The Internet is a tempting but fickle mistress. In less than a generation, it has given the world’s citizens access to unprecedented data and resources—but it’s also created a gaping security risk for personal information. From avoiding viruses that slow your computer down to preventing full-blown identity theft, here are 10 Steps to Protect Yourself on the Web:
You are in complete control of your personal computer and its security controls. But public computers—and even those of friends and family—are mysteries when it comes to the presence of viruses and spyware. If you must use another computer, avoid entering password-protected websites like email, social media, and personal finance institutions—or at least be sure to visit only encrypted sites (see tip #4). After you log out, delete all temporary Internet files and clear your browsing history.
Tip #2: Install firewalls and security software and keep them up to date.
Protecting your computer should be a no-brainer. Install firewalls and security software (including anti-virus, anti-spam, and anti-spyware features), which block incoming communications from unauthorized sources, scan incoming emails and files for problems, and protect your computer against most threats. Some computers and devices come pre-installed with this software, but others may require a separate purchase, either downloaded or picked up from a retail store. Whether you are a Mac or PC user, keep your operating system up-to-date with the latest security patches—in other words, don’t ignore the pop-ups from your trusted software that indicate you need to update or renew your subscription. Some software updates automatically, but you may need to authorize the automatic updates. Check under the Settings or Options menus.
Tip #3: Secure your wireless connection.
Wireless connections—especially Wi-Fi hotspots in coffee shops, libraries, airports, and other public places—are convenient but often insecure. Ideally, connect only to secure (encrypted) Wi-Fi networks, which are labeled (in order of security level) WEP, WPA, or WPA2. If you must connect to an unsecured network, know that everything you share or send over that connection is stored on a server and available to other network users. It doesn’t take a highly skilled hacker to hijack your session, log in as you, and steal your personal information or private documents. To protect yourself, only log in to encrypted websites (see tip #4). If you regularly access the Internet through Wi-Fi hotspots, obtain a personal virtual private network (VPN), which encrypts traffic between your computer and the Internet even through unsecured connections. Some organizations create VPNs to provide their employees with secure, remote access.
Tip #4: Only transmit personal information through encrypted sites.
The website address of a secure connection starts with “https” instead of just “http.” There’s also an icon of a key or a closed padlock in the status bar, which typically appears in the lower right-hand corner of the browser window. But even these websites are forgeable, so to make extra sure the site you’re visiting is secure, click on the icon in the status bar to see the security certificate. Following the “Issued to” in the pop-up window, you should see the name matching the site you think you’re on. If it’s different, then the site is probably a spoof and may steal your information. Also, more than just the login page should be encrypted; if any part of your session is un-encrypted, your entire account could be vulnerable.
Tip #5: Create strong passwords.
The best passwords are, obviously, the ones that are difficult to guess. One way to create memorable but difficult-to-crack passwords is to make up an acronym of a phrase, using a combination of numbers, letters (both upper- and lower-case), punctuation, and special characters. For example, MhaLL)1231(WFwW!aS—which stands for “Mary had a little lamb )December 31( whose fleece was white! as snow,” with the parentheses turned inside out and surrounding a memorable date, and every word longer than three letters capitalized. Never use just your name, birthdate, or other easy-to-guess information.
Tip #6: Use different passwords for each account.
Many of us use the same password (or variations on it) for dozens of account logins—especially if we don’t access them that frequently, the equivalent of a “junk email” account. It may be daunting to keep track of many different usernames and passwords, but think of it this way: if someone cracks one—or there’s a large-scale password breach of a widely used website (as we’ve seen recently with Twitter and LinkedIn)—then you’ve given the hacker easy access to crack your other passwords as well. An easy way to protect yourself is to use different passwords and usernames for each account—and for Jobs’ sake, don’t store those passwords on your computer, or anywhere! If you must write them down, stick to good old pen and paper, and store it in a secure, private place.
Tip #7: Log out completely.
Closing your browser or typing in a new web address will NOT log you out of an online account. Remember to click “log out” to terminate your session. Security experts recommend foregoing browsers’ offers to “remember” your username and password information. Besides, the more you have to type your usernames and passwords, the more likely you are to remember them the next time you need them.
Tip #8: Be wary of email.
Some of the most dangerous Internet scams are perpetrated via email. The scam may be disguised as email from a legitimate source, such as a business or institution you do business with, and they usually ask for usernames, passwords, or other personal information that can then be used to steal your identity. If you question whether an email is from a legitimate source, contact the source using a phone number or web address you know to be legitimate—don’t click any links in the email—and ask if they sent it. Forward suspected phishing emails to the organization that is being imitated and to the Federal Trade Commission at [email protected] Never respond to spam, and use an email provider with a strong anti-spam filtering capability.
Tip #9: Don’t download unknown files or click unknown links.
You may say “duh,” but it’s easy to be duped by highly skilled—or even moderately skilled—phishers and hackers. Download files only from sites you know and believe are genuine. If your friend sends you a link with a simple, oblique message like, “Look what they’re saying about you,” consider contacting your friend through another channel before clicking the link. Sometimes it looks like it came from their legitimate account, but they were hacked. And besides, any friend who puts a teaser on tantalizing information is no friend of yours.
Tip #10: Monitor your accounts.
Everyone is susceptible to having their personal information stolen, from your social security number to credit card information, regardless of how careful they are. Therefore it’s important to promptly and carefully monitor your accounts and personal profiles for suspicious charges and activity. If you see something you can’t attribute to legitimate usage, contact your financial institution and cite the number or web address on the statement.
If you think you’ve been the victim of identity theft, immediately contact the affected accounts (e.g., your financial institution) as well as the Federal Trade Commission, which you can reach here. You can also call the FTC toll-free at 1-877-382-4357 (voice) or 1-866-653-4261 or write to: FTC, CRC-240, 600 Pennsylvania Ave., NW, Washington, D.C., 20580.