We often see the Internet described as the “Wild West.” We see articles about how important Internet security is, the dangers of identity theft, credit card hijacking, hacking, phishing—and we wonder how this applies to us. We think we’re probably pretty safe as long as we’re not surfing dubious websites or responding to spam email… aren’t we?
The unfortunate truth is that these days you can’t afford not to have an effective online security system in place– both at home and at work. Internet crime is surging, hacking methods are increasingly sophisticated, and that means that sooner or later you’re going to be a victim unless you protect yourself. I’ve written a short series of articles to help you better understand online security, why it’s become critically important, and the steps you should take to become more secure.
Not to belabor analogies but a comparative example of computer security is a bit like the security you have at your house or apartment. You have locks on the doors and windows to keep the bad guys out. If someone does break in they can steal something of significant value from you and that’s not good.
On the Internet your house is not just your computer, it is also your bank account, your credit cards, your credit rating, and lots of other things you never give much thought to. One of the main reasons Internet fraud is so lucrative is that the thieves can do it anonymously—they don’t come up and kick your door in, instead they hack into your bank account from 6,000 miles away and literally no-one can catch them. For this reason Internet crime has become very organized and systematic, and this is why you need to protect yourself.
A good way to understand the whole security issue is to use a typical scenario: you are browsing the Internet looking for something, let’s say garden furniture. You don’t buy anything and you never enter any information; you simply visit a few websites, scan the information, and then turn off your computer. Six weeks later you receive a call from your credit card company asking if you purchased a fur coat from a store in Paris. “No!” you indignantly reply. “I’ve never been to Paris.” If you’re lucky, the trouble stops there and your credit card company eats the charges and closes your account. But what just happened?
When you were browsing the Internet looking for garden furniture, you visited a creditable and honest website whose servers had been hacked. By simply visiting this site your browser downloaded a tiny, nefarious pierce of software and installed it on your computer without your knowledge or the knowledge of the company who owns the website. This software was a stealth “keylogger” and like the name suggests, it secretly records everything you type on your computer. Two days later you bought a book on Amazon. Everything went fine except the keylogger captured your credit card information and sent it over the Internet to bad guys in a far-off country. The bad guys then sold your credit card information. (Believe it or not there are websites where you can buy stolen credit cards numbers—they go for about $50 each.)
The crook who bought your credit card information has a machine that can create an actual card identical to yours, with your number. He hires an attractive woman to use your card to shop for the most expensive items at a high-end department store in any city in the world (in your case this was in Paris but it could just as easily have been Tokyo).
But the thieves aren’t done yet. In parallel with stealing credit card numbers, automated “phishing” programs send emails to millions of addresses telling them that their eBay account has been changed and that they need to log in and update their information. Some do. Of course the scam email link doesn’t go to eBay; the link goes to a fake site that captures eBay usernames and passwords.
The thieves with all the luxury items bought using your stolen credit card now buy stolen eBay accounts. They look for those with good credit and sell the luxury items through these eBay accounts. Once the goods are purchased by an unsuspecting eBay bidder, they are shipped to a “work from home” mom who then ships them out to the buyer, protecting the thieves from actually having to ship the goods themselves—remember, they may be in a different country. Everything looks legitimate.
Why am I telling you this story? Because before we can understand how to be more secure on the Internet we need to understand just how well-organized and prevalent online fraud has become. It is insidious – there are many, many different scenarios like the example I used here—and it can affect anyone who is unprotected.
Here are some steps you can take to protect your personal computers:
- Use strong passwords. Make them longer than 8 characters and include capitalization, numbers and non-alpha characters:For example, choose two or more meaningful words that you can remember, like “vitaminsoccer” or “steaktheatre”, then add some capitalization such as “vitamiNsocceR”. Now crush the bad guys by sprinkling some numbers and alpha characters such as “v1tami+NsocceR46$” . Don’t worry, you can still remember it but the bad guys are stopped in their tracks.Don’t use the same password for all your accounts (more on easy ways to handle multiple passwords in a future article).
- If you have an old computer, one more than 5 years old, upgrade to a newer, more secure machine.
- Keep your computer OS updates current with all patches (yes, I know it’s a hassle to update every time you receive a reminder, but do it religiously).
- Keep your browser version up to date.
- Keep current with the latest releases of software like Adobe Acrobat.
- Install Internet Security software from a reputable company
- Using anti-virus software alone is not enough. Make sure you have “Malware” protection and run a scan of your machine often.
- Only use encrypted wireless connections.
- Keep a close eye on your credit scores. Consider using a service that automatically checks your score on a regular basis and will alert you to problems.
- Before getting rid of an old computer, open it up and use a sledgehammer to destroy the hard drive (seriously!).
In Part 2, I’ll discuss online security for your business.
At Vigillo we strive to keep abreast of security issues and we go to great lengths to protect your information. In future articles we will discuss the business implications of security and the safeguards we have in place to keep you safe
Do you have any stories about security breaches? If so then please let me know.