Keeping Your Information Safe Online, Some Strategies
>In light of Sony's security breach last week it's clear that Internet security is a major issue and work clearly needs to be done, and done quickly, on implementing new web security standards, for instance the authentication of email which people have been talking about for years. Not to mention the fairly obvious increase that's required in the protection of web servers and the distribution of information across those servers to help secure it from hackers.
That said, it's done now and a massive 77 million people have had their personal information exposed. We still don't know how much information this includes and what it could be used for. One thing is for certain, people such as the 'security expert' who went on the BBC this week and said if you haven't seen fraudulent transactions on your credit card yet you're probably safe, are just idiots. How quickly do these people think criminals can get through 77 million records?
I thought I'd write up some strategies here to help keep you and your personal information safe online. Some of these you will be able to implement and some you won't, but in conjunction they ought to make you safer.
Keep your email and online files password safest
This isn't just to do with Spam, it's something I wrote about here a few days ago. Create yourself a super-strong password (see below for advice on how to do this) that you use only for your email, contacts and anywhere that you store documents online, such as SkyDrive or DropBox. It's essential to keep this information safe. You are being trusted by others with valuable contact information attached to your email account for, sometimes, several hundred other people including their full addresses, mobile phone numbers, dates of birth and more. This isn't to mention any personal financial or other sensitive data you're storing in your online files.
Use different passwords in different places
This isn't always easy to do as people have trouble remembering passwords so tend to have just one or two. There's nothing to stop you writing down a list of passwords in a file on your phone (if you have a code lock on the handset) or at home if you have them in code. For instance you could have the letter s appended to the beginning of the password. To any glancing eye it just looks like an extra letter on the code. You will know that is the password you use for shopping websites. A g could signify gaming websites and so on. While remembering passwords might be a pain when away from home and on new computers, your own computer equipment will usually remember the passwords for you.
Create a strong password
The strongest and most secure password follow the same rules...
- Make it at least 10 characters in length
- Use a mixture of Lower and Upper-case letters
- Use numbers (you can substitute some for letters too, 0/o, 1/i/l, 5/s and so on)
- Use symbols (which you can also substitute for letters, $/s, _/L, #/o for instance)
- Do not ever use the following (common words, names, date of birth, the word password)
One thing to note with this is that many websites still won't allow you to use certain characters (usually *) in passwords.
Never use your banking passwords or PIN
Your banking password and card PIN number are for your banking ONLY. Do not ever use them on any other service or website!
Minimise the information you share
This can be difficult. On websites such as social networking it's easier to do and you should never share...
- Address
- Phone numbers
- Date of Birth
But sometimes, especially in the case of a website you'll have financial dealings with this is unavoidable as they need your date of birth and address for security. Go back to my previous rule about different passwords for different websites for this situation then.
If a web service is hacked though any and all information that you share is vulnerable. If you must give away this information to validate yourself on a website can you remove or change it afterwards? Will the website's service still work for you if you later log into your account and either remove the information completely or change it, perhaps by changing the phone number to 12345?
Be careful with usernames and email addresses
You can inadvertantly share useful information in your email address and usernames. It's common for someone to append their date or year of birth to these. Always avoid doing so!
Use online banking
If you use online banking you can keep a much closer eye on transactions on your accounts. Rather than have to wait up to 30 days for your statement to arrive, online banking will usually show you the most recent transactions whenever you log in. This is an excellent way to see if someone is fraudulently using your credit or debit cards so that you can inform the bank promptly and have those cards cancelled, minimising the economic effect on you. Remember it can take the banks a while to refund money to you.
Reduce the surface area for attack
Again this is something I wrote about at the beginning of the week. Try not to sign up for every website and web service going. Don't spread yourself out on the web so far that you'll never remember where you have accounts. Keep and eye on your email and junk folder. Occasionally these websites will send you an email and you can use this as a reminder to go back there and either remove or replace any personal and sensitive information, or preferably, just close the account completely.
Be vigilant
To be honest there's absolutely nothing you can do to prevent a hacking attack such as the one that recently hit Sony. It could happen to any company at any time, no matter how big or small they are. The trick is to not have the information that can be exploited avillable to begin with but this is rarely easy in today's Internet age. The best advice I can give is simply to be vigilant and aware of what's going on with your banking and your accounts. With these simple rules you won't be completely protected, but you can at least minimise the damage if something does go wrong.
Advertisement
For me, the best strategy to be safe online is to be a proactive user – prevention is still better than cure. Read and be knowledgeable about online threats and you’ll be the safest. In the Internet, ignorance is not a bliss. And there are lots of useful information you can get online – so you dont have any excuses.
Most of the time, people who fell prey to identity thieves, scammers, spammers, and hackers are those who have little or no knowledge about online security issues. OF course, anti-virus, anti-spams, and other security tools can help. But it still depends on the user.
Also, if it’s good to be true, then it probably is. So, stay away from get-rich-quick schemes.
If you’re talking about “creating strong passwords” I think you and your readers should read this article:
http://www.baekdal.com/tips/password-security-usability?
I have to admit, that I haven’t read it fully yet, but I got to comment to such points:
“Make it at least 10 characters in length
Use a mixture of Lower and Upper-case letters
Use numbers (you can substitute some for letters too, 0/o, 1/i/l, 5/s and so on)
Use symbols (which you can also substitute for letters, $/s, _/L, #/o for instance)”
Some users try to do that, while others use “12345” the may add “6” if the password has to be that long.
Some sites do not allow more then 12 chars, some do just allow upper/lower and numbers. Which is the most critical point for users which are concerned about it. The sites have to support it.
I really dislike sites that limit the password to six, eight, ten or twelve characters. My passwords on sites with no length restriction have 20+ character.
I know what you mean about TV ‘experts’. Just this morning in a news item about the Sony incident, they warned people never to use the same password twice. Fair enough. At which point the well-known female presenter came out with “Oh dear – I use the same password for absolutely everything!”
Well done you brain-dead bimbo – strike one for being stupid about passwords, strike two for telling several million people they only need find one to have them all! Their ‘IT Correspondent’ made no comment at all on her public admission, other than to nod sagely and agree it was ‘probably’ very common. We can only hope he had a quiet word with the lady on the way out.