Today’s guest post comes from Nick Rojas
Protect Yourself Online
The data leak at Equifax has taught us that even global companies can fall victim to cyberattacks. We also found the average person had little recourse after the attack, and while plenty of lawsuits and investigations will crawl forward, hundreds of millions of datapoints have been lost. The attack made clear that the public should be proactive in protecting its own data. We cannot trust firms to protect us.
Moreover, on a daily basis, individuals send tens, hundreds, or even thousands of messages between companies and between each other. We need to be conscious of the potential attack vectors and how to avoid them.
Ensure you are using encrypted channels
Data you send over the internet should be encrypted. For consumers, this means looking out for the HTTPS version of a website (most browsers will display a padlock if the connection is HTTPS). Using HTTP is similar to shouting all of your information into the internet for anyone listening. Admittedly, there quite a bit of noise, but it is better to take precautions.
If you use an app, it is not usually clear whether data is being transmitted in encrypted form. You have to trust that the app developers have enough skill and foresight to incorporate data security into them.
Be wary of phishing
Phishing is the practice of imitating a trusted source to trick users into entering credentials. A lot of hacking is social engineering, and phishing is one common attack method. Phishing websites imitate the original site, but when you enter your information, it is sent to attackers’ servers, not your intended company’s servers. This is one reason that simply seeing the HTTPS padlock does not mean you are entirely safe.
You should check that the first contact to the website has the correct URL. If you visit Twitter.com and the site has been compromised, it may redirect you to Twtter.com. At first glance, it is easy to overlook the missing ‘i’. This imposter site will record your credentials and probably return a message like “we are unable to log you in at this time”. Most people simply chalk it up to problems on Twitter’s end, never aware their information has just been stolen.
To combat phishing, some websites also have “extended validation certificates” (EV), which appears when next to the URL in the address bar as green text. The URL bar might also turn green, indicating the site you reached is the site it says it is. Twitter, for example, has EV and the company name will appear in the URL bar. If you see one, you can feel more reassured, though some huge and uncompromised sites, like Google, do not currently subscribe to EV.
Provide as little information as possible
Since companies can be hacked, and indeed they are prime targets of malicious actors, the public should be wary when providing information. The less information you provide, the less information hackers can recover from any individual data leak. Unfortunately, the era of big data has made companies crave ever more data. If you don’t need a service, don’t sign up simply because it’s free – especially if the service requests considerable personal information.
Monitor Your Accounts
In the unfortunate event your information is stolen, the earlier you know, the better. According to the FTC, you are liable up to only $50 on credit card fraud, but if your debit card is stolen and you don’t report it immediately, you may not be able to recover anything at all. Do note that these are federal rules, but every bank will have its own policies, many of which are more lenient.
Your should monitor your accounts regularly, and one of the best ways to do this is with automatic alerts when purchases exceed a certain dollar amount. Just be careful not to desensitize yourself to the alerts by setting the alert too low.
Practice Good Password Management
If your passwords are too easy to crack, they will be cracked. Hackers who compromise a database will try to crack as many passwords and linked email addresses as possible. Easily cracked ones means the attackers require little time and effort to wreak havoc on your online profile. If you use the same password and username across multiple sites, rest assured hackers will use this replication to their advantage to break into as many of your accounts as they can.
One tip for good passwords is to develop a system. For example, you can use the company’s logo color, part of the website name, and some relevant number or symbol. This generates many hard-to-crack passwords that you can easily remember based simply on your system.
- Use 2FA (two factor authentication) – and change your password if it is triggered unexpectedly
- Avoid entering sensitive information on public (and thus vulnerable) machines
- Use one-time code generation if your credit card offers it
Always be Suspicious
In order to best defend yourself, you need to be wary of everything. It is ridiculously easy to have your credit card info stolen. Luckily, most credit cards have zero liability policies, but when important identifying information is stolen, you may have little recourse. It may even lead to identity theft. This is true whether your data is stolen directly through phishing, a lack of encryption, or through a data leak at a major company. You need to take your protection into your own hands.
Guest author bio
Nick Rojas combines 20 years of experience working with and consulting for small to medium business and a passion for journalism to help readers grow. He writes about technology, marketing, and social media for the aspiring entrepreneur. When Nick is not sharing his expertise, he can be found spending time at the beach with his dog Presto. @NickARojas