Can you truly be safe in an online world? Yes, unplug! Since that is not a realistic option in today’s environment, here are some tips and tricks that you can use to make your online world a little bit safer.
- Beware of phishing emails – When phishing emails first started to circulate the internet they were pretty generic and counted on shear volume for success – if only .001 per cent of recipients clicked the link, provided details or responded in general then the email was a success given the capacity to send millions of emails. Now that people realize that a prince is not really going to give them money out of the blue, phishing emails are becoming far more sophisticated and targeted. Today, the bad actors are tailoring their emails by using references to current events, like COVID-19 or the upcoming holidays, or going so far as to research the hierarchy of your company so they can reference real names and titles. So, how do you avoid falling for these emails:
- First, be skeptical of any email that calls you to action – click this link to download a file, provide your information to reactivate your account, upper management asking you to buy gift cards, etc.
- Other things to look for:
- Email address – Check the email address to confirm it came from a legitimate source, i.e. you just received an email from your boss asking you to buy gift cards, but the email came from Hotmail.com and not your corporate domain. Also, be aware that some bad actors will register domains and substitute nn for an m, or two vv for a w so that the domain looks like your corporate domain.
- Check the spelling and grammar of the email – this is less and less of a tell-tale sign given all the autocorrect tools available but still something to look for.
- Hover over links (move your cursor over the hyperlink but do not click on it and you’ll get a pop-up that displays the full URL) to see if they truly go where you would expect.
- If you’re still not sure, go to the website of the company that supposedly contacted you, to confirm their website address and contact information and call them to see if they are in fact sending emails to their clients or customers. Do not rely on the contact information in the email.
- Use unique passwords for every site where you have an account – With over ten billion accounts compromised to date there is a very good chance that you have at least one username and password combination in the hands of a bad actor. Knowing that people often reuse passwords, these individuals will start to test sites to see if you have reused that information.
- Use a password safe – Remembering all your unique and complex passwords can be a real headache which is why so many people reuse their passwords. To solve this issue, use a password safe. There are numerous solutions out there, many of them free for personal use, that will help you store, organize, and generate unique and complex passwords for you. Most will have mobile apps and plug-ins for your computer so no matter what device you use you will have secure access to your passwords.
- Use multi-factor authentication (MFA) whenever possible – while these are not foolproof, you are still better off utilizing this feature then relying on a complex password alone. As the name indicates, multi-factor authentication requires the use of multiple factors to authenticate your credentials – a username and password plus a randomly generated code for example.
- Limit downloads of free software to your personal devices – Often times, free software includes adware, malware, or other code to display ads, steal credentials, use your mobile data or other items to generate income for bad actors. Remember the adage that “nothing in life is free” and you will appreciate why free software really is not free after all. That said, if you are still going to download an application, make sure that you do some from a legitimate store, such as the Google Play Store. While this doesn’t guarantee that the application you are downloading is 100 per cent safe, the controls that are in place will create a great deal more safety for you then if you were to download from a third party website.
Integrating these tips into your online life will go a long way in keeping you safe and, for those of you that want to go the extra mile, here are a few additional tips for you:
- Monitor our email addresses to see if they have been included in any data breaches. “Have I been pwned?” is a great site for this – https://haveibeenpwned.com/.
- Use a malware scanner on your personal devices.
- Use a DNS filtering service to help block malicious sites for all devices on your home network. OpenDNS (https://www.opendns.com/) is an example of just such a service.
- Use a VPN on your devices. VPN’s create a secure connection between your device and your destination making it harder for someone to intercept the information your sharing.
- Setup a monitoring service on your identity so you get alerted whenever anyone tries to apply for credit using your identity. Given there is truly no way to guarantee your online safety, it’s not a bad idea to setup a monitoring service as a fail safe. Equifax (https://www.equifax.com/personal/) and TransUnion (https://www.transunion.ca/) are examples of this service.
It is estimated that cyber crime is a trillion dollar industry so know that it is here to stay and, as such, it is up to each of us to do what we can to protect our online worlds. My goal with this article is to get you thinking about the steps you can take to protect yourself and your data. To learn more about any of the information shared here, a quick internet search will give you great articles ranging from how-to’s to product recommendations.
Good luck, be safe and stay vigilant!