By Mike DuBose and Blake DuBose
Some might say that thieves have it a lot easier these days. Why rob a bank with a gun in front of numerous witnesses (not to mention security cameras), when one can quickly and quietly steal peoples’ assets from behind a computer screen?
In August 2014, USA Today reported that Russian cybercriminals had committed the largest theft of password and username combinations known to history—1.2 billion—as well as 5 million e-mails from databases on 420,000 websites. As this and many other news stories from recent years can attest, there is a growing menace to our society in the form of multitudes of amateur and professional hackers who lurk online. If these criminals gain access to your personal computer or business network, they can harm your reputation, damage your hard work, buy things with your money, or just get sadistic pleasure from watching you scramble to recover your privacy.
Over the last 20 years, the Internet has become a fixture in most of our daily lives. Experts predict that by the end of 2014, there will be roughly a billion websites in the world. A 2013 report by tech research firm The Radicati Group estimates that nearly 200 billion e-mails are sent every day, and 8.6 trillion text messages are sent each year, according to Portio Research. In addition, more than 40 billion Internet-enabled devices such as cars, home appliances, and other equipment will all be linked together by the Internet by 2020, according to networking equipment manufacturer Cisco.
The rise of the Digital Age has many benefits, like global interconnectedness; the ability to find information almost instantaneously; and quick, easy videoconferencing with coworkers, friends, and family, but it also opens us up to new, very serious threats. As McAfee, a leading antivirus software provider, warns in its Security Advice Center, “When you go online for e-mailing, instant messaging (IM), shopping, and banking, you often communicate personal information such as addresses, phone numbers, account numbers, usernames, and passwords. Unfortunately, you risk having this personal information and possibly even your identity stolen, or having your PC used as a launching pad for hackers to attack others.”
According to the AARP, in 2010, 1 in 9 victims experienced identify fraud when their computers were accessed by hackers. In 2013, the numbers skyrocketed to 1 in 3! Once someone penetrates your computer’s defenses, they can impersonate you while applying for credit cards or even rob you of your savings.
Hacking can happen at all levels—from your personal computer, to a small business, to a huge multinational corporation—but businesses are especially susceptible to attacks from greedy hackers in search of financial resources. In fact, as Peter Singer, director of the Washington, DC-based Center for 21st Century Security and Intelligence, said in a 2014 Fortune article, “Ninety-seven percent of Fortune 500 companies have been hacked, and likely the other 3% have too, they just don’t know it.”
In late 2013, online criminals attacked retail giant Target, stealing information on up to 70 million credit card accounts. Shortly thereafter, other companies like eBay, Michaels, Nissan, and Alcoa announced that they had also been hacked. Such attacks often pose the greatest harm to normal consumers—it’s their personal and credit card histories, stored during their interactions with these companies, that fall into the possession of the hackers.
The consequences can extend far beyond the monetary to personal data and relationships. In 2012, tech writer Mat Honan was cyber-attacked by a nineteen-year-old who erased his entire digital life, including family photos, in one hour. All of Honan’s data on his iPhone, iPad, and MacBook was erased, and the hacker used his Google and Twitter accounts to spew racist and offensive comments. New York Times technology writer David Pogue experienced something similar just a month later.
Clearly, no one is immune from cyberattacks. Once, Mike looked up at his computer screen to see the cursor moving around and opening files without him touching the mouse! Despite our technology staff’s excellent security practices, someone had skillfully wormed their way into his home computer. Hackers can also penetrate a person’s e-mail security and then send you harmful links “from” that person.
One of the many ways that hackers access information is through “phishing” or “spoofing” e-mails. By now, most of us know that the “Nigerian princes” offering us money are scammers. But online criminals are constantly creating clever new tricks, like fake notices from legitimate organizations such as Amazon, the IRS, US Post Office, Apple, Federal Express, or Internet providers (sometimes even with their logos) alerting us to open up a link for details. If you are actually expecting something from Amazon or FedEx, you might easily fall into this trap! In a business, all it takes is for one individual to open up the e-mail and click the link for the entire company, its employees, and their customers to be threatened. Viruses, along with poorly constructed or overused passwords, are the main factors allowing hackers to penetrate computer networks. Password generators that can guess most passwords are available for as little as $3,000, and anyone can buy them!
