By Eng Kwee Ng
City of Marshfield Director of Technology
October was National Cyber Security Awareness month. With data breaches happening to major corporations in recent news, the threats in cyberspace are real.
As we are approaching the major holiday shopping season for the year, if you are planning to do any online transactions from your desktop, laptop, or mobile device, some of the tips and best practices below may help protect you or reduce your risks.
- Look for “https” before you click “Purchase.” The “s” stands for secure and indicates that communication with the webpage is encrypted. A padlock or key icon in the browser’s status bar is another indicator.
- Limit online shopping to merchants that you know and trust. Only go to sites by directly typing the URL (the company’s website address) in the address bar.
- Consider using a credit card, not debit card, if you do pay online directly to the retailer. Credit cards are protected by the Fair Credit Billing Act and may reduce your liability if your information is used improperly.
- Do not respond to pop-ups. When a window pops up promising you cash, bargains, or gift cards in exchange for your response to a survey or other questions, close it by pressing Control + F4 on Windows devices or Command + W for Macs.
- Do not use public computers or public wireless access for your online shopping. Public computers and Wi-Fi hotspots are potentially insecure. Criminals may intercept traffic on public wireless networks to steal credit card numbers and other sensitive information. Care should be taken that the settings on your computer or device prevent it from automatically connecting to Wi-Fi hotspots.
- Secure your home Wi-Fi. Make sure that you control who has administrative access and that any users on your network authenticate with a strong password. Encryption settings should be enabled and strong. Using WPA2 is recommended.
- Keep current with all operating system and application software updates for your computer and mobile devices. Anti-virus and anti-malware software should be installed and running and receiving automatic updates.
- Use strong and unique passwords for each account. A good password is at least ten characters and uses a mix of upper case, lower case, and numeric or special characters. Each of your online accounts, especially financial ones, should have its own strong password so that if one is compromised, the attacker does not have automatic access to your other accounts.
- Use a firewall. If you use your laptop for traveling or connecting your device to the internet directly, it is recommended that the firewall be enabled and set to the strictest level of security and only allow exceptions for services you need.
- Back up your data at regular intervals so you can retrieve your important data if your computer fails. External hard drives and online backup services are two popular vehicles for backing up files. Having backups would also allow you to recover from ransomware attacks.
CryptoWall and CryptoLocker are examples of ransomware, which infects a victim’s machine and encrypts its data. The hacker alerts the victim that his or her files have been encrypted and directs the victim to pay a ransom by a certain date otherwise the key necessary to decrypt the files will be destroyed, rendering the files irretrievable.
- Beware of phishing emails. Typically a phishing email would try to entice the recipient into clicking a link or downloading an attachment. A phishing scam targeting your financial accounts will consist of an email message notifying you of a “problem” with your account and ask you to click on a link to your “bank’s” site and submit sensitive information.
This site, however, is a very convincing fake version of the legitimate site. This website may then prompt you to provide personal information such as Social Security, bank account, or credit card numbers, and/or it may download malicious software onto your computer. Instead of clicking on the link to your bank’s website embedded in an email, navigate to the financial institution’s website on your own by typing the address directly into your browser.
Beware of attached files as they may contain malware. Open attachments only from trusted sources, and if you are in doubt, do not open it at all. You may also consider using anti-phishing software to help block many phishing-related emails. Remember, no legitimate financial institution will ever ask you to provide sensitive information in an email.
- Beware of “poison” search results. Hackers looking to target your machine know how to poison search results to get you to click on a site that hosts malware. Cyber criminals can sometimes deface legitimate websites by adding content that is designed to rank highly in search results, knowing the first returned sites are more likely to be clicked on directly.
I want to leave you with the three campaign keywords that were used for the National Cyber Security Awareness month: Stop. Think. Connect.
STOP: Before you use the Internet, take time to understand the risks and learn how to spot potential problems.
THINK: Take a moment to be certain the path ahead is clear. Watch for warning signs, and consider how your actions online could impact your safety or your family’s.
CONNECT: Enjoy the internet with greater confidence knowing you have taken the right steps to safeguard yourself and your computer.