Safe Internet Practices
By William R. Cunningham
Many people have suffered loss because of malicious activities originating from an internet resource, such as email hacks, stolen money, etc. I could tell you horror stories of people who were tricked into paying lots of money to restore their systems and even those who let strangers remotely connect to their systems.
A few years ago my family went on vacation in Florida where we rented a vacation home. A few minutes after arriving at the house and while we were still unloading the van bringing suitcases in, the phone rang. I picked it up thinking that it may be the vacation home company checking in on us. Instead it was a person claiming to be from Microsoft who tole me that they discovered a problem with my computer. Keep in mind this is a vacation home and there was no computer. I told him that he called a vaction home and I do not have my computer hooked up yet. We were unpacking! He insisted that there was a problem with my computer–he was a foreigner with a thick eastern accent. He began asking for information when I asked him to tell me the IP address of my computer. He couldn’t do it and eventually he gave up. Some of you may have received a phone call like that and still others were fooled by it and began allowing the person to connect to their computer. This is just one example of why you have to be on guard regarding the use of technology and why it is also important that you use safe practices while using internet resources. In this article, I will provide you with some basic practices to help protect you while you use internet resources
Use Strong Passwords or Passphrases. Do not use weak passwords. For example, people may use a password that contains the initials of their children and their birth date, use “password” such as a password, or do not change the default password of devices they purchase, e.g., broadband router. I’ve come across people and companies that put the password for logging onto their laptop on a piece of paper taped to the laptop! Realize that hackers can get into a system by gathering information to guess a password so don’t make it easy for them.
Create a password that is cryptic, but has meaning to you. The password could be a series of letters, numbers, and symbols that represent a phrase or the password could be a phrase itself. For example, your password could be “Ilte@6ite,” which means “I love to eat at 6:00 in the evening.” Use capital letters, lowercase letters, numbers, and symbols in your password to make it hard to guess or crack. Also change your password periodically.
Ideally you would not use the same password for all of your resources, though I admit it can be quite exhausting to keep track of all of your passwords. Fortunately there are password management software that you can purchase that will make that task a lot easier. An example of one of these is a program called RoboForm (www.roboform.com). Your antivirus program may also have a password manager included.
The ultimate goal is to create passwords that are not easy to guess. Ideally it is preferred to use pass phrases instead of mere passwords. Of course never give your password to anyone (except perhaps your computer support personnel). Also change your password regularly, but not too frequently. If you change the password too frequently then you are likely to generate a password that is sequential and again easier to guess. For example you may generate a password such as “Tmusi@1” and then “Tmusi@2” and then “Tmusi@3” etc. In this case your password really didn’t change.
Do not save passwords in your browser. When you fill in a username and password for a restricted resource on the Internet, you may get a prompt from your browser to save the credentials or password. Never do that. If someone else should gain control of your computer by hacking your user account, then they will be able to sign onto all of the resources for which you saved the credentials. Always manually sign in to resources that you use or use a password management program.
Don’t Click on Links in emails. You may receive an email from a malicious sender enticing you to click a link in the email, which in turn may download software or the like to install on your system. If you do that, then you have compromised your system and possible any other system connected to your network. Instead of clicking a link in an email, manually go to the site using your web browser.
For example, you may receive an email that appears to be from UPS or your bank or a company that you are familiar with. The email appears to be legitimate in that it has the company logo and other such items that you have seen before. In the email there is some text and a link for you to click on for whatever reason. However, if you click that link you may be taken to a malicious website and you may be tricked into downloading and installing malicious software.
In some cases you may determine where that link actually points to without having to click on it. In Outlook, for example, you can hover over the link to see where the link points to. You may notice that the domain that it points to has nothing to do with the domain of the company that it is purportedly from. The general rule is never click on a link in an email. Instead manually go to the company’s website (assuming you have an account with the company) and sign on normally. You should see the same message or alert that is in the email if it is legitimate.
You should also NOT open attachments from emails that you do not expect to receive. They too may contain links to malicious sites or they may be malicious themselves. You can always download the attachment and scan it with your antivirus software if you are not sure. Though just because there are no viruses in the attachment, does not mean that it isn’t part of a malicious scheme or phishing attempt.
Be very careful clicking on ads on websites that you visit. Those ads could lead to malicious content. Some if not many ads are legitimate, but some lead to malicious content.
Ensure that your antivirus software is up to date and that you are using a good one. Merely having antivirus software installed on your computer does not mean that you are protected. Your protection is only as good as the last time the software has been udpated because new viruses are created daily and if your antivirus has not been updated for new viruses then you will not be protected from them. Research and use reveiws of antivirus/Internet security software to help you decide which one to get.
Do not allow your children to use the computer you use for banking or other sensitive activities. Children will visit many sites and potentially download viruses as they download games or visit social websites. Therefore, it is not a good idea to allow your children to use the same computer you use for paying bills, for work, etc. Even if you must, they should have their own non-administrator account. Again, I have had to restore many computers where the parent let the children use the computer. Each person should have their own account on the computer and the children should not have administrative privileges on the computer.
Back It Up! This is so simple and yet so many people fail to do this. Ensure that you have a backup software on your computer that backs up your files to the cloud or to a another disk drive, e.g., a portable disk drive. This way not only will you be able to restore your files if there is device failure, but also if your files were infected by a virus. There was one occasion where a computer was infected by the cryptolock malware. However, because there were backups there was no loss of data. On another occasion, the company did not backup their data and was helpless after the crypto virus encrypted all of their files and demanded a ransom to unencrypt them. So backup your files. That is the first line of defense for protecting your data.
Reggie’s PC Resources is a reseller for Carbonite backup and I would be happy to get you protected by securing a backup solution for you.