Although there’s no guaranteed way of completely avoiding attacks on your digital security, there are many steps you can take to make them less likely to succeed. Based on our research and advice from technology experts Brian Charles and Jeff Bradley at DuBose Web Group, here are 28 strategies to better protect yourself online:
- Use different passwords for each site: A 2012 Harris Interactive survey revealed that 62% of adults reuse the same password online. But if you employ a few (or even just one) password for many sites, you’re basically handing hackers the keys to the kingdom! If they discover one password, they can try it on many other sites. Thus, it may not be convenient, but it is very important to use different passwords for each site you use. (Many experts also recommend changing your passwords—even if they haven’t been compromised—every few months.) Also, as an extra layer of security, some companies (including Google and Facebook) are also adopting a two-step verification process for logging into your accounts. If the system doesn’t recognize the computer or mobile device you are using, it will require validation (usually through a text message or email) to quickly confirm you’re a valid user. As president of DuBose Web Group, Blake has researched the issue, and he believes that two-step verification and fingerprint or voice verification will be the new standards moving forward.
- Make passwords unique: Crafting passwords that are very difficult to guess is your first line of defense, but many people use information such as their birthdays or family members’ names that can be found using a few quick Google searches. Don’t make it this easy for criminals! Instead, focus on unpredictability and length. Some of the best passwords include made-up or misspelled words with a combination of upper and lower case lettering, numbers, spaces, and punctuation, such as “Beemme up Scottie@1_!” Security expert Bruce Schneier, a fellow at Harvard University’s Berkman Center for Internet and Society, recommends taking a sentence and turning it into a password (he calls this technique the “Schneier scheme”). For example, as he posted on his Schneier on Security blog: “‘This little piggy went to market’ might become ‘tlpWENT2m.’” This type of password is unlikely to be deciphered by most password crackers. If you would like to test your password security, Gibson Research Corporation’s page at www.grc.com/haystack.htm can estimate how difficult yours would be to decode.
- Keep track of passwords safely: Of course, if all your passwords are different, remembering them can be a chore. One option is to record them in a hard copy chart and store it in a safe place. Keep a backup copy in a second location, such as a safety deposit box at the bank. (You don’t want your spouse or relatives to experience the nightmare of not being able to access your accounts upon your disability or death.) There are also new, very secure computer programs that will track and maintain your passwords. These include 1Password, Dashlane, LastPass, and PasswordBox. In a May 2014 Wall Street Journal article, tech expert Geoffrey Fowler (who has more than 150 different passwords) rated Dashlane the best, followed by LastPass (which is our top choice).
- Maintain multiple e-mail addresses: Mike has several e-mail addresses and has split communications with his banking, credit card, and other accounts amongst them. If a hacker gets into one account, two-thirds of his other accounts are protected. Include your alternate e-mail addresses in your address book (under fictitious names so hackers will not know it is you) and you will be alerted quickly if a hacker is sending out malicious messages through your address. Then, you can immediately “Reply All” and warn everyone who received the e-mail not to open it. If this happens, change your password immediately, shut off power to your computer, and have your system screened for viruses.
- Create a password recovery e-mail: Linda Bernstein of Forbes magazine recommends setting up an e-mail address dedicated solely to password recovery. If your account is compromised or if you forget your password on any sites you use, the companies can send a temporary password to this e-mail so you can get back into your account. Be careful, though: don’t include your name, initials, or any identifying information in this e-mail address, as those are some of the first options hackers will try.
- Use only secure wireless networks: Failing to protect and lock your wireless network with a password means that thieves can access it from miles away using an antenna. Surprisingly, you can often find several unencrypted personal or business wireless networks simply walking around your neighborhood. One of our acquaintances never paid for Wi-Fi because they just used a neighbor’s unprotected connection! Be wary of using public Wi-Fi (for example, that offered by a coffee shop, retail store, or mall) for sensitive business, as many do not encrypt their information and your actions could be viewed by hackers.
- Monitor your checking, retirement, savings, and credit card accounts for suspicious activity: One common strategy for hackers who have accessed your private information is to test you by making small charges on your banking or credit card accounts. If those charges go unnoticed, they move on to larger purchases or withdrawals. Unless you or your bank catch on quickly, the damage will be done long before you receive your statement in the mail! Stay on top of your credit accounts by scanning them for suspicious charges every week. Also, download your free credit history at AnnualCreditReport.com, which draws information from the three major credit bureaus. If you don’t need credit, you might also consider freezing your credit bureau accounts (for a small charge) so that if you are hacked, the perpetrators cannot apply for loans and credit cards.
- Develop innovative answers to security questions: For typical questions like, “What street did you live on in third grade?” or “In what city were you born?” make up a (false) answer and record it somewhere secure. There’s a startling amount of information available on the Internet, including peoples’ dates and places of birth and even Social Security numbers. That way, even if someone is researching you and knows the correct answer, they won’t be able to use it to access your account.
