Account Security
Create complex passwords. Your passwords to access your accounts on apps or websites should consist of a combination of numbers, upper- and lower-case letters, and special characters that is difficult to guess. Don't use the same password for more than one website or account. This limits the damage to you if a hacker happens to crack one of your passwords.
Use a password manager. Password managers store and auto-fill your credentials for different sites, allowing you to create a complex and unique password for each site without having to worry about entering the password itself more than once. While you should absolutely keep track of your passwords on your own as well, a password manager will help make your device much more secure. Highly praised third-party password managers include "Dashlane 4", "LastPass 4.0 Premium", "1Password", "Sticky Password Premium", and "LogMeOnce Ultimate". Most browsers have a built-in password manager that stores your passwords (although they don't typically encrypt them).
Don't give out your password. This is an obvious piece of advice, but one that bears revisiting: with the exception of some school services, you shouldn't ever have to provide a site administrator with your password for them to access your account. This logic applies to IT workers and Microsoft or Apple representatives. Similarly, don't tell people your phone or tablet's PIN or passcode combination. Even your friends might accidentally tell someone your passcode. If you do have to give someone your password for some reason, change it as soon as they are done with whatever they needed to do on your account.
Change your passwords often. In addition to keeping your password a secret, you should change the passwords on your various accounts and devices at least once every six months. Be sure not to use the same password twice (e.g., your Facebook password should be different than your bank password, etc.). When you do change your password, you should change it substantially. Don't simply replace one letter with a number.
Use two-factor authentication. Two-factor authentication requires you to enter a code sent to you in a text message or another service to access your account after you enter your user name and password. This makes it more difficult for a hacker to access your information, even if they are able to crack your password. Most major websites, including popular social media networks, have some form of two-factor authentication available. Check your account settings to learn how to enable this feature. You can set up two-step verification for your Google account. Popular app alternatives to receiving a text message include Google Authenticator, Microsoft Authenticator, and Authy. Some password managers also include a built in authenticator app. EXPERT TIP Brandon Phipps Brandon Phipps Technology Specialist Brandon Phipps is a Technology Specialist based in Bakersfield, CA. He is the owner of Second Star Technologies and specializes in Managed IT Services for small and mid-sized businesses in Bakersfield, CA. With over 23 years of experience, he offers expert cloud computing, cybersecurity, and network management solutions. Brandon is a committed community member and coach who leads and innovates in tech and sports coaching. His dedication to local businesses and communities is evident in his hands-on, tailored approach to IT solutions. Brandon Phipps Brandon Phipps Technology Specialist Enable two-factor authentication on all your digital accounts. That applies to all your personal accounts, business accounts, finances, client information, and productivity apps. Two-factor authentication protects your sensitive data from unauthorized parties and reduces the risk of security breaches.
Avoid using the correct answer for security questions. When making security questions, don't make the answer to them the correct answer. Hackers can find out your mother’s maiden name or what street you grew up on easily. Instead, make the answers incorrect, or even better, make them like passwords and don't base the answers on the questions at all. For example, for the security question "What is your mother’s maiden name?" make the answer something like "Pineapple". Better yet, you a combination of random numbers, letters, and symbols like "Ig690HT7@." You might want to write down the answers to your security questions and keep them in a safe place, so that you can still recover your account if you forget the answers.
Read privacy policies carefully. Any company that has information from you must have a privacy policy that details how they use that information and the extent to which they share it with others. Most people simply click through the privacy policy without reading it. Although the reading can be cumbersome, it's worth at least skimming it so you know how your data is being used. If you see something in the privacy policy that you disagree with, or that makes you uncomfortable, you may want to reconsider sharing information with that company.
Log out of accounts when you're done with them. Simply closing the browser window isn't always enough, so make sure you click (or tap) on your account name and select Log Out (or Sign Out in some cases) to manually sign out of your account and remove your login credentials from the site.
Make sure you're on an official website when entering passwords. Phishing scams – instances in which a malicious page pretends to be a login page for a social media or bank account – are one of the easiest ways for you to get hacked. One way to spot phishing scams is to look at the site's URL: if it closely resembles (but doesn't exactly match) a reputable site's URL (e.g., "Facebok" instead of "Facebook"), it's a fake site. For example, enter your Twitter login information on Twitter's official page only. Avoid doing so on a page that asks for the login information in order to share an article or something similar. An exception to this rule is when a university uses an existing service (e.g., Gmail) through their home page.
Phone Security
Change your phone's passcode often. The first line of defense against people attempting to view or steal your data is a strong and constantly changing passcode. Make sure that you substantially change the passcode each time you change it--don't just change one number. On most phones, you can set a "complex" or "advanced" password that includes letters and symbols in addition to the typical numerical characters. Avoid Using Touch ID or other fingerprint verification features. While these seem more secure than a passcode, it is actually easier to hack than a password because hackers can replicate your fingerprint with a printer. Fingerprints are also not protected by the 5th amendment, but passcodes are.
Update your devices and software. As soon as an update becomes available for anything from your phone's Facebook app to its entire operating system, you should apply it if possible. Many updates are patches to repair weaknesses and address security vulnerabilities. Failing to update your software will eventually result in an exploitable weakness appearing, which puts your device at risk. If you have the option to download all updates automatically, make use of this feature. It will save you a lot of trouble.
Charge your phone on reliable USB ports. These include the ports on your computer and in your car (if applicable). Public USB ports, like the ones you may see in a coffee shop, can compromise your information. For this reason, it's a good idea to bring an electrical outlet connector in addition to your USB cable if you're traveling.
Avoid jailbreaking (or rooting) your phone or side-loading apps. Both iPhones and Androids have security safeguards that can be bypassed by jailbreaking or rooting the respective devices but doing so opens your phone up to attacks and infections that would have previously been impossible. Similarly, downloading apps from unverified sources ("side-loading" apps) greatly increases your risk of contracting malware. Android phones have a built-in security suite that prevents you from downloading apps from unknown sources. If you do choose to disable this option (from the Security tab in Settings), you'll need to carefully verify websites from which you download apps before proceeding with the downloads.
Computer Security
Encrypt your hard drive. If your hard drive is encrypted, a hacker will be unable to read the data stored there, even if they manage to gain access to your hard drive. While you've taken steps to prevent access, encryption is another method of protecting your information. Mac - FileVault is the encryption service for Macs. You can enable it by clicking the Apple icon in the top-left corner of your Mac's screen, clicking System Preferences, clicking the Security & Privacy icon, clicking the FileVault tab, and clicking Turn On FileVault. You may first have to click the lock icon and enter your Mac's administrator account password. Windows - BitLocker is Windows' default encryption service. To enable it, simply type "bitlocker" into the Start search bar, click the "Bitlocker Drive Encryption" option, and click Turn on BitLocker. Keep in mind that Windows 10 Home users won't have access to BitLocker without first upgrading to Windows 10 Pro. EXPERT TIP Brandon Phipps Brandon Phipps Technology Specialist Brandon Phipps is a Technology Specialist based in Bakersfield, CA. He is the owner of Second Star Technologies and specializes in Managed IT Services for small and mid-sized businesses in Bakersfield, CA. With over 23 years of experience, he offers expert cloud computing, cybersecurity, and network management solutions. Brandon is a committed community member and coach who leads and innovates in tech and sports coaching. His dedication to local businesses and communities is evident in his hands-on, tailored approach to IT solutions. Brandon Phipps Brandon Phipps Technology Specialist Encrypt sensitive systems with client and financial data to restrict access to authorized users only. With the latest operating systems, encryption has become more accessible and easier to implement. You must secure your sensitive files and data without delay, and keep this practice in the future.
Install updates as soon as they become available. In addition to performance upgrades, system updates often contain improvements to security.
Back up your data frequently. Despite even the strictest security, it's still possible that your data may become compromised. This may be the result of hacking, or simply computer failure. Backing up your data ensures you don't lose anything. There are cloud-based services you can use to back up your data. Check the security of these services carefully before joining one. While you may be tempted to go with the least expensive service, you want to make sure your data will be kept safe. You also can use an encrypted external hard drive to back up your data. Set up your computer to run automatic backups daily, at a time of day when you aren't normally on your computer.
Avoid clicking suspicious links or responding to unknown emails. If you get an unsolicited email, or an email from a sender that you cannot verify, treat it as a hacking attempt. Do not click on any links or give the sender any personal information. Keep in mind that even replying to the email will let the sender know that your email address is active and valid. While you may be tempted to send them a sarcastic reply, even this will give them information they can use to hack you.
