24 Mar

Top 5 Online Security Tips For Home And Small Business

As we become more and more reliant on the Internet, mobile devices and online services we also become more vulnerable to online crimes such as credit card or identity theft. Whilst the only way to ensure that you will never be the victim of an online crime is to simply not ever go online (which isn’t possible for most of us), there are several steps you can take to greatly reduce your chances of being the subject of such a crime.

1. Password Strength Is Your First Line Of Defense

Possibly one of the main causes of hacking and identity theft is the use of simple passwords. A password is your first line of defence against someone accessing your private information or data. If you use a persons name, a birthdate or a telephone number then you are making it fairly easy for a hacker to figure out your password. The fastest method to determine simple passwords is with a brute force attack.

Basically the hacker runs a script that goes sequentially through the alphabet, the numbers 0-9 and other symbols. This is automated, so time is on the hackers side, especially if you have a simple password. The important point is that the greater the length of the password and the more complex it is in its use of lower case, upper case, numbers and other symbols such as punctuation characters, the longer it takes a brute force attack to reveal it.

This presents the problem of complex passwords being difficult or impossible to remember.

There is a secure solution that allows you to have extremely complex passwords without having to remember them or write them down. It is called Roboform and is a software application that has plugins for Internet Explorer, Firefox and Google Chrome. As an IT consultant and application developer I have many of my own passwords stored in Roboform as well as approximately 1200 other logins for various customer sites, servers and online services. Roboform allows you to set passwords like this one – @$Xk7W^1uTvr – that I created with the Roboform password generator. And at only $19.95 per year it’s one of the most cost effective ways of greatly improving your online security.

For businesses there is Roboform Enterprise which has additional features including the ability to allow your employees to log in to services such as online banking without them ever seeing or knowing the password.

2. Make Sure Your Anti-Virus Is Updated Regularly

I wish  had a dollar for every computer I’ve ever worked on that had an anti-virus installed but the anti-virus data files were out of date. Many people don’t realise that in order to keep your computer safe from viruses you need to allow it to update its data files every day. Thousands of new viruses are created each year and most ant-virus vendors update their data files as they become aware of the new viruses. If you aren’t keeping yours up to date then it’s about as useful as last years football fixtures!

Of course if you don’t have an anti-virus program installed on your computer you are exposing your computer to thousands of potential sources of virus infection. The most insidious viruses are the ones you don’t see. These are known as ‘trojans’ and they stay silently in the background, sending information back to hackers. The worst of these are programs known as ‘key loggers’. They send every keystroke you make back to a hacker, including any login details you might type in.

Roboform, which I mentioned in the first tip actually defeats key loggers as it fills in your usernames and passwords without making any keystrokes on your keyboard.

3. Be Paranoid About Email Attachments

The next entry point that hackers can use to access your computer and/or data is via an email attachment. Some of these emails are very easy to identify due to the poor English and lack of punctuation etc but as time goes by, some hackers are becoming very clever in the way that they present their emails. The aim is to entice you to open the attachment which contains a virus.

A technique that has been used just recently is to accuse you of spamming and say that the evidence is in the attached file. Some go as far as threatening legal action if you don’t stop. That presents a very compelling reason to open the email and I’m sure it is very effective.

The solution is to be quite paranoid about email attachments. If it’s not from someone you know then don’t open the attachment. If it looks legitimate then telephone the sender. If it is important, the sender will include their full contact details including identification of their company or organisation and a telephone number.

4. Use A Secure Password Manager

I mentioned Roboform earlier. Roboform is a secure password manager and I honestly think it is as important as your Anti-Virus program. The main problem with passwords is that it’s too difficult to remember complicated passwords and too easy for hackers to crack simple passwords. That’s where Roboform really shines. It stores your login information and passwords in an encrypted state so that they can’t be accessed without your ‘master’ password. In order for anyone to get access to your login details and passwords they would need to have access to your computer and get past the master password that you set to protect that information. Roboform also provides an online service which allows you to synchronise your passwords between your computers and handheld devices. Roboform uses very strong security and encryption and their software and services have never been hacked or exploited.

I guess there could still be a problem for some people – how to have a strong master password that is easy to remember. It’s fine to have all your important details stored securely, but it’s only as secure as your master password. I like to use a mix of punctuation, upper and lower case and numbers in my passwords. An example might be something like B4114rat.2011 – which is basically ballarat2011 with a capital B, a period and ‘alla’ written in numbers like ‘4114’. I wouldn’t have much difficulty remembering that password and it is quite strong, particularly if a hacker was sitting at my computer or laptop trying to work it out.

5. Use A Little Bit Of Common Sense

Of all the tips this is probably the most important. A little bit of common sense goes a long way when dealing with the many different scams, viruses, phishing emails etc. Common sense should tell you that banks are the biggest target for fraudulent emails that attempt to get your login details, so your bank is NEVER going to send you an email asking you to ‘login for security update’ or anything along those lines. Common sense should also tell you that the poorest countries in the world (e.g. Nigeria, Congo, Cote D’ivoure) are not teeming with individuals who want you to assist them to ‘move’ millions of dollars. Similarly, companies like Microsoft do NOT collect millions of email addresses and then run a lottery.

If it looks crazy or too good to be true then it more than likely is a scam. And all it takes is a quick search on Google to find out. Paste a line from the email message into Google or search for something like ‘Microsoft Lottery’ or ‘nigerian transfer’ and you will very quickly find out if the email you are looking at is a widely distributed scam.

The bottom line is that a little bit of due diligence can save you a lot of time, money and stress.