- Always log out of your accounts once finished: As soon as you are done accessing your bank or credit card accounts online, log out. It’s easy to forget and leave for, say, a meeting, but the longer the account is open, the easier it is for thieves to access. They could then conduct criminal activities such as placing orders for merchandise or transferring money. If you are on your smartphone, take special care to exit apps after you are done using them. (For iPhones, click the main button twice, then swipe upwards on the apps you want to close out. This will also reduce battery drain.)
- When disposing of electronic devices, “wipe” them clean first: If you are getting rid of a computer, use a wipe utility program to overwrite the hard drive. Before selling, giving away, or throwing away a smartphone, remove the SIM card and delete all of your contacts, call records, messages, photos, and other data from the phone. You don’t want strangers (or worse, criminals) acquiring all of this personal information! Your carrier or businesses like Best Buy can help.
- Buy or download trustworthy antivirus software for your computer: Nearly 50 million new viruses and malware programs are developed each year, so it’s a constant struggle for antivirus companies to stay current. Most of us at least have some type of protection installed on our computers, but according to Symantec (the company that invented commercial antivirus software), only about 45% of cyberattacks are caught by antivirus software. New technologies will focus on spotting hackers who have already breached clients’ security measures and limiting the damage. Although it’s not a “silver bullet,” a good antivirus program does offer some protection and is still useful. Remember, though, never to download any antivirus software unless you are certain it is from a legitimate provider. Fake antivirus programs or alerts are another way for hackers to enter your computer.
- Put an extra wall between you and the bad guys: A firewall is a piece of hardware and/or a software program that blocks your computer from responding to communications you haven’t approved, including the random electronic probes that hackers send out. Versions of Windows from 2001 and later have a built-in firewall, but this only protects against outside attacks, not local programs exploiting your network connection, according to a July 2013 PC Mag article by Neil Rubenking. A firewall like those built into Norton Internet Security and Kapersky Internet Security, or a free option like ZoneAlarm Free Firewall 2013, adds an extra layer of protection to your computer.
- Keep all computer programs updated: Since the Internet is constantly growing and changing, software grows outdated quickly. Update regularly to fix problems, including newly discovered security issues. If you’re not technologically savvy and don’t know anyone who is, organizations such as the Geek Squad at Best Buy can assist you with strengthening your computer defense system either in your home or at their stores.
- Make regular backups of critical files: Someone could potentially wipe out your data for good if you haven’t stored copies in other locations. Obtain an external hard drive that automatically backs up your important files on a regular basis (ideally, every day, or at least weekly).
- Activate passcode features on your smartphone and tablet and keep them locked: If you have a smartphone, be sure to activate the passcode feature, which requires you to enter a code to open the screen. If an unscrupulous person finds your phone and decides to keep it, he or she won’t be able to access any of your programs or use the phone!
- Store backups on the cloud (if possible) and download a wipe-my-phone or tablet app: If you have a smartphone, it most likely contains sensitive account information and passwords. We have had our iPhones stolen twice and were able to remote in and erase all of our data both times (if the phone is returned, you can restore your information from the backup in cloud storage). You have to set up an account and turn on the automatic backup feature, but it is worth taking the time to do it. When Mike’s phone was stolen recently from the Atlanta, Georgia airport, he was able to keep the information it contained secure by wiping it clean from overseas and then restoring all of his music, data, and e-mails to a new phone when he returned to the US. There are also cool features and programs like Apple’s “Find My iPhone” or Google’s “Device Manager” that cause your device to make a loud sound. Then, if someone finds it, you can tell them who to call.
- Don’t use others’ storage devices: Never borrow storage devices like flash drives from others since viruses often lurk on them. New flash drives are inexpensive and will give you the comfort of knowing your information is safe.
- Ignore popups: You will sometimes get malware popups claiming that your video player or other software needs updating. This is just a skilled approach by hackers to access your computer. Instead, only allow updates from trusted sources (like Windows Update Agent for Windows machines).
- Never click on links in e-mails and text messages—even from people you know—unless you are specifically expecting them: There have been many occasions where we have received e-mails and texts containing hilarious video clips, but we will no longer be opening them after conducting the research for this article! It turns out that even harmless-looking videos can contain a “Trojan Horse” virus. Once the virus penetrates the address book of someone who has your e-mail, it sends you a video, accesses your address book, and continues the process with your contacts. Unbeknownst to you, the virus keeps spreading its damage, and once it is opened, the hacker can see everything you type! Therefore, avoid clicking on links unless you’re absolutely sure that they’re virus-free. Legitimate businesses will generally not ask you to click a link and update personal information, but if you receive one such e-mail and are concerned, find the company’s number and call to ask about it. Also, be aware that some hackers can use your social media activity to find out your likes and dislikes and send you targeted messages that contain viruses.
