Staying Secure Online

Basic online skills to keep your identity safe

A reporter from WWLP 22 News called me earlier today asking if I would be willing to do a quick interview on camera on the topic of staying secure online. I said sure, but before we could arrange the specifics of meeting up, the story changed or they found someone else who was closer (they're in Chicopee) and so in the end they didn't need me for the story.

But it got me thinking about the fact that many people just don't think about this stuff, and could potentially be opening themselves up to hackers or online scams. So, I thought I'd write up something quick that could be helpful to you.

Stay Alert. Stay Vigilent.

Being online is sometimes like walking through Times Square in the late 1970's. You wouldn't blithly walk through with your wallet hanging out of your pocket, or your bag slung over your shoulder, unsecured by your arm. Staying aware of the ramifications of your actions while reading email or browsing websites, is your best defence.

  • Never give out your info if you didn't initiate the transaction.
    If someone calls you asking to confirm your social security number, or bank account numbers, or any other sensitive information, and you didn't initiate the call or purchase or some other action that would cause you to reveal that info, don't do it. Sure, it is possible that it really is the bank contacting you to confirm your info, but before you give out anything, ask them questions that only they could know, like, what was the last purchase you made on your credit card, and where.

    Same goes for emails. If you get an email you didn't expect asking you to click a link and provide sensitive information, chances are it's a scam. These kinds of scams are called "Phishing" because they're essentially fishing for your anyone's info that they can get by mass-emailing to millions of people at the same time. Perhaps one or two people will fall for the trick. Bam, now the scammers have their bank account info, and can rip them off. Don't be one of those people.
  • Never click on a link or open a file sent to you if you weren't expecting it.
    If you get an email with a generic "Hey, how are you? Cool news website:" and a link, don't click it. Take a closer look at who sent it. Perhaps it's got your friend's name in the From: field, but look closer at the actual email address. Maybe it's not them after all.

    If it is them, but the email still doesn't make sense, or there's an attachment that you weren't expecting ("Hey! Cool file! Take a look!") you should reply to the email and ask them what it's all about. Maybe they did send it to you. Maybe they didn't. It can wait a few extra minutes.
  • When disposing of old computers or smart phones, wipe your info!
    Getting rid of that old computer? Reformat the hard drive. If you have the time, do a "low-level" format, which means it clears out every individual bit of data on the drive. Or better yet, open up the computer, physically remove the hard drive from the machine, and drill holes through it (make sure you have metal bits, not wood bits). Then bring it to the transfer station.

    Upgrading or selling your old smart phone? Make sure to go into any files you had on it and remove the info, save the file, then delete the file. Log out of any apps you had installed, then delete them from the phone. If the phone had been set to work with various online feeds natively, log out of them as well. Then do a hard reset on the phone to bring it back to factory defaults.

    Getting rid of your old digital printer? Open it up and remove the hard drive. Seriously. That thing has a copy of EVERYTHING YOU'VE EVER COPIED OR PRINTED on it. Why hand that stuff out?
  • Use at least three passwords for online accounts. Make them "strong passwords."
    • Create a low-level password for online communities where nothing more than your name and email address are stored. These sites are frequently hacked because the operators don't take security as serious as banks do, and so the password you use on these kinds of sites should not be the same as your banking or ecommerce passwords.
    • Create a medium level password for online retailers ecommerce websites where you make purchases, ie; Amazon, eBay, etc. They take your credit card, but not your social security number.
    • Create a high level password for online banking. Perhaps even a separate one for each online bank account, or variations on your high level password so they're easier to remember.
    • In all cases, use a strong password for each, where you use at least eight characters, consisting of upper and lower case letters, numbers, and symbols. Perhaps it could be a three-word phrase that has some hidden meaning to you. DO NOT use your birthday, your dog's name, your street address, or anything tied to your personal life that could be guessed by someone who may know you.
  • Do not access your bank account over a public or unsecured WiFi hot spot.
    Especially in a big city where there could be hundreds of people connected to the same hot spot. Software that can intercept your keