Before You Click That – Read This

While it might all seem a bit James Bond, cyber criminals really do exist and have a veritable arsenal of tricks to try and trap people into disclosing more than they bargained for.

Accepted, not every organisation is a multi-national housing databases bursting with credit card data and other personally identifiable information, but that doesn’t make the small business or man on the street any less attractive. Online banking and shopping habits are all opportunities these devious individuals can use to make themselves money.

Fred Touchette, Senior Security Analyst at AppRiver, offers five security tips to keep you safe in an increasingly virtual world

Step 1: Don’t trust your inbox
Without doubt, the most common tactic criminals will employ is malicious emails, or phishing scams as they’re often referred. The fundamental rule is never click on a link, or an attachment, from an unsolicited email. Remain vigilant and use simple logic – if it seems too good to be true, then it probably is and delete the email, especially if it is from someone you did not initiate contact with or a competition you’ve not entered.

The most effective preventative strategy is to educate members within your family or organisation to the risks so that sticky situations are avoided as much as possible.

Step 2: Strong locks
In the wake of recent data breaches, where attackers have subsequently posted stolen passwords online, it is evident that people are either unaware or ignore the importance of a strong password. It might shock you to know that, with easily available software, a six letter password can be cracked in as little as 10 minutes – if it’s a word in the dictionary this could be much shorter.

Just like you would protect your premises with the strongest lock possible, you should employ the same strategy online. For this reason I’d advocate that you forget using a password altogether and instead use a ‘passphrase’.

A strong passphrase should consist of upper and lower case letters, numbers and symbols. It is also critical that it be no less that 8 characters in length (but the longer the better). An easy way to come up with one is to start with a phrase that you can easily remember. Take “chicken and waffles” for example, you could use something like ‘ch1ck3n@ndWaffl3S.’

If a hacker somehow gets their hands on your email password (for example) they will commonly attempt to access other accounts using the same credentials. For that reason, avoid using the same passphrase across multiple accounts.

Step 3: Practice Safe Browsing
Before entering sensitive information into any website, look for the security padlock symbol in the address bar – it’s one way of checking that a website is safe and that the information you submit is secure. Double clicking the icon will display the certificate so you can make sure it’s current and issued to the same company.

Also, check the text before the website name in the address bar. The “https” is another indication that the page you are viewing is secure.

Finally, if you’ve clicked a link, check to make sure that the address stayed the same. If it has changed, then it has taken you to a fraudulent web address where cybercriminals can monitor and access your information.

While on the subject of safe browsing it’s also worth mentioning that a good portion of online scams and spam target today’s younger generation of Internet addicts. Chances are, computers accessed by less-discerning youthful users, will be infected with malware and viruses. It’s best not to bank online using the same computer that your children do and, if practicable, designate a separate PC purely for completing secure financial transactions.

Step 4: Layer up
Attackers are attempting to take advantage of you at any angle possible, so it is a good idea to take a layered approach when it comes to security. Make sure you are implementing multiple solutions such as a Firewall, Anti-virus software, Email spam filtering and Web filtering.

Step 5: Patch it
Hackers and security researchers alike are constantly testing operating systems, browsers and software for vulnerabilities. And it’s not a matter of “if” they find flaws, it’s “when”. Once vulnerabilities are identified it’s a fight against time between the good guys releasing an update to patch the vulnerability and the bad guys to exploit it. Failure to apply these updates can leave you very exposed.

The cybercriminals that now take aim at computer users en masse, have become experts in manipulating people into performing a certain action. These thieves are constantly coming up with new and creative ways to trick individuals into doing what they want.

It’s your job not to let them.