We


Online security: what you need to know

Estimated reading time 6 minute(s)

Online security, install your favourite antivirus on your device and problem solved, yes? sadly this just isn’t the case. Of course, we all need some form antivirus protection but viruses aren’t the only threats we need to be concerned about. In this article, we would discuss what you need to know about online security and how you can minimize the risk of being hacked.

 

Phishing

Phishing usually comes in the form of an email that takes you to fake website posing as an entity it is not. For example, you may get an email stating that there is an issue with your Amazon account and you need to login to correct it. This example email includes a link to a website that looks like Amazon’s login page, needless to say when you enter your information on these fraudulent sites you’re handing an attacker your Amazon credentials.
There is a more nefarious method to this sort of phishing by suggesting urgency. Let’s say you get an email stating “Your order would be shipped in 2 hours – $400 will be charged to your credit card ending in 1234.” You can imagine that someone in a panicked state may throw all reason out the window to address the “emergency” at hand and fall victim to these schemes. Here’s how you can safeguard against these types of emails and websites.
Examine the domain name.
When reading an email or viewing a website, having a look at the domain name can reveal a lot about the authenticity of where the information is coming from. We will briefly examine the domain name hierarchy with an example below.
As far as email goes, a display name (the name that shows up on the email) can be changed easily, faking the place where it came from is not so easy. An email from [email protected] is likely to, in fact, come from sunnysidefarms.com because the “sunnysidefarms” is right before the “.com”. The “sunnysidefarms” part is known as the second-level domain and the “com” is known as the top-level domain.
Understanding this is important because Sunnyside farms can make an addition to their domain name known as a subdomain. Let’s say they wanted to differentiate between their head office and their distribution office, they can certainly register distribution.sunnysidefarms.com. Notice the hierarchy: “distribution” (subdomain) “sunnysidefarms” (second-level domain) then “com” (top-level domain).
Now if someone wants to impersonate Sunnyside farms they can just as easily register sunnysidefarms.skethcywebsite.com. Looking at that domain name hierarchy you can see it does not belong to Sunnyside.

Use secure websites when entering sensitive data

Whenever entering sensitive information online (passwords, credit cards etc.) always ensure the website has a security certificate. You can verify this by looking for the “s” at the end of http in the url. All secure websites would begin with https. This ensures all information sent to the server is encrypted.

Strong passwords

If you’ve heard it 1000 times let us be the 1001st, strong passwords are a must. Weak passwords are one of the easiest ways to get hacked. You may think you are cleaver by replacing E’s with 3’s and a’s with @ symbols and sprinkling an uppercase letter in, however, it isn’t humans that are doing the cracking nowadays, it’s computers. Password cracking algorithms have become so sophisticated that a weak 7 character password can be cracked in under a second! Creating a strong password takes into account the complexity, length, predictability and how common a password is.
Given this knowledge, here are two ways of creating strong passwords:

  • Use all out complex lengthy passwords such as “By2V2BQeTf=YF+e7” but these are incredibly hard to remember.
  • Use a passphrase rather than a password – if we were to use “thedogsofwar” it would satisfy the need for a lengthy password but it’s not complex (all lowercase letters with no special characters) and worse it’s both predictable and common (a well-known line from Shakespeare’s Julius Caesar). How about “cardbookkeyspen” it has 15 characters so good on length and it’s neither predictable nor common, but it’s not complex. Let’s try “caRd&bOoK=keyspen”, easy enough to remember: card and book equal keys pen, ROK are your capital letters in order of appearance. We came up with this by choosing four items at random found on desks.

While the passphrase method may be a good way to remember one or two passwords, after about five or six remembering these would start to become unmanageable. You may be tempted to use the same passwords for different accounts but this is a very, very bad idea which we will jump straight into.

Never reuse passwords.

You may think providers like Google and Amazon have great security measures in place to prevent hackers from getting our passwords and you would be right in that assumption but, what about the providers that do not?
Suppose you’re a member of an internet forum that got hacked. It’s very likely the attackers would try to use your password with the email account you supplied when you signed up. If they gained access to your email account they would easily find out what services you use and attempt the same email/password combination on those. If you’ve used the same password for all of these accounts things will go downhill pretty quickly.
So, how best to keep track of multiple unique strong passwords? We recommend using a password manager – it’s an app that not only stores complex passwords for you but can generate them as well.  Right now Dashlane is offering their service for free that allows you to save up to 50 passwords on one device. Some other reputable providers are LastPass and KeePass (a completely free password manager).

Use 2 factor authentication

Wherever possible you should use 2 factor authentication, this provides an extra layer of protection by using 2 pieces of information to verify a user. For example, a username and password coupled with a passcode text message to your mobile phone. Given the scenario mentioned earlier where an attacker gets hold of your username and password, if the said attacker needs a code that was sent to your phone via sms to login, they still would not be able to access your account. While they have your credentials they do not have your phone and thus cannot get the next piece of information needed to login to your account.

Secure your WiFi

Anyone with access to your WiFi can do a great deal of damage to all the devices connected to it from collecting usernames and passwords to viewing files on your devices. Ensure your WiFi network is password protected and create a guest network for any visiting persons that need internet connectivity. The guest network basically allows you to keep your WiFi network private by only giving the guests internet access and keeping their devices separate from your personal devices on the network. Make sure your wireless router is able to password protect the guest network as well else you may consider upgrading to a wireless router that can.

Use VPNs when on public WiFi connections

A VPN (Virtual Private Network) allows you to create a secure connection to another network over the internet. We just covered the danger of having a WiFi network accessible to potential attackers so it should go without saying that being on a network with a group of strangers puts you at risk. A VPN shields your browsing from everyone else on the network in addition VPNs offer a degree of privacy as they mask your real location. Here are 3 reputable providers NordVPN, expressVPN and IPvanish

Stay away from the shady parts of the internet

Lastly, we would like to touch on the propensity to visit shady websites. We strongly recommend staying clear of sites that offer free movies as an example, as these sites are almost always filled with malware that can compromise your online security. If you do want legitimate free stuff you can check out our article on “12 free productivity tools for business administration