Tuesday, February 4, 2014

Why worry online? You're safe right?

Like many IT professionals, I get questions all the time from friends and family about their computers or devices. I seem to be constantly giving advice and assistance on what they should buy, why their computer or device doesn't seem to be working properly, or how to fix a problem they are having.

All this is great and I truly love helping my friends and family when I can. But, like most of my techie friends, there is only so much time in the day and at some point being a free tech support becomes too much.  So, I thought I might write a couple things here to help answer some of these techie type questions and give a techie perspective on things.  Hopefully someone might find these useful and make both their digital and physical lives better in the process. 

Ok, to that point, the first topic I thought I'd share some thoughts on is being safe online.
First let me ask you a question, how safe do you consider yourself online? Is your version of safety like these two youngsters shown here?

Maybe you use multiple passwords for all your accounts, you try to stay away from shady websites, when viewing an email from an unknown sender you don't open attachments, and you run anti-virus software. Does that sum up your view on online security? Maybe you also have firewall software running too. All these things are good. Do you also have the thought that, "this is good enough, why would anyone want to hack into my accounts anyway?  I don't have anything important." 

That's one of the biggest farce's that we tell ourselves. The truth is that anyone and everyone who is online is a potential target. The question is, how temping of a target are you? The more important you become, the easier it is to "hack" into your accounts do to lax security on your part, or the more valuable the information is which is associated with your accounts then the higher the likelihood is that you will become the target of an attack attempt.

Attacks are not always just about gaining access to your financial information.  An attack could be to gain access to your account for purposes of gathering information about you or your contacts, they could target specific accounts in order to find out a very specific piece of information they could then use to access another of your accounts which contains more valuable information, say your email or your credit card.  This is called a Social Engineered Hacking.  In this case they are not cracking a password but circumventing the system by gaining access to your other less secured accounts to gain information like the last 4 digits of your credit card, your mailing zip code, or even answers to your security questions.  With this kind of information they could then reset your password on the account they want to access and then gain access to that account.  Once in, they can do whatever they want.  Delete information stored online, send malicious emails, deface websites in your name, post hate blogs, etc.

With weak passwords, hackers do not even need to go to these extreme methods to gain access to your email.  You might think that your email is safe because you don't have anything in it that is worth reading.  But the truth is that hackers don't care about your email.  They do want your email address in order to use it to send bulk spam out to all your contacts, as well as whomever else they want.  This is one way that spamming gets out of control and why it is so hard to catch spammers.

So what can you do?  Is all a lose?  Should you bury your proverbial head in the proverbial internet sand?  or maybe even go cold turkey and cut off the online addition all together?  While going cold turkey is probably the safest, it really isn't practical these days.  So the question really is what to do, and the answers really aren't all that hard.  Well, I say that, but the truth is that you can take some relatively simple steps to keep yourself relatively safe online.  But nothing will keep you 100 percent safe from digital threats as long technology is a part of your life.  Don't believe me, go do a little research on the Stuxnet virus (http://en.wikipedia.org/wiki/Stuxnet) and ask Iran how that worked out for them.

So what can you do to be safe?  Well here are a few simple things to do:
1) Have a unique 20+ character password for each of your sites or applications.  Anything below this is easily hacked.  I could bore you with the details, but trust me when I say this.  And those of you with the password of "Password123", just stop it, ok?

2) Store your password in a secure online password safe, like LastPass (http://www.LastPass.com).  No one can have a unique 20+ character password for every site or application and hope to possibly remember what each and every password is, so instead, remember a single password and let a password safe remember them for you.

3) Use a Sandbox tool like Sandboxie (http://www.Sandboxie.com) to browse the web in a more secure way.  Using something like this will wrap your browser in a sandbox and this will in turn keep any malicious code running from a website or attachment from accessing your computer and infecting it.  This offers much better protection then an antivirus which attempts to "clean up" the virus after the infection has already occurred.

4) Follow the Elmer Fudd approach to opening attachments, Be w'ery w'ery careful, we're huntin' w'iruses!  Remember that ANY attachment, even those from known contacts, could contain viruses or malicious code.  If at all possible, open all attachments in a secure browser or in a sandboxed environment.

5) Do not browse to any suspicious websites.  If something looks strange or you think you are being taken to a website that isn't where you expected to go, don't hang around and click on things.  The best thing is to close the page and open a new page in a known/familiar location, like (http://www.google.com).

6) Do not trust free or open public WiFi.  Feel free to use it to check the latest sports scores or traffic status, but never ever access your financial information over a free or open public WiFi.  These networks are very easily hacked and are a huge source for theives to steal your ID, passwords, or financial information.  Be careful and just assume that on these types of networks someone is always reading or watching every single thing you do.

7) Last but not least, please also remember that Email is NOT secure.  Do not send anything of a sensitive nature via email, EVER!  Email is always sent in pain text mode, meaning that anyone who intercepts that message can view the contents of that message.  Nothing that is sent via email should ever be considered private.  Emails are constantly being intercepted and read, and not just by the NSA.  So if you don't want unknown people reading your private stuff, then don't send it in an email.

So there are 7 simple things that you can do to be a little safer and more secure online, starting today.