As more and more aspects of our lives come online, how can we ensure that our personal information remains secure and our conversations are kept private? Here are five simple steps you can take to improve your safety online.
About the author Gijs Roeffen, Director of IT and Security at EclecticIQ.
1. Create new unique passwords for your online accounts
It may sound basic, but creating strong, unique passwords for all your critical accounts is the best way to protect your personal and financial information. Reusing the same password across all of your online accounts means that if one account is compromised, all of your accounts will be compromised. Most accounts are identified by their email address, which means that if hackers have this information, they already have half of your login information. There are also tools available to perform "password spraying" on popular sites to see if your stolen username and password combination works, and if so, your accounts are wide open. Many browsers, like Google Chrome and Mozilla Firefox, now come with built-in password managers that generate complex password hints for you, so it's worth taking their recommendations and addressing them. stay away from generic and repeated passwords. You should also check if your online accounts offer multi-factor authentication to verify your identity.
2. Protect your SMS
SMS attacks are often highly targeted, as interception of SMS codes requires specialized knowledge and equipment. While it is possible to intercept live SMS messages, there are several factors that need to align to be successful. Using two-factor authentication is an effective defense against account takeover, so be sure to check that your SMS is protected. You may also consider using an encrypted email service. Encryption scrambles the content of a message into random data until it is received at the other end, which means that if a hacker intercepts the message, they won't be able to see it in its entirety. Apple's iMessage service uses encryption, just like WhatsApp, which works on Android and iPhone devices.
3. Keep your security questions (and answers) secret
Designed as a last resort account recovery feature, security issues have proven to be profoundly inadequate contingency mechanisms for passwords. It's possible that if you forget your password, you'll probably remember the name of your first school or the city you were born in, but based on real data that was never supposed to be secret, a quick website or social media investigation can lead criminals to the answer. Unfortunately, threats come not only from the outside, but can also come from within. Too often, the security of personal accounts is compromised by people we know, be it a disgruntled ex-colleague or ex-partner, putting their security at risk. online. If there is no other security option, make sure you are using very personal questions that only you know the answers to, or make up the answers!
4. Give up PIN codes and opt for biometric security.
The truth is that when it comes to passwords and PINs, people are lazy. People will not only use the same password on their online accounts, but will also use the same PIN code for their bank card and phone, or use a generic PIN code. In fact, Tarah Wheeler, a cybersecurity manager who is the senior director of trust, threat, and data vulnerability management at Splunk, recently shared the most common PIN codes used by smartphone users to protect their devices. She got the list. from an InfoSec expert through the SANS Institute. The most common PIN code? 1 2 3 4. Access codes and PIN codes can be easily obtained by looking over someone's shoulder, or even photographed or filmed from another mobile device. Biometric data, such as fingerprints, iris, and facial recognition, cannot be captured in any of these ways. Therefore, in general use cases, passwords and PINs are more secure.
5. Secure your smart speakers
Smart speaker users will be aware of the joy and benefits of playing what you want to hear, when you want to hear it, all through voice control. However, it is likely that you have also heard some rumors about the security of these devices. First, make sure you buy speakers from a reputable vendor with a culture of security auditing, like Google or Amazon. Although these devices offer online storage for the data, if desired, they offer an option to delete it. Be sure to create a new account when you set up your device so it doesn't have access to your calendar or address book, and turn off any services or skills you're not using. Protecting your account with two-factor authentication and ensuring that you only connect to the Internet over secure Wi-Fi networks will also help minimize the risk of interception.