These days, with the advancements of technology, it can be hard to keep up with security online. Follow these 10 tips to ensure that you’re safe no matter what you or your family members do online:
Text: Kenny Chee, The Straits Times / Additional Reporting: Atika Lim
One of the cardinal sins when it comes to cyber-security is to use a weak password that is short and made up of words found in the dictionary.
Using passwords that are easy to guess are a no go, too, because it makes it that much easier for cyber-crooks to use software to figure out the user’s passwords.
Notorious examples to avoid at all costs include: Password, 123456, 111111, 123123 abc123, Admin and iloveyou.
Make sure your kids know this too!
Cyber-security experts advise using a complex password to secure online accounts.
To make a password strong, Sophos senior security adviser Paul Ducklin suggested using one made up of 12 to 14 characters. It should comprise letters in upper and lower case, numbers and “wacky characters”, which could include symbols like %, $, ^, +, – and *.
Macky Cruz, the security focus lead at Trend Micro, says users could string a few words from a phrase they can remember easily as a password, and then replace some characters with symbols and use letters in upper and lower case.
Passwords should also be changed on a regular basis, says Eugene Teo, Symantec Singapore’s senior manager for security response.
Another good practice is to use a two-factor log-in if it is available, suggests Eugene. This could involve a password and a one-time password generated by a security token.
Another bad habit among consumers is to reuse the same password for multiple accounts, says Macky.
This is problematic because a hacker can use one password to log into a variety of online accounts and pose as the victim. Things get worse if the crook accesses an online account linked to payment methods, as this means he is one step closer to stealing money from the victim.
People who have trouble remembering different passwords for different accounts might want to try out password managers, experts advised. These can use one strong password to manage several online accounts.
When her Cravings cookbook was released and sold to millions, Chrissy Teigen didn’t think that she’d be giving away her phone number to millions as well. As it turns out, her dog, Pippa, was in one of her photos and her collar featured Chrissy’s phone number.
Perhaps more worrisome is that with access to different online accounts, a hacker can start creating a profile of the victim. The hacker’s job is made infinitely easier if a victim publicly shares personal details online such as on social networking sites.
With that information, a crook could use it to guess security questions – such as asking for pet’s names a user unwittingly disclosed in a Facebook post – to online accounts to reset a user’s password.
Users who use personal information as passwords – like their birth dates or pet’s names – should be wary of revealing such details online for obvious reasons.
Consumers should avoid storing or sharing credit card information on retail, commerce, or social networking websites, says Eugene.
They should also not provide more information than necessary when signing up for an online account. If the information that the website has requested does not make sense, then it probably is.
When posting online, such as on a public forum or mailing list, do not share personal details, he adds, because information shared online can remain in cyberspace indefinitely.
Looking at an e-mail sender’s name is not a good gauge of whether the mail is bogus because it can look like the real deal.
More telling is the sender’s e-mail address. If it looks really strange and unrecognisable, chances are it is not legitimate. Any links and attachments in the e-mail should not be opened as well.
Also, if the message in the e-mail seems very terse and uncharacteristic of a friend, the e-mail is likely to be a fake one.
Such e-mails should not be replied to as well as it can be a signal to hackers that a user’s e-mail address is actively checked, so they might send over more spam e-mails.
Organisations typically do not ask for consumers’ log-in details, personal details or financial information in e-mails. Hackers do, however.
So, if such e-mails arrive seemingly from a bank or a retailer, they should be deleted. Users who are unsure should call up the organisations to check, although dialling numbers in the questionable e-mails should be avoided.
Other tell-tale signs include bad grammar and spelling mistakes in the e-mail message, urgent sounding e-mails, and e-mails from organisations users have no prior relationship with.
By hovering the mouse cursor over a web link without clicking it, it is possible to see its Web address. If the address comprises a string of numbers, it is likely a bogus link.
Fake sites and links sometimes have addresses that do not tally with the content or organisation stated in the e-mail. They may also contain spelling mistakes of the organisation’s name.
Legitimate sites that are secure also tend to have “https” in their Web addresses instead of just “http”.
Many Web browsers can also tell users if a website is legitimate. Typically, if a green padlock appears beside the Web address bar, it means the website has been verified to be run by legitimate organisations and is a secure website.
Eugene says some security software can also help verify if a site is a secure or malicious one, as well as determine if websites called up in search engine results are safe to visit.
If, like in eBay’s case, a user learns that a website he has an account with has been hacked and personal data could have been stolen, he should change his passwords as soon as possible.
The password should be complex and also not be the same one used for other online accounts.
Macky advises affected users to keep a close watch on their online activities and look out for any strange transactions online or in their bank accounts and credit card statements.
After a data theft incident, some concerned users might close their accounts to limit the risks of hackers taking over their digital lives.
However, it does not necessarily mean the information associated with the compromised account is safe. The data could still be stored somewhere.
Eugene says one consideration for users is whether their information on a website is encrypted from one end to another, and stored securely.
Users will have to do their due diligence to check that a website they want to sign up with is trustworthy. They could check out website policies and look at the site’s past history to determine if past data breaches or security issues have been reported before, says Eugene.