09 May Cyber Smarts
Five ways to protect yourself from hackers
by Mindy Charski
You’re not the US government or a global corporation, but that doesn’t mean your computer and the information on it wouldn’t interest cybercriminals.
In fact, with so many ways to profit off you, hackers have many reasons to be interested. They could hijack your machine for mischievous exploits, for instance, load malicious software that holds your content hostage for a ransom, or sell your personal information in underground markets that trade in all kinds of data, including medical records and airline points accounts.
Potentially being in the crosshairs of people who are constantly finding new ways to wreak havoc and avoid detection sure doesn’t feel great—but you can take defensive measures.
“We want people to stay engaged and feel like they can make a difference in their security,” says Kristin Judge, director of special projects and government affairs for the National Cyber Security Alliance, a nonprofit that promotes cybersecurity awareness. “There’s a lot you can do in just a little bit of time [to protect yourself].”
Here are five ways to reduce your chances of becoming a victim.
1. Strengthen your password management
Passwords that are easy for you to remember could also be easy for crooks to figure out.
Judge is a proponent of passphrases. These generally include multiple words and more characters than the typical password. For instance, this sentence could be a passphrase: “I like chocolate ice cream on sundaes.”
She suggests boosting the passphrase’s power by substituting some letters with similar symbols or numbers, such as a dollar sign for an “s” and the number three for an “e.” And consider adding a letter at the end related to the account for variety, like using g for Gmail, she says.
Using different passwords for various websites is important. Otherwise, a breach for one could mean a breach for all.
“It goes across into the work environment because a lot of folks will use the same passwords at work that they use at home,” says Mari Galloway, director of finance and communications at the Women’s Society of Cyberjutsu, a nonprofit that empowers women to succeed in the cybersecurity industry.
You may find it helpful to install password managers like LastPass or Dashlane that can generate and store passwords for multiple websites.
2. Use two-factor authentication for online accounts
Passwords are one way to “authenticate” who you are when you want to check email or visit a website that requires a log-in, but if someone does nab your password, you’re not necessarily out of luck, as you can—and should—add another level of security.
Many email clients and websites now offer a security process called two- factor authentication. They may text your phone a one-time code for you to enter when you log in, for example.
“The number one recommendation I can make right now is to add two-factor authentication to your account,” says Judge. “It’s like putting an extra dead bolt on your door. If someone tries to get into your account who is not you, they won’t have that second factor with them, and it can make a huge difference in your security.”
Sometimes two-factor authentication can be burdensome, but Judge warns that cleaning up after a hack—like if your identity is stolen—would take much more time and effort.
If you’re only going to add two-factor authentication to one account, Judge says it should be for your email. “That is your crown jewel,” she says. “If someone gets into your email account, they can reset all your passwords and the password resets come to your email account.”
3. Be vigilant with emails
Today it’s very easy to open emails from criminals who are posing as trusted individuals or institutions to trick you in what’s known as a phishing scam.
“Phishing is the biggest attack vector there is these days because so many people are gullible to emails that look like they’re from the bank they deal with or a friend,” says Loyce Pailen, a professor at University of Maryland University College and director of its Center for Security Studies.
Hackers may want you to share sensitive information like your credit card number or your bank account’s password. Or they may want you to click on links or attachments that load malware onto your computer.
Though it’s tempting to rush through emails, slowing down and being on guard can save you a world of hurt. It’s important to look for clues that an email may not be from a trusted sender. Glance at the email address, not just the sender’s name, to see if it looks suspicious. Spelling errors, random characters, bad grammar, and blank subject lines could also be tip-offs.
Likewise, you should think twice about odd requests. “The CEO of your company is not going to send you an email that says, ‘Hey, I need your password,’” Galloway says. “And your bank is not going to send you an email that says, ‘Your password has been compromised and click this link to reenter your credentials.’” If you’re unsure about the email’s legitimacy, verify it with the purported sender.
4. Limit what you share on social media
Your kid’s name, your hometown, your company name, and the place you visited last summer on vacation are all pieces of information that hackers can use to harm you.
Those kinds of tidbits can help them tailor phishing emails, for example. It’s easy to think an email that refers to your daughter by name really is from her school.
Another reason that sharing too much personal data is risky is because hackers know many people use it to form their passwords. “They have the time and the opportunity, so they can just take that information and put it together to see what your passwords are,” Galloway says.
5. Arm yourself with technology
Four security technologies can also increase your protection: firewall, antivirus, antimalware, and antispyware. Many companies, including Webroot and Norton, offer products with all these features. “It’s like putting a lock on all your doors, maybe alarms on your windows—it’s putting on as much as you can to keep your computer and information safe,” Pailen says.
The features are often bundled together, so research your options. “At a minimum, you want a tool that can try to monitor all that for you,” Galloway says. “You don’t want to have to get four or five different tools just for your home laptop.”
In addition, don’t ignore the prompts asking you to install system and software updates. The new versions may fix security vulnerabilities that criminals could otherwise exploit.
It’s also a good idea to back up your operating system and data in case you’re hit with ransomware, the malware that encrypts data and makes it readable again only after the owner pays a ransom within a designated time. Having a backup enables you to keep both your money and your files.
Ultimately, maintaining a cybersecurity mind-set and being proactive can help you protect not only your home computer but also the slew of Internet-connected devices that will likely come into your home and could already be there in the form of baby monitors and thermostats. When you’re aware of the risks, you’ll recognize the need to change the product’s default password, for instance.
In the end, while hackers may be experts at adapting to new technologies, the good news is you can be, too. DW
Mindy Charski (@mindycharski) is a Dallas-based freelancer who specializes in business journalism.