With at least 100 million Americans’ identities stolen last year, defeating such invasions is a challenge for all of us who depend on the Internet. Though there are a growing number of useful resources, protecting ourselves while using the Internet is our own responsibility, whether we are technically savvy or not.
While it is ever so easy to get lost in all the techno terms, there are several basic components to keeping ourselves secure online. While no system is perfect in the face of determined thieves, taking these steps will help.
Treat Your Personal Information Like Cash
Your Social Security number, credit card numbers, bank, and utility account numbers can be used to steal your money or open new accounts in your name. When you are asked for your personal information — whether in a web form, an email, a text, or a phone message — think about whether you can trust the request. In an effort to steal your information, scammers will do everything they can to appear trustworthy.
Choose Secure Websites
If you’re shopping or banking online, select sites that use encryption to protect your information as it travels from your computer to their server. To determine if a website is encrypted, look for “https” at the beginning of the web address (the “s” is for secure).
Some websites use encryption only on the sign-in page, but if any part of your session isn’t encrypted, the entire account could be vulnerable. Look for https on every page of the site you’re on, not just where you sign in.
Install the HTTPS Everywhere tool developed by the pro-privacy Electronic Frontier Foundation. It encrypts all the information your browser is sending between your computer and websites.
Back Up Your Files
No system is completely secure. To ensure a seamless recovery if your computer is compromised, copy your files or your entire hard drive onto an external hard drive periodically, and/or back up your files to the Cloud, using Amazon, or DropBox, or any secure system, and store it in a safe place.
Once set up, Cloud based systems are continuously backing up your files, so you don’t have to remember to do it. You may want a physical hard drive back up just in case you lose access to the Cloud; be sure to remind yourself, perhaps with a calendar note, to execute the back up regularly, or set up your system to back up to the external hard drive automatically.
Monitor your computer for unusual behavior. Your computer may be infected with malware if it:
- slows down, crashes, or displays repeated error messages
- won’t shut down or restart
- serves up a barrage of pop-ups
- laptop battery drains more quickly than it should
- displays web pages you didn’t intend to visit, or sends emails you didn’t write
- displays new and unexpected toolbars
- displays new and unexpected icons in your shortcuts or on your desktop
Get Rid of Malware
If you suspect there is malware on your computer, take these steps:
- Stop shopping, banking, and using any user names, passwords, or other sensitive information.
- Update your security software and then run it to scan your computer for viruses and spyware.
- Delete anything it identifies as a problem. You may have to restart your computer for the changes to take effect.
- If your computer is covered by a warranty that offers free tech support, contact the manufacturer.
- Before you call, write down the model and serial number of your computer, the name of any software you’ve installed, and a short description of the problem.
- Absent such support, find a reliable repair person or take your computer to a computer store for analysis and repair.
- To go a step further, develop a relationship with a tech support firm that provides remote service. I have monthly malware and spyware scans done remotely, in the background, and my tech support team knows all my computers and handhelds.
- Once your computer is back up and running, think about how malware could have been downloaded to your machine, and what you could do differently to avoid it in the future.
If you think your computer has malware, the Federal Trade Commission wants to know. File a complaint at ftc.gov/complaint.
Use Security Software That Updates Automatically
The bad guys constantly develop new ways to attack your computer, so your security software must be up-to-date to protect against the latest threats. Most security software can update automatically; set yours to do so. You can find free security software from well-known companies. Also, set your operating system and web browser to update automatically.
If you let your operating system, web browser, or security software get out-of-date, criminals could sneak their bad programs — malware — onto your computer and use it to secretly break into other computers, send spam, or spy on your online activities. There are steps you can take to detect and get rid of malware.
Don’t buy security software in response to unexpected pop-up messages or emails, especially messages that claim to have scanned your computer and found malware. Scammers send messages like these to try to get you to buy worthless software, or worse, to “break and enter” your computer.