Install or activate your firewall. Both Windows- and Mac-based computers come equipped with a firewall, which prevents hackers from gaining access to your computer. However, in some computers, the firewall is not turned on by default. Go into the security settings of your computer and look for "firewall" settings. Once there, make sure it is turned on and that it is blocking incoming connections. If you have a wireless network, your router should have a firewall as well.
Enable a firmware password. If your computer has the option available, require users to enter a password before rebooting from a disk or entering single-user mode. A hacker cannot get around a firmware password unless they have physical access to your machine, though you'll need to be extremely careful not to forget or lose the password since it is immensely difficult to reset. To create a firmware password: Mac - Restart your Mac, then hold down ⌘ Command and R as it boots up. Click Utilities, click Firmware Password Utility, click Turn On Firmware Password, and create your password. Windows - Restart your computer, then hold down the BIOS key (typically Esc, F1, F2, F8, F10, or Del) as your computer boots up. Use the arrow keys to select the password option, then enter your preferred password.
Disable remote access. You may need to access your computer remotely, or allow someone else to do so, such as if you've called tech support. However, you should keep it disabled by default and only turn it on for brief periods when you need it. If you have remote access enabled, you essentially leave an open door for hackers to get into your computer and steal your data.
Install antivirus software on your computer. Antivirus software recognizes and removes potentially harmful files and programs as soon as you download them. Windows Defender is a good choice for PCs, and it comes pre-installed on Windows 10 computers. For a Mac, consider AVG or McAfee as another line of defense on top of Gatekeeper, which is the default protection suite. It's also a good idea to make sure your computer's firewall program and Bluetooth function are only letting trusted connections access your computer.
Network Security
Use secured wireless networks. Generally speaking, secured networks require you to enter a password before you can connect to them. In some locations (such as airports or coffee shops), you can request the password after purchasing an item. If the wireless network isn't secured, your computer will let you know before connecting. In some operating systems, there will also be an exclamation mark next to the network's name. If you have to use the internet but don't have access to a secure network, change your passwords immediately the next time you log into a secure network. If you have a wireless network at home, make sure it's secure and encrypted. Keep in mind that wireless routers typically aren't secure by default – you have to set this up yourself. EXPERT TIP Chiara Corsaro Chiara Corsaro Computer Specialist Chiara Corsaro is the General Manager and Apple Certified Mac & iOS Technician for macVolks, Inc., an Apple Authorized Service Provider located in the San Francisco Bay Area. macVolks, Inc. was founded in 1990, is accredited by the Better Business Bureau (BBB) with an A+ rating, and is part of the Apple Consultants Network (ACN). Chiara Corsaro Chiara Corsaro Computer Specialist Our Expert Agrees: To keep your computer safe from hackers, always make sure that when you're on the internet, you're connected to a secure network and not a public network. When you're out in public, that's usually the biggest cause of having your system get compromised.
Download programs only from reputable sites. This methodology goes for sites you visit on an unsecured connection as well. If there isn't a padlock icon to the left of the URL address and "HTTPS" in front of the "www" portion of the URL, it's best to avoid the site (and downloading anything from it) entirely if possible.
Learn to recognize fake websites. In addition to avoiding sites without "HTTPS" and the padlock icon next to the URL, double-check the website's URL before entering your password on it. Some sites will attempt to steal your login information by posing as another site (this is known as a phishing scam); you can spot these sites by looking for extra (or missing) letters, dashes between words, and extra symbols. For example, a site masquerading as Facebook might have faceboook.com as its URL. Sites which display dashes between multiple words in the site name itself (the words in between "www" and ".com") are generally not reliable.
Avoid file sharing services. Not only does file sharing often violate intellectual property laws, but file-sharing websites are crawling with hackers. You may think you're downloading the latest hit song or a new movie, but the file actually is a virus or malware in disguise. Many of these files are designed in such a way that the virus or malware hidden within won't be picked up by anti-virus software screenings. The virus won't infect your system until you try to play the file.
Shop only on secure sites. Don't enter account or credit card information on a site that doesn't have "https://" written before the "www" section of the website address. The "s" indicates the site is secure. Sites without that won't encrypt or protect your data.
Keep personal information off social media. You may think you're just sharing with friends but revealing too much about yourself and your life on social media can make you vulnerable to hackers. Share personal information directly with people who need to know rather than openly posting on social media.
Comments
0 comment