of us. We routinely present credit card and other personal information to complete transactions. One simple method of ensuring that your information only goes to those who need it is to ensure that “https://” appears in the address bar as part of the website address. This means that the website is encrypted and your details are less likely to be seen by criminals. At the same time remember not to save your credit card number with any site, even if it’s an inconvenience for you. Many large e-commerce providers have been hacked and millions of credit card numbers have been compromised. A good test to see if the e-commerce web site is legitimate or not is to enter the credit card number incorrectly the first time. If the site is run by a hacker or it’s compromised, it will just accept anything you type, without checking its validity. If the site if legitimate, it will check and realize the credit card number you entered is not valid and will return a proper error message. At that time you could go ahead and enter the right credit card number.
Anyone who lives in a big city will have seen the long list of wireless networks that appear whenever we turn on a device and look to connect. A criminal can see the list with your wireless information too. Make sure that both your wireless networks and devices are password protected with a strong password using multiple numbers and cases, and with no obvious relationship to your personal information. This doesn’t just mean PCs, but also devices like printers and scanners too. The best home encryption uses WPA2 and AES so lookout for those designations when you purchase your next wireless router or components that connect via WIFI. Remember that while not at home, you are always more secure using your smartphone’s data service than connecting to public WIFI networks, even if they are password “protected”.
Many public places like restaurants and hotels for example offer free WIFI service for their customers. Even if those networks are “protected” by a password, remember that the WIFI encryption is ONLY between your mobile device and the wireless router of the network (hotspot) you are connected to. Also, in many cases, the hackers setup fake WIFI networks, with similar names to known, existing networks in the hopes to lure customers to connect to them. At that moment, they will have access to all the communication passing through that network if it’s sent in the clear, without any kind of encryption.
Even if the WIFI network (or hotspot) is legitimate, the WIFI encryption ends there, at the WIFI access point, and will not protect your communication beyond that location. As mentioned before, look for the “https://” in the address bar of the web site you are connecting to. If you do not see it, refrain from entering any PII in any form or field on that site.
Where permissible by law, and especially while traveling through airports and to a foreign country, it is highly advisable to make use of a proxy/VPN software that will create an encrypted tunnel between your mobile device and the VPN provider, protecting your Internet searches, web site visits and forms, and communication via various apps. Just a reminder that the VPN software will NOT protect your voice calls or your SMS messages so consumers should be careful what type of information they send via those channels.
Security doesn’t end at home, more and more of us access the Internet from our smart phones and the old tower PC sitting in your study may become a thing of memory sooner than we think. When using a mobile phone, use an antivirus apps. Encrypted messaging apps like Whatsapp, Wickr, Threema, iMessage, Signal, etc, where they are allowed by law, provide an excellent method of keeping SMS and conversations secure. Never download an app from a not trusted source as they could be full of malware which will compromise your device and PII immediately. At the same time, when installing an app, be aware of the permissions the app is asking for on your mobile device. If you do not agree with giving those apps access to your SMS history, phone calls, pictures, etc, then do not install them.
The Internet may still be more of a jungle, than the policed reality of the physical world, and it’s impossible to avoid all risks, but there’s no need to make yourself a victim either. By implementing the tips above most citizens can ensure they don’t easily fall victim to the next criminal attack.