Recently, Wombat Security Technologies surveyed 2,000 adults in the U.S. and U.K. to see how secure their online habits were, and measure the average level of knowledge about online risks. The results were disappointing (though perhaps not to companies who specialize in online security training, like Wombat Security). Wombat vice president of marketing Amy Baker states, “We often find that those of us who work in cyber security overestimate the knowledge the general public has on cyber security risks and basic secure behaviors.”
Two-thirds of those surveyed didn’t know what ransomware is, and nearly one-third didn’t know what phishing is. Half of the U.S. group had been victims of identity theft. Considering the abundance of online threats that have sprung up seemingly overnight, including the unprecedented WannaCry attacks and the Petya virus in May, maybe a refresher of online security terms and best practices is in order.
First things first. There is no need to panic. Most of the attacks are targeted at large corporations. Most, but not all. There are still plenty of scams and threats for those who are vulnerable. Online criminals are just like real-world criminals: opportunists. If you leave your valuables in plain sight in an unlocked car, they probably won’t be there when you come back. If you hide them and lock the doors, chances are good that thieves won’t bother you.
Keeping your online accounts and files secure is never a sure thing, but there is plenty you can do to lower your risks. If you at least make yourself a difficult target, thieves will most likely move on to easier pickings.
Basic security terms
Malware is an umbrella term to describe any software or program designed to damage computers or files. Viruses, trojans, spyware, and ransomware are all malware.
Ransomware refers to software attacks that take your files ransom: your files are encrypted, and you get a message with instructions to send payment to an untraceable account to regain access. Most attacks have been to companies and government servers, and individuals are at a low risk of attack. Unencrypting the files rather than paying the ransom hasn’t been successful and even paying does not guarantee you will get access to your files back. The best protection is prevention. Backing up your important files in a separate location (an external hard drive or a password protected cloud account) is already something everyone should be doing, but that many do not. Windows has issued a patch to secure the breach that was being exploited, so if you have a computer running Windows and have installed all available updates, you are not vulnerable to WannaCry.
Viruses are malware that spread rapidly by attaching themselves to other files.
Trojans are malware that looks like normal software. A Trojan lets other malware in.
Spyware doesn’t interfere—it records what you do, including passwords, account numbers, and other sensitive information.
Adware isn’t inherently malicious, though targeted ads, spam, and popups can make you feel attacked. And adware has to get through your security, leaving holes for other malware.
Phishing refers to any scam where the scammer contacts you to try to get information or money. It could be on the phone, through email, through social media, or a website. It may be obvious (asking for information or to wire transfer money), or more subtle (clicking a link or installing/downloading a file, which then collects the information or transfers the funds).
To see examples of phishing, visit Microsoft support.
Sometimes your friends are not your friends: Facebook accounts regularly get hacked, and then the hacker can trade on the trust between friends to spread scams. Often the owner of the compromised account doesn’t even know what is happening. If a friend is posting links that seem out of the ordinary or making offers that promise free money or goods, it may be worthwhile to contact your friend offline to see if they are really behind the posts.
The term “mobile device” doesn’t just refer to your smartphone. The growing “Internet of Things” includes smart watches and Fitbits, tablets, home networks and security, smart TVs, cameras—even refrigerators; anything that is connected to the internet or a network and isn’t an actual laptop or desktop computer is a mobile device. The problem with mobile devices (especially older ones) is that security updates are often neglected, or non-existent. Software companies are stepping up their security game with these smaller devices as attacks increase, but as with any new technology, it takes time to work out the kinks. Meanwhile, it is better to save your information sensitive transactions for your more secure devices.
According to Microsoft, “a firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.”
What can you do?
Use passwords. This should go without saying, but I’m going to say it: use passwords.
Choose a secure password—use numbers, symbols, and capital letters, and for the love of Pete, don’t use your name, birthday, or “password.”
Use different passwords—if a hacker does get into one of your accounts, that’s bad. If they have all of your accounts, that’s worse. Don’t make it easy for them.
Don’t share your password. Just because you trust someone doesn’t mean they are trustworthy. But it also doesn’t mean that they will be as careful with your accounts as you would be.
Only conduct business on secure Wi-Fi connections.
Public connections (hotels, coffee shops, airports) aren’t secure just because the business is one you trust. Places with a password that you need to get from the clerk (or that is printed on a receipt) are a little better than those with an open network (no password needed), but it’s better to wait till you are in a secure connection to send sensitive emails or do your online shopping.
Regularly update your software.
I’m as guilty as the next person of putting off that “update required” notification, but procrastination can get you in trouble: security teams who are keeping up with weaknesses in their software need you to install their patches, or you don’t benefit from their services., and it is usually something the software developer has developed and update to fix, meaning that those not updating regularly are at risk. The patches to stop the WannaCry attacks were available in March. “This isn’t rocket science; it’s an oil change,” comments David Venable, a former intelligence officer with the US National Security Agency.
If something seems too good to be true, be suspicious and do your homework
Don’t call me, I’ll call you: Don’t share personal info with anyone who contacts you; tell them you will contact them with the deets. This includes spam emails: if you didn’t solicit an email, or don’t know the person who sent it, don’t open attachments. This is how many viruses spread. Even if you do know the person who sent it, exercise caution. Email accounts can get hacked.
Never, ever wire transfer money to someone you don’t know in person, and can’t talk to on the phone. The same goes for giving out your credit card number. When shopping online, companies like eBay and Amazon offer protections and refunds if your goods never show up, and PayPal does too—not to mention that the payment can be can be tracked if something fishy happens, and individuals don’t have access to your account information.
Only download files from trusted sites. Your anti-virus software can only do so much.
Make sure you have firewalls and antivirus software installed and updated
AVG currently has some of the best free antivirus software. Or you can pay a little for more advanced security. You can even get security for your smartphone.
Cat tries to unlock phone: https://imgur.com/ZfFg47qIf you have a computer that runs Windows Vista or newer OS, you have a firewall installed and running by default. For other operating systems, you should check with the provider to see if you are protected.
An external hard drive or secure, password-protected cloud storage should be a regular part of your internet security plan. If your computer files do get corrupted, either maliciously or not, having separate copy means you won’t lose everything. But the key word is “separate”: leaving your external hard-drive connected to your computer network defeats the purpose.