With phishing, hacking, ransomware, malware, and just plain creepy tracking, the Internet is a more dangerous place. Here are 20 layered strategies for staying safe.
When looking at the strategies available, you must weigh usability with security. For example, security may not be much of a concern with a message board where you never store financial information, but is more critical for any website with financial information.
1. Assume Sites Will Be Hacked
No matter how large, how protected, how gold-plated, assume that sooner or later every website you use will suffer a data breach. The key is to design your web strategy so that the damage will be limited to information on that site. Hopefully, no website you frequent will ever be compromised.
2. Keep Anti-Virus Software Up-To-Date
Your anti-virus software should be kept up-to-date. This is obvious. Whenever it flags the need to update, do not put it off. On a sidenote, many information
3. Keep Generic Software Up-To-Date
When your major software (e.g., Office, Acrobat, etc.) issues a patch alert, it is often to fix a vulnerability that was identified. You should update immediately.
4. Use a Password Wallet
A password wallet is a heavily encrypted password storage site that delivers encrypted, randomly generated passwords to each site you visit. With a password wallet, you only have to remember the password used to login to the wallet.
5. Use a Password Strategy
If you are not going to use a password wallet, it is good practice to follow a password strategy. The objectives are to create something unique for each website, that doesn’t follow a pattern, and that you can remember. For example, someone born in Kentucky on May 9, might make Kentucky-509 a core password. The core
password could be surrounded, preceded, or followed by something unique to each website. For example, the Service Roundtable login might be srtKentucky-509srt. Then, when it is time to change the password, you might advance it the core one letter or number. The password, srtKentucky-509srt becomes srtLfouvdlz-610srt. Thus, you have a strategy for remembering the password and the password for each website is unique.
Another technique that can be used in combination with the one above or separate is to use @ for the letter, a. Use 1 for the letter, l. Use 0 for the letter, o. Use 3 for the letter, e.
6. Hover Before Clicking
Before clicking any link, especially one from email, hover your mouse over the link to see what is revealed. For example, “Contractor’s National Bank” might be displayed, but when the link is hovered over with the mouse, the link might be ContractorsNationalBank.ursorry.com, which would take you to a foreign phishing site that would look like the Contractor’s National Bank site in order to trick you into entering your login and password.
As a rule, never click a link to a financial website. Always enter the website directly by typing in the URL or website address. Remember, few if any financial sites will send you a link through email.
7. Beware of Unexpected Attachments
Do not open any unexpected attachments in email. This is how malware and ransomware is often delivered. If in doubt, drop a quick email to the sender, assuming
the sender is someone you know.
8. Look at Actual Email Addresses
It is common for malicious players to spoof email addresses. For example, everyone in your company may appear to get an email from you with an oblique reference to an attachment or link. However, when hovering over the sender’s name or right clicking, it changes from “Joe Contracting” to “Joe Contracting
9. Backup to the Cloud Continuously
Set a backup to the cloud to continuously mirror your local hard drive. There are a number of services that will provide this, such as Dropbox. Premium versions of cloud backup services will also help reduce the impact of ransomware because they store multiple versions of files so you can restore an older version pre-dating the ransomware.
10. Use Browsers and Search Engines That Protect Privacy
To better protect your privacy, use browsers and search engines that claim to offer privacy protection (though it is good practice to always be skeptical). A good combination is the Brave browser and Duck Duck Go search engine.
11. Use a VPN or Tor Browser
To hide your activity when using a public WiFi source, use a virtual private network (VPN) or the Tor privacy feature of Brave. A VPN encrypts your data and reroutes it to hide your identity and location. Most charge a nominal fee. One that does not is Proton, though its premium service offers more features including ad and malware blocking.
Tor, which is “the onion router,” uses a layered approach to bounce you through multiple servers around the world. Each server peels off a layer of vulnerability or identity. As with a VPN, with Tor, you might appear to be coming in from some foreign country. Tor is free, but somewhat clunky. You may not be able to access some sites.
12. Use Encrypted Email That Protects Privacy
Some of the free email services carry a price. The price is you. The host might scan and read every email you send. When a service is free it is either limited in use or it is free because “you” are the product and the service is collecting and selling your information. Using an encrypted email service with a privacy focus, such as Proton Mail or Start Mail gives you more protection.
13. Use Separate Email Addresses For Sensitive Data
It is a good idea to use one email address for communication and one or more separate email addresses for financial information. You might use one for credit cards, another for banking, and so on.
14. Use Notifications For Financial Transactions
You can set up text or email notifications to alert you whenever one of your credit cards is used. Check out the requirements for each banking and credit card account to see what is possible.
15. Use Multifactor Authentication
Multifactor authentication involves verification by two means. Typically, one is a password. In addition, a passcode sent by text or email to your mobile phone or email address. The passcode must then be entered as the second part of a two part login process.
16. Use a Biometrics
Most phones and many laptop devices today offer options for biometric logins using a fingerprint, retina scan, or facial recognition. This can be an easy, secure way to access a website, operating similarly to a password wallet.
17. Do Not Save Passwords
Other than password wallet or biometrics, some passwords should not be saved in your computer operating system or on a phone. Passwords to financial websites are an example. Enter these manually, every single time.
18. Change Passwords
It is irritating to change passwords, but necessary. If you have a password wallet or a password strategy, it is simplified. Every few months, change your passwords. Change every single one. Every year, change your password strategy.
19. Download From Trusted Sites
There will be times when you need to download software to fix a problem or bug, update a driver, clean up a slow operating system, etc. Get the download from the software site directly. For standalone software, go to a legitimate website like Cnet.com or MajorGeeks.com. When downloading phone apps, use the Google Play Store or Apple App Store.
20. Use Common Sense
Your best defense on the Internet is common sense combined with a cynicism. All of us get in a hurry. This is when we make mistakes. Remember, there really are guys out to get you. Gulp!
Are you coming to the Service World Expo October 18-21 in Tampa, Florida? If not, you will be missing the best education event of the year for contractors. Do not pass up the chance to mix with thebest contractors in the business and learn from great keynotes, dozens of breakout seminars, the largest residential service and replacement show in the industry, nightly networking events, and the Tampa Bay! Register now at www.ServiceWorldExpo.com.