Fifteen ways to stay safe on the Internet
Picture
This week’s 60 Minutes broadcast included a segment entitled The Great Brain Robbery that described how a tech company lost millions of dollars – and nearly went belly up – due to a hack by the Chinese government. The malware was delivered via a trusted source: a high-ranking employee accepted bribes from the Chinese in exchange for sending an email to the company’s executives to which a virus-laden attachment was appended.

More than one of the addressees took the bait, which opened the company’s network to the hackers. They spied and stole the company’s valuable trade secrets, ultimately using the technology in a competing product that’s still on the market. What really stung is that the U.S. government is among the Chinese cyber-crooks’ paying customers.

Government-sanctioned Internet espionage encompasses all aspects of public and private computer networks. A report released today by Cisco Systems found that 92 percent of the company’s network devices were running software with known vulnerabilities. Yet the most vulnerable software remains browsers and their many extensions. CSO’s Maria Korolov examines the report’s findings in a January 19, 2016, article.

(In a September 9, 2014, article, I described “Three free browser add-ons that protect against cybercrime,” and another article from June 24, 2014, presented “The browser security settings you gotta change.”)

As Stephen Pritchard of the Financial Times writes in a July 24, 2015, article, not only is Internet espionage targeting governments and businesses rampant, it’s also far too easy. Malware purveyors are able to exploit vulnerabilities in software and hardware that were discovered and patched long ago, but organizations simply fail to implement the fixes or replace the insecure products.

Since there’s really no such thing as a secure Internet, you may be tempted to think that your only option for staying safe is to avoid going online altogether. Doing so is both impractical and unnecessary. With time, safer ways of conducting business and government via the Internet will arrive. Think of how much safer automobile travel is these days than it was back in the 1950s. Now think of how much safer cars will be once they’re able to communicate with others nearby in real time, not to mention when the human drivers are replaced.

Only you can prevent malware infections

There’s not much we can do about companies and agencies using unsafe networks. However, most computer infections result from “social engineering”: they trick a human into taking some action that causes the malware to launch and load itself onto the victim’s network. Here are 15 ways to minimize the chances that you’ll become a cybercrime statistic.

  1. Don’t click links in email. Instead, enter the URL in your browser’s address bar manually. To view the true URL of a link in an email, hover over it and look at the status bar of your browser or email.
  2. Don’t attach files to emails. Instead, share files via an online storage service such as Box, Google Docs, Dropbox, or OneDrive. If you must use email to send a file, convert it to a PDF beforehand.
  3. Make sure your antivirus, firewall, and other security software is active, and that your antivirus program scans automatically all downloads and all external devices you connect via USB. Better yet, don’t connect any USB storage devices to your machine.
  4. Make sure your software is set to update automatically. A favorite trick of malware purveyors is to take advantage of security holes discovered in applications. Patch early and often to prevent becoming the cyber-crooks’ next victim.
  5. Use a temporary credit card number for Internet purchases. PCMag.com’s Neil J. Rubenking explains the ins and outs of using virtual credit cards in a September 14, 2014, article.
  6. Sign up for a credit-alert service, or simply request a fraud alert from one of the three credit-reporting agencies. The U.S. Federal Trade Commission’s Consumer Information page describes how to do so.
  7. Oldies-but-goodies combo: Devise strong passwords that you change regularly, use VPN or some other form of encryption, and avoid public Wi-Fi spots – use the cell network instead. (Note that Computerworld’s Richi Jennings goes so far as to say in a July 19, 2016, post that “Your password is stupid” as he lists the 25 easiest passwords to crack.) For information on how to craft tough-to-break passwords, see the “I hate passwords” guide from April 29, 2014.
  8. Newbies-but-goodies combo: Block ads, check regularly for mystery software that was installed surreptitiously on your machine/device, and don’t let apps access your personal data (contacts, photos, location, etc.) unless doing so is necessary for them to function correctly. For more on ad blockers, see “More reasons why you need to block web ads” from April 7, 2015.
  9. Use two-factor authentication. The “I hate passwords” guide referenced above explains how.
  10. Disable Javascript and enable click-to-play in your browser. This is covered in “Browser security settings you gotta change,” which is also referenced above.
  11. Make sure your Facebook profile is private. The “Five-minute Facebook security checkup” from June 2, 2015, describes how.
  12. Use a cloud backup service to minimize the damage of a ransomware attack. See “Beat ransomware by saving your files to the cloud” from January 6, 2015, for instructions.
  13. Protect your wireless network by using Wi-Fi Protected Access 2 (WPA2)-Advanced Encryption Standard (AES), not the outdated WEP. For added protection, change the default username, password, and SSID. (More at https://www.us-cert.gov/ncas/tips/ST15-002)
  14. Before you enter a credit-card number or other personal information in a web form or field, make sure the connection is encrypted by looking for the green lock icon and “https:” in your browser’s address bar.
  15. Set your computers, tablets, phones, and other devices to sleep after a set period of inactivity, and require a password or passcode to re-activate them.

---------------------------------

Links for more Internet-security info

50+ Internet Security Tips & Tricks from Top Experts
Security tips from the U.S. Computer Emergency Readiness Team
National Cyber Security Alliance: Stay Safe Online
Ten simple, common-sense security tips (a post by yours truly from October 9, 2012)
MIT Information Systems and Technology: Top Ten Safe Computing Tips
Google Safety Center
Inc.: Ten Expert Security Tips for Using the Internet of Things
Consumer Reports: Guide to Internet Security
Kim Komando: Top 5 Privacy & Security Tips of 2015
David Lazarus, January 15, 2016, Los Angeles Times: Our privacy is losing out to Internet-connected household devices