“Something doesn’t look quite right… Can you help?” It’s a common start to conversations in our line of work, and most often springs from an online security issue.
The truth is, we don’t mind helping but we also want you to feel informed and empowered. That’s why we’re compiling a series of blog posts with online security tips and tricks ranging from basic information for novices to wisdom even the tech-savvy can utilize.
Online Security Basics
1. Use a Secure Connection ( https:// )
Before signing in to a password protected site like your email or website administration dashboard, check your browser location bar. Make sure that your site starts with “https://”. It appears green in most browsers and may also include a lock icon.
The “s” in https:// indicates an added level of security and encrypts submitted user data, ensuring a secure transfer between browser and server. Before you submit any personal information, it’s a good habit to always check for the “s”.
Some browsers are making it easier to know if you are on a site that is not secure. Chrome has already rolled this out for pages that collect passwords or credit card numbers.
2. Create Strong Passwords
Yes. It frustrates everyone to create so many different, and often changing, passwords with capital letters, symbols, numbers, etc. But consider the information you are protecting: access to finances, family contacts, and personal data. If you have a website or blog, prioritize protecting access to the dashboard as well.
Don’t underestimate the tools being used by hackers. You may imagine someone guessing what your password might be, typing in an option, failing, then trying again. “How could they ever guess my cat’s name? I don’t ever post photos of Mitsie on Facebook.” In reality, savvy hackers can use very average equipment to discover weak passwords. Something like “m#tsieEats24sevn!” is much stronger. In addition to being more secure, passwords that contain longer phrases instead of single words are generally easier to remember.
Save yourself the hassle and potential expense or heartache. Create strong passwords. Here are some solid tips:
- Use 12 or more characters.
Try coming up with a phrase about something most people don’t know about you and that you would never post about on social media. i.e. You secretly love Joan Jett and sing along at the top of you lungs whenever you hear her on the radio. iSING2jj@10!
- Include numbers, symbols, and both uppercase and lowercase letters.
- Don’t use the same password for each type of account.
Modify the same password for each system you access (banking, work, email, social media, etc) i.e. iSING2jj@10!@thebank, iSING2jj@10!@work, etc.
- Never use personal information such as your name, username, or email address name.
- Never give your password to a ‘tech support’ person that calls you unexpectedly.
3. Learn to Avoid Phishing Attacks
Sometimes, hackers don’t even need to use software to crack our passwords. We simply give it to them. “What!? How?!” you may ask.
Cyber-criminals cloak themselves in things we quickly, but falsely, identify as reputable. Presented with something that looks genuine, we instinctively follow the directions presented by the hackers. For example, you may receive an email with an image that looks like a google notification. It looks official, so you click on it and are taken to what looks like the Google login page, but it’s not. Voila! You’ve just given the hacker your user name and password.
In the image below, the web address reads: data:text/html.https://accounts.google.com/service… This tricks an unexpected user because they see “accounts.google.com”. Seeing the initial content in this address: data:text/html… is the clue that this is NOT Google.
Remember that most hacking scams exploit our most common human weaknesses. We want to protect our accounts and will quickly respond to a notification that something is amiss. We also want to be courteous and professional. A message with an unexpected attachment from a friend or colleague’s email address inspires us to act through habit, a sense of obligation, or even curiosity to open the attachment. If your first thought is, “Why are they sending me this?” STOP. Recognize this as a red flag. And do not open the attachment or click the link(s).
Use this basic checklist to protect yourself:
- Be very wary of password requests.
- Setup two-factor authentication like a mobile phone number associated with the account or a physical key.
- Be wary of attachments and links contained in emails, even from trusted sources. As a general rule, don’t trust them and always have an antivirus software installed to scan attachments.
- If a company contacts you saying that you need to update your account or something similar, don’t click on the included link. Instead, open your browser and type the url to the company (or search if you don’t know it) and login from there.
Stay tuned for more
We’ll continue to share online security posts with more details, including case studies covering hacked and rescued sites. In the meantime, please feel free to ask us for specifics.