Every week headlines bring us news of computer security problems and identity theft, leaving us to wonder, “How can I defend myself?” A person without detailed technical knowledge may feel especially vulnerable, but also feel ill-equipped to fight back. There’s good news and bad news here: The good news is that hackers’ sophisticated technology is not what gets them on your system, it is their exploitation of human habits and foibles. The bad news? Hackers’ sophisticated technology is not what gets them on your system, it is their exploitation of human habits and foibles. In other words, the problem is not high-tech, but it may not be easy to fix.
Slow that Click-Happy Finger
The first foible exploited is the”quick to click” response. Some neurological and behavioral studies indicate that we are wired to look for novel payoffs. Some are more prone to this than others. Those emails that come in with links to great deals or juicy gossip are bait to trigger this response. Avoid these at all times.
Phoil the Phishers
A variation that is more convincing is the “phishing” attempt: an email appearing to be from a bank, internet service provider, online store, or some other entity you do business with. These have an air of legitimacy and may cause you to let your guard down. Do not respond to emails requesting you to click a link to “reset” your login info, no matter what dire problem has allegedly just happened. Login using the regular link in your browser to access the bank, ISP, or whoever, and see if there are any problem reports there.
Say NO to random offers to “clean” your computer
Legitimate companies do not put pop-ups on your computer warning you that you are infected and offering to “clean” it with a scan. This will just let a criminal install even worse stuff on your machine. If you are lucky they will just rip you off once for the supposed service.
Legitimate companies also do not call you and offer to “fix” your computer if you offer remote access. It is nice to think that Microsoft is looking out for us in this way, but that is just not happening. This has been a very effective scam lately. Once on your computer the criminals can do a lot of damage.
Hopefully a lot of this has been obvious. These are highly successful exploits so some reminders can help.
Password Management
The other major foible to exploit is inertia. When coupled with lack of technical knowledge, this can lead us to leave things in an insecure state, even if we know better. Passwords are often a victim of this problem. We can too easily choose easy passwords instead of more complex but safer ones. And worse yet, we use the same weak password on a number of sites. If your email gets compromised, the “I forgot my password “ link can be used on other sites to get those passwords as well.
The best solution is a password manager. But this involves a bit of technology and so can trigger the same inertia. They are worth the security and once learned, are easy to use. Some recommended password managers are LastPass, KeePass, Password Safe, and Password Genie.
Not ready for that? Reasonably good passwords can be made from a short phrase that is meaningful to you. Replace a few letters with numbers and a special symbol (#!* etc) and capitalize at least one letter. Be sure to replace letters and not append numbers and symbols to the words. You must not leave recognizable words. And don’t use 3 for e, the numeral 1 for the letter l, etc. These are wired into every cracker’s dictionary. Make the password long – at least 8 and preferably 9 or more characters.
Those handy password recovery questions? Nice idea, but have you told the story of your life on some social website? Seriously, you may not have written an autobiography, but the information could be in the many posts you have made. Some notable account hacks have been made because the hacker learned the necessary answers online. Consider a fantasy life with made-up answers – that you never share online.
Another place many people have passwords is on a home router for wireless access. Setting up passwords for this was quite a geeky endeavor. Wi-Fi Protected Setup (WPS) was supposed to make this easy with a short ID number and the press of a button. Unfortunately it is also easy for hackers to get this number with programs available for laptops and smartphones. The best defense against this is to disable WPS.
Keep it up to date
Finally, another area for inertia is updates. Be sure that you are using a reputable anti-virus program (many good free ones are available) and have it update automatically. Also, keep your Windows, Mac, iPhone/iPad, or Android systems updated. Allow automatic updates if the thought of managing this intimidates you.
Yes, this is a lot to think about, but no one item is really very hard. And once you get through you will be much less vulnerable to common attacks.