There are a number of steps that individuals can take to help improve their security both on and off the internet, including a few suggestions from Condor Capital:
One of the first and most important steps that you can take towards better security is improving your password management. One effective method is to think in terms of "pass phrases," instead of pass "words." Using a phrase that is personal to you creates a password that is not only easier to remember, but harder to crack. This method works to counteract one of the most popular password breaking techniques – a dictionary attack.
As its name would suggest, this is when an attacker uses a dictionary to guess your password. If your password is a word or only a slight variation of a word, where simply an "O" is chanced to a "0" for instance, it is most likely guessable via a dictionary attack.
Secondly, it is essential that you use different passwords across all of your critical services so that in the event that one is compromised, an attacker does not immediately have access to all of your accounts. Although many claim that this process makes it too difficult to remember passwords, there are several services aimed at making password management easier. Some examples include password management systems that are built into Google's Chrome and Mozilla's Firefox web browsers, as well as third party offerings, such as LastPass. Further, you should not hesitate to utilize the "forgot password" prompt for lesser used accounts.
Finally, take advantage of dual factor authentication logins whenever they are available. Under processes such as this, a user is required to present two data points to verify their identity. One popular method involves the user entering a password, then a separate, one-time code which can be sent via text message or phone call. It is particularly important to use two factor authentication when utilizing password management systems, such as the ones we mentioned above.
While these can be an inconvenience, they are a small price to pay for significantly improved security for your critical personal and financial information.
Connections to wireless networks can also be a source of security vulnerability. When setting up a wireless network at home, it is important to always require a security key to enable connection. In addition to potentially letting others use your connection for free or slowing down your service, an unprotected network can allow them to intercept data that you transmit over the network.
Going a step further, when connecting to a public network such as a coffee shop, you should be cautious regarding the type of information that you access using such a portal.
With the increasing proliferation of mobile devices, they have become an increased target for attackers. In addition to connecting to secure networks, as stated above, it is important to always utilize a security PIN to lock your phone. This is particularly important when the device is used to access email, which likely contains a trove of personal information. When downloading apps, be wary of those from lesser known or obscure developers, as these apps can sometimes pull personal information from your device.
Finally, be sure to keep your operating software as up-to-date as possible. In addition to fixing bugs, many updates patch security flaws that have been discovered in the programs. This came to the forefront recently after a severe security flaw was found in iOS 7.
When using a credit card to make a purchase, be sure that you do not leave it out in the open. For example, if it is left face up on a table as you enjoy coffee, an attacker could easily snap a picture of your card, then use the numbers to make fraudulent purchases. With that said, it is important to check your monthly statements for irregularities so that any potential security breach is identified as soon as possible. If you receive statements via hard copy, it is then essential that they are shredded or stored in a secure location, such as a lockbox.
On the Web
Posting personal information to social networks such as Facebook or LinkedIn can provide another avenue for attackers to gather information on you. When using these sites, turn your security feature and privacy settings to their most strict level to prevent unauthorized people from viewing your personal information. Subsequently, you should think carefully before adding a new person to your "network."
Most social networks also have tools that will allow you to limit what content certain groupings of connections can see. With an ever increasing amount of commerce and general interaction with services transitioning to the web, it is also crucial to ensure that the websites you are using are secure. Whenever connecting to a website that collects personal information or facilitates payment or the transfer of funds, you should ensure that it is being done over an encrypted connection. Some signs that the website is secure are a web address beginning with "https" or the presence of a padlock when connected to the site.
Sending and receiving documents or information via email has become increasingly popular for its ease and speed, but you should take caution when transmitting information using this method. Try to utilize email providers that support both encrypted connections and encrypted sending/receiving of messages. Older and legacy email addresses (e.g. Hotmail) tend to be some of the least secure. Surprisingly, most email services provided by internet service providers (e.g. Comcast or Verizon) do NOT support encrypted transmission.
Even if you are taking precautions to secure your email, there is no guarantee that the person on the other end is. If they have a weak password or use an email service that does not use encrypted connection portals, any personal information that you send them is at risk, so use caution when sending sensitive information via email.
One of the most frequent forms of attack is called phishing, which occurs when an attacker attempts to acquire personal or financial information by impersonating a trustworthy source such as your bank or credit card provider. To guard against such schemes, always be cautious when someone contacts you regarding your accounts, whether it be via phone or email. It is standard protocol that such organizations will not call you and then ask you to provide information such as account numbers or passwords.
In regards to emails, always be wary of links directly in an email prompting you to enter personal information. One effective way to help identify fraudulent emails is to look for any obvious spelling or grammatical errors, which would be unlikely in an official document. If you feel that you may be a target of such an attack, hang up and call back via a verified number or visit the company's website directly. You can always obtain more information from your providers regarding their security practices, how they will communicate with you, and what personal information that they may ask.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.