January 15, 2014
We all know that our financial health can be as important as our physical health. Indeed, our financial health or lack thereof can have serious detrimental effects on us physically. But financial health is more than just sufficient money in the bank, saving for retirement, and an estate plan. Financial health includes having the knowledge to avoid the internet scams and frauds that seemingly come at us every day, as well as being able to keep our personal information secure on the web.
Below I have compiled a list of tips that you can follow to keep yourself safe and sound on the internet. Review them carefully, many of these tips are straight forward common sense, others a little less so. Be careful out there. And if you have any tips of your own, feel free to leave them in the comments.
Tips For More Secure Internet Browsing
- a. Keep your internet browsers and antivirus security up to date. As vulnerabilities are discovered, they are made known to the browser companies and to the public. The vulnerabilities are then patched. If your software is not up to date, you can become vulnerable.
- b. Scan files before downloading them, even if you think you trust the file and the sender.
- c. Protect your cookies! When you log in to a website, the website will typically place a cookie in your browser so it can remember who you are. An attacker can set up a phony website to steal your cookies if you visit the phony website. These cookies can be useful to attackers who can take the information and attempt to impersonate you on the website that generated the cookie. This obviously is bad news. You can prevent this by being sure to sign out from any websites that you are logged into before browsing to any other unknown website. And you should always sign out from websites by actively clicking on the ‘Sign Out’ or ‘Log Out’ button provided by the site.
- d. Do not use options that allow you to remain logged into a website when you are done using the website. While this may be convenient, this stores the login information on your computer and makes you vulnerable if your computer is ever lost or stolen, or if a hacker can get to the stored information over the internet.
- e. Consider refraining from any leisure internet browsing on any computer that you use with sensitive data. While no device is 100% safe from hackers, consider only doing leisure browsing on an iPhone or iPad, which are heavily protected from intrusion via the internet. Use your actual work computer only to do what is required to get your work done.
- f. Avoid free public wifi hotspots, particularly when engaging in any sensitive activity, like checking bank balances or online shopping. Attackers can set up dummy hotspots that enable them to look at everything you send from your computer through the hotspot. Attackers can even attack legitimate hotspots by hacking into the routers. It is best to avoid these.
- g. Websites should allow you to use SSL encryption whenever you engage in any sensitive activity, such as login, create a new account, or make a purchase. SSL prevents an attacker from listening to the communications between your computer and the website you are visiting by using encryption. You can identify that SSL is being used by seeing ‘https://’ before the website address, and you should see a lock icon in the address bar.
- h. You should always assume that emails sent to you that reference issues about your bank accounts, credit account, payment processor accounts, shopping accounts, email accounts, and/or social network accounts are fraudulent phishing attempts unless and until proven otherwise. If you receive such an email, do not click on any link in the email. These links very well can lead to a counterfeit version of the relevant website designed to get you to give up your important account information. Instead, close the email, and log directly into the account through your internet browser. If the email was legit, you will see so when you log into the account. Because email phishing attacks are so pervasive, you should pretty much never click a link that comes to you in an email, particularly if you are not familiar with the relevant company’s policy for sending notices via email.
Tips For More Secure Passwords
- a. Do not use actual words or names in your passwords, even foreign words or names. These types of passwords are vulnerable to dictionary-based attacks where every word found in the dictionary is used as a guess password. Even if you put symbols, numbers, or capital letters within or around the word, it is trivial for hackers to also add symbols, numbers and capitals to their guesses to crack your password.
- b. Do not use all letters, or all numbers for your password. Again, computer processing power makes it trivial to try all the possible combinations to guess your password.
- c. Do not use addresses or telephone numbers for your passwords. If a hacker is specifically targeting you, assume they will have access to this info.
- d. Use longer passwords. If a website lets you submit a long password, do so. Longer passwords (over 20 characters), if they can be cracked at all, will take much longer to be cracked than a shorter password.
- e. But you ask, how can I remember a 20 character password? Easy, use a password manager. With a password manager you only have to remember a single password to log into the manager, then you can copy and paste the passwords into whatever website you want to log into. These are available for iOS and Android devices, as well as Windows and Apple computers. It takes a few extra seconds, but it is worth the extra security.
- f. Also, consider using a random password generator. Random password generators will create passwords for you using cryptographically secure random string generators. They allow you to set the length of the password you create, and also allow you to insert any special characters, numbers, or capital letters that a website may require. And they are truly the most difficult passwords to crack. Keypass is an open-source random password generator/password manager that has worked very well for my purposes.
- g. If you have a high profile in public, you will want to be careful about what you use for security questions and answers. It is possible that the answer to your security question can be determined by doing a little research on the internet. This is how Sarah Palin’s Yahoo email account was hacked by a twenty year old college student during the 2008 presidential campaign. The attacker simply made a request to Yahoo to reset Sarah Palin’s email password (all he needed to initiate the process was the email address). To be able to complete the password reset, the attacker had to answer two security questions. The first question was Sarah Palin’s birthdate. The second question was where Sarah Palin met her husband. The answers to these questions were readily available on the internet. Be careful selecting security questions and answers.
- h. Do not use the same password on multiple sites. Not all website security is created equal, if one website gets hacked, it will be a big hassle to have to change passwords on every site you have registered for.
If you follow the above tips, you will be well on your way to fortifying your private information on the internet. Have a tip of your own? Please share it below!