- Delete chainmail: Never respond to or open any links within a chainmail letter, even if it’s from a friend. A hacker may be using their address book to send you a virus, and you may unknowingly send it along to other friends!
- Eliminate or reduce “snail mail:” According to the AARP, your physical mailbox is a goldmine where thieves can snatch up personal and other information such as credit card bills. To avoid this, obtain a post office box, pay bills online and opt out of hard copy statements, or have bills mailed to your business address where someone can personally receive them.
- Watch what you post on social media: Be extra careful about what you display on social media sites like Facebook and Twitter. Often, people think nothing of posting information like where they are, who they are with, what their kids’ names are, and when they are going out of town, but it’s this type of information that can allow thieves to penetrate defenses. Once you post information, it has the potential to be seen by many people, and you can’t take it back. To keep strangers and search engines from finding your Facebook posts, ensure that you have selected the appropriate options in the “Privacy Settings and Tools” section of your Facebook page.
- Reject social media invitations from strangers: Save yourself some trouble and ignore Facebook and LinkedIn invitations from people you don’t know. They could be thieves seeking to learn more about you! If you do know the person, check with him or her personally to confirm that the request is legitimate.
- Shop only on secure sites: It’s best to stay on well-known, protected, and encrypted sites such as Amazon when making online purchases. Before entering any credit card or other personal information, look in your browser for a locked padlock or unbroken key symbol. Web addresses will also change from “http” to “https” for secure sites. (On the flip side, if your organization does business online through an e-commerce website, ensure that your web company builds your website to be “PCI Compliant.” By adhering to these compliances, you can greatly reduce the risk of having your clients’ financial information compromised.)
- If you have a website, use a quality hosting plan: If you aren’t aware of what provider your website is hosted on, ask your website developer. There are hundreds of providers in the industry that can host your website very cheaply, sometimes at less than $5 per month—however, you get what you pay for. In addition to providing lackluster support and service, these companies often pack thousands of websites onto a server like sardines, which can cause issues like excessive website downtime, increased exposure to malware or viruses, and other security problems. To prevent these issues, pay a little more for a higher quality hosting plan. For example, at DuBose Web Group, we use our own dedicated cloud servers that only we can access, and only our applications run on them.
- Don’t store your credit card information when making purchases online: While it’s time-saving to allow merchants to save your credit card number, your financial data could be compromised if the site is hacked. Consider those extra couple of minutes it takes to enter your information an insurance policy!
- Beware that financial institutions may not pay you back: Banks and credit card companies will normally refund you for unauthorized charges made to your account unless they can prove fraud or negligence. They are also making efforts to educate consumers about how to protect themselves, and they expect you to heed their warnings. They may repay charges made when you are hacked one time, but not the second! It can often take a significant amount of time to recover lost funds as well.
- Above all, watch out for human error: There are many technology-based security measures that you can implement to protect yourself, but human error remains a primary factor in whether or not you will be hacked. Hackers look for people who are gullible, trusting, or impulsive—they are much easier to trick than computers! Use common sense and a healthy dose of suspicion when dealing with anyone online to protect yourself, a strategy that Mike calls “productive paranoia!”
The bottom line: Yahoo and Google are working together to develop a secure encrypted messaging system that not even they can read as e-mail providers, and similar innovations are on the way. Still, with all of the dangers lurking out there right now, the question seems not to be if your online security will be compromised, but when. However, by practicing some basic security measures, you can make yourself unattractive to hackers and thieves looking for easier targets. It may take a bit of effort, but it’s worth it to protect your identity, money, future, and your sanity!
Mike DuBose, a USC graduate, is the author of The Art of Building a Great Business. He has been in business since 1981 and is the owner of four debt-free corporations, including Columbia Conference Center, Research Associates, and The Evaluation Group. Visit his nonprofit website www.mikedubose.com for a free copy of his book and additional business, travel, and personal articles.
Blake DuBose graduated from Newberry College’s Schools of Business and Psychology and is president of DuBose Web Group. View our published articles at www.duboseweb.com.
Katie Beck serves as Director of Communications for the DuBose family of companies. She graduated from the USC School of Journalism and Honors College.
© Copyright 2014 by Mike DuBose—All Rights Reserved. You have permission and we encourage you to forward the full article to friends or colleagues and/or distribute it as part of personal or professional use, providing that the authors are credited. However, no part of this article may be altered or published in any other manner without the written consent of the authors. If you would like written approval to post this information on an appropriate website or to publish this information, please contact Katie Beck at [email protected] and briefly explain how the article will be used and we will respond promptly. Thank you for honoring our hard work!