Security Awareness: Tips for Protecting Your Online Identity from Hackers

September 22, 2013   //   Managed Services, , , ,

Hackers are after your online identity. They want access to your e-mail, your online checking and even your Facebook account. It is increasingly common for attacks to come from other hijacked accounts and Facebook is a popular one. You get a message from your friend who says they’re overseas and had their wallet and plane tickets stolen, they need you to send them some cash. This is just one of many popular scams that hackers try once they have access to your online accounts.

So how do you protect your online identity from hackers? Passwords are obviously the first step and hackers have plenty of ways of stealing your passwords – social engineering and phishing scams, viruses or downloading an entire database of accounts from an insecure website or forum. Your best defense is a long password (9 characters or more), containing numbers, punctuation marks and letters (upper and lower case). Avoid using the same password for multiple accounts – your Facebook password shouldn’t be the same as your online banking website! You should also be changing your passwords regularly. Personally, I prefer to use passphrases, something like “You can’t touch this!” it fulfills the length and complexity requirements but it’s also easy to remember and fun.

Never give your password to anyone, period. Most phishing attacks are after personally identifiable information, passwords or simply money. They might appear to come from a service you use, like Chase or Amazon, but there’s a few simple ways you can tell whether an e-mail is actually from a legitimate organization. Never reply to e-mails requesting any personal information, including your social security number, credit card number, PIN or credit card security code, your mother’s maiden name or your password. If a company needs this information you should enter it on their website – never in an e-mail. Communication from professional companies generally do not contain spelling mistakes or grammatical errors and should never have unsolicited attachments. Do not open any attachment from anyone that you were not expecting! Check links before clicking them, hover your mouse over the link and check the status bar at the bottom of the page to see where it goes. If it’s an e-mail from Amazon.com it will read https://something.amazon.com/.

Make sure you regularly apply updates for both Microsoft Windows and your anti-virus software; this will keep those pesky viruses away. The truth is most malware that infects corporate networks today is not the result of surfing dangerous sites for illegal software or pornography, but legitimate small business websites that have been compromised by hackers. Small business IT teams do not have the resources to combat cyber-crime, and it may be weeks or months before the break-in is identified and offensive code removed from their website. These compromised websites then use known exploits for Java, Flash, Adobe Acrobat or internet browsers themselves to infect machines all over the country. Users can protect themselves by keeping their software up-to-date and recognizing warnings about unsecure websites and plugins.

What about protecting your information at home? The Mozilla Firefox and Google Chrome internet browsers will both disable older versions of plugins that could make your PC vulnerable and most home users will not need to use a specific application that requires an outdated, insecure version of Java. There are also password management services like www.LastPass.com which have plugins for Microsoft Internet Explorer, Apple Safari, Google Chrome and Mozilla Firefox. This service automatically fills in forms allowing the user to choose very long, random passwords. Finally, do not disable User Account Control (UAC) in windows; UAC is a security feature which helps prevent unauthorized changes to your computer. If UAC is enabled and a virus tries to infect the PC the user will be prompted to allow the change – if the user clicks “No,, the virus is stopped in its tracks.

Please join us for our next Managed Services event to learn more about how SWC is proactively monitoring and protecting our client’s environments and keeping their information safe. Or contact us today for more information on our IT security practice and services.

If you enjoyed this post, please take a moment to read some of our other posts about Cyber Security and Managed IT Services:

The Top Five Signs You Need A Managed Services Partner Or Are Ready To Outsource
2013 IT New Year’s Resolutions
SWC Managed Services – A More Strategic Approach to IT
The Fundamentals of Cyber Security