Editor’s Note : Tarun Samtani, CISSP is a highly passionate Cybersecurity expert with 15 years of experience in securing enterprises. He regularly addresses global audience at conferences on these topics. For more details, you can catch up with him on LinkedIn – https://uk.linkedin.com/in/tsamtani.
Internet is no more a safe haven for anyone to be these days. ‘Hacked’, ‘Owned’, ‘Breached’ are more commonly seen these days in the news than ever before. Does that worry you? We have some expert tips for you to stay safe online, which can be followed easily without needing any extra resources. Here we go –
- Passwords – We have more than ever increasing list of accounts these days and it’s bound to be difficult to manage passwords. The best recommendation is to use a basic password hygiene – min 8 characters with lower & upper case alphabets with numbers and special characters. Also, ensure the passwords are different for different accounts to avoid compromising all accounts by losing one password. You can use free password managers to make your life easier instead of remembering all the passwords.
- Multi-factor authentication or OTP – Most banks and financial institutions, social media sites are increasingly offering OTP (one time password) facility. It basically means you need another password or code to be sent to your phone or email to authenticate yourself to the service. Activate them on the accounts which provide such facility. It will increase the time required to do the login but will make your account virtually safe from being accessed by someone else unless they also own your phone. OTP can usually be activated by calling your bank or online by clicking on Services or Security settings for the account.
- Free Wi-Fi – Free Wi-Fi has been a great attraction for restaurants and other establishments to attract customers. Always be wary of using Free Wi-Fi unless you are using VPN (Virtual Private Network) on your device. Most of the communication between your device and the Free Wi-Fi provider is unencrypted or can be decrypted by someone (usually a hacker using the same Wi-Fi network). To encrypt all your communications so that no one can see your traffic use a VPN service. There are many free VPN service providers which allow you to encrypt your traffic so any hacker or adversary intercepting your traffic will not be able to make any sense of it. As a general rule, avoid login into any banking application or social media account on a Free Wi-Fi with no VPN enabled on your device.
- Email Attachments or Spam emails – Always be careful when you receive an email with attachment from an unexpected unknown sender. Clicking on links that you may receive on an email is not always safe as you may unknowingly download malicious attachments or software in the background. Even if the email looks genuinely from a bank, avoid clicking on links to login to bank accounts. Use the main banking website URL to login into the bank accounts. When receiving attachments from an unknown sender, if you were not expecting it always be wary about it. Download them on your PC and right click to scan using an AV and if you are still not sure you can upload it to www.virustotal.com and they can scan it against more than 50 AV’s to confirm if it has no malware. It’s very common for the bad guys to infect attachments with malware and make it as genuine as coming from a bank or a utility company. Once the attachment is opened, malware will get downloaded in the background with no user knowledge or intervention and the bad guys on the other end will have complete control of your PC remotely.
- Mobile Malware – Mobile malware is increasingly more common these days due to ever increasing number of smartphones on the planet. The best practice is to not download any apps from unknown market places. If downloading from the Google Play or Apple iTunes ensure there are enough good recommendations for the app developer. There are a few Anti-malware software available for e.g. – Malwarebytes which can be downloaded for free and that scan your mobile for malware in the application or attachment.
- Mobile Password / Pin – Ensure you have your mobile protected with a Password or PIN. The longer the password or pin, more secure it is. Think of it as a mini computer with all your social media accounts logged in all the time. Would you want anyone to get access to everything on your phone if you misplaced or lost your phone? Charging your phone with a USB cable to a PC can also infect the PC if the mobile is infected with a malware. Best practice is always charge mobiles using the charging adapter if it’s possible.
- Shop Safely – Internet shopping is the easiest way to shop and get something delivered at home. Always use C.O.D (Cash on delivery) option if you have it available on the website. Bad guys will always be interested in grabbing your card data online so avoid if possible. If you have to use it, ensure the website supports ‘https’ and has a padlock icon in the address bar.
- Keep up-to-date – Always keep your Antivirus and windows system updated. Most of the security companies update their software frequently and patch the vulnerabilities that could be affecting the software by issuing new patches. Do not delay in applying patches as they may be critical. Ensure your Antivirus is automatically updated and run a full scan regularly – few times a week.
- Data Back-up – Someday you may still get infected with a malware even after you have taken all the precautions and followed all the best recommendations. Do you have a backup of your critical data? If possible ensure you keep a backup of your most critical data on a separate drive or USB. Many cloud storage companies (Google drive, OneDrive, Dropbox, etc.) offer free backup services – use them if you are comfortable with it. Again if you are using cloud storage make sure you enable OTP if available.