Hopefully your answers is “no”, and the intention of this blog is to keep you cyber safe in 2017.
Remember the hack of the Ashley Madison site? The top 3 passwords used on that site were “123456”, “12345” and “password”.
While there are no guarantees that malicious actors won’t get to your information, the following tips will decrease the probability of having your personal information hacked.
Let’s do some cyber maintenance. In addition to changing your passwords, learn other ways to make your cyber presence safer.
1. Have Complicated, Unique, Difficult-To-Crack Passwords
Hate changing your passwords for your social media, online banking, Amazon.com and other online accounts? So do I. But having someone invade your privacy, social channels, or even financial information is a lot worse.
A good solution to create strong passwords (and track them at the same time) is to sign up for a password storage tool. 1Password carries a yearly fee, and I’ve also heard good things about a free tool called LastPass.
All you need to do, once you have such a tool, is to create one really complex password and remember it. Then you can let the tool auto-generate all your other long and tricky passwords, which you won’t need to remember.
2. Never Reuse a Password
Don’t use the same password or slightly modify it to use it on multiple accounts.
Make each password unique, with a mix of upper and lower case letters, numbers, special characters – at least 9 characters, ideally more.
3. Update Your Passwords Regularly
Change your passwords periodically (at least every 6-12 months). While having a really difficult password is the number one way to protect your accounts, changing your password can’t hurt.
4. Prevent “Dictionary Attacks”
Don’t use dictionary words, your pet’s name, your college or any other words that have an obvious correlation to you as a person. These are easy to find, even just via Google, and so-called “dictionary attacks” – which are extremely common and simple – can crack those passwords in no time.
NOTE: Personally, I also discourage publishing your birthday on LinkedIn or Facebook as this date is a crucial detail to cracking and taking over your (online) identity; especially in the USA where birth date and social security number ARE your identity.
5. Keep Your Security and Privacy Settings Current
Facebook, LinkedIn and other social media channels occasionally change their privacy options, which is easy to miss (or dismiss) as such updates are not particularly interesting.
For a safe 2017, visit your social channels and review your privacy and notification settings. While you’re there, disconnect access for apps you no longer use.
6. Enable Two-Factor-Authentication
Something often dismissed as too complicated is two-step-verification.
Most social platforms, banks and other accounts now provide this as an option – here’s how it works:
- In addition to your password, every time you sign in, you get a text message or app notification with a code that you need to enter before you get access to your account.
- You’ll be asked to specify your trusted device(s) to receive the code, e.g. your iPhone or iPad, so only you have access.
7. Don’t Store Passwords in Your Browser
I know, it seems convenient but hackers feel the same way.
Browser attacks are very common – here’s some more information on common threats by Kaspersky.
8. Have a Security Program Installed
You need a virus protection program at a minimum, and many of these now come with privacy packages to help you in case you do get hacked.
Here’s a suggestion for 10 virus protection programs. Also consider a service that alerts you to invasions into your personal information, like changes in your credit report. One option is Lifelock.
9. Install Software Updates
Don’t dally when it comes to installing updates to your applications, operating system or website. While I admit that I sometimes wait a few days when a new OS update comes out so that the main bugs can be fixed first, I never wait for more than a week.
10. Be Suspicious of URLs Before You Click
Phishing is generally an attempt to get users to click on a malicious URL that will upload a virus if you do.
Never click on a URL sent by your bank, PayPal or other account that requires you to sign in.
Often, malicious actors will steal your password that way, or upload a virus. Instead, go to the site directly and log-in from there to check on any message.
Also, be suspicious about the senders of any message you receive via email or social media. Sometimes when I see a shortened link, I ask the sender to give me the URL to look it up myself or I pass.