Carefully Manage Your Email
“Spam” is not only inconvenient and a waste of time. It can be malicious if spam emails or attachments steal personal information (spyware) or implant viruses or worms (malware). Some malware can integrate your computer into a network to distribute spam, turning it into a “zombie” that becomes part of a “botnet.”
Ways you can reduce spam include the following.
Choose an email provider with strong anti-spam filtering capability. You don’t have to use the email service provided by the company from which you purchase your access to the Internet, but can chose an independent email service such as those provided through Intermedia or Office 365, which are constantly working to improve filtering capability.
Identify unwanted spam with the “spam” button. Many email services allow you to select spam email, and then push a “spam” button to identify it as unwanted email. Use this button if you have it, because it lets your email provider know what email you don’t want.
Email settings also allow you to prevent images such as logos and pictures from automatically displaying when you open an incoming email. If you allow automatic opening, or open images from unfamiliar sources, you may introduce malware and will confirm to spammers the validity of your address. Don’t open attachments in emails unless you know who sent it and what it is.
Instead of clicking on a link in an email, type the URL of the site directly into your browser. Criminals send emails that appear to be from companies you know and trust. The links may look legitimate, but clicking on them could download malware or send you to a spoof site designed to steal your personal information.
Download and install software only from websites you know and trust. Downloading free games, file-sharing programs, and customized toolbars may sound appealing, but free software can come with malware.
Never Respond to Spam
The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act, a federal law, requires senders of commercial email to give you a return email address or other Internet-based response methods to opt out of future emails. Use that address or the “unsubscribe” feature instead of replying to the email. Senders must honor your opt out request within ten days, and cannot sell or transfer the email address in your opt out request unless the transfer is to allow another sender to comply with the Act. The CAN-SPAM Act also prohibits the sending of unwanted commercial messages to wireless devices using an Internet address without prior authorization.
You can report spam received to the Federal Trade Commission by sending a copy of the message to firstname.lastname@example.org.
Get to Know Your Browser Security Settings
Minimize “drive-by” downloads. Make sure your browser security setting is high enough to detect unauthorized downloads. For Internet Explorer, for example, use the “medium” setting at a minimum.
Use a pop-up blocker and don’t click on any links within pop-ups. If you do, you may install malware on your computer. Close pop-up windows by clicking on the “X” in the title bar.
Establish and Maintain Secure Home WiFi Networks
First, set up a password. Don’t keep the default password provided, and do not even think about setting up the system without a password.
Next, you will be asked what type of security encryption standard you’d like. Choose WPA-2.
Lots of machines default to WEP (Wired Equivalent Privacy) or WPA (Wireless Protected Access). Avoid them at all costs. A known Wi-Fi flaw can give up your password in seconds.
Don’t hide your home Wi-Fi network. Your home router asks: “Hide the SSID?” If you say yes, then your devices are forced to “actively scan” for the home network you’re trying to hide. Sure, they’ll connect. As a result, your device “actively scans” for networks all the time.
Though these steps will continue to evolve as both the crooks and the technology grow ever more sophisticated, taking them will go a long way to providing protection and peace of mind.
- Treat your personal information like cash and only give it out over secure (https) sites.
- Actively manage the security of your computer, your email system, your browsers, and your networks.
- Back up everything, regularly if not automatically, for rapid recovery.
- Reread (prior article) regarding password strategy.
Resources and Help
The Federal Trade Commission wants to know.
- If you think your computer has malware, file a complaint at gov/complaint.
- Send a copy of the SPAM message to email@example.com.
- S. Computer Emergency Readiness Team (US-CERT). https://www.us-cert.gov
The Stop.Think.Connect. Campaign™, led by the Department of Homeland Security, raises awareness among the American public about the need to strengthen cybersecurity and to generate and communicate new approaches to help Americans increase their safety and security online. Learn more at dhs.gov/stopthinkconnect and onguardonline.gov/stop-think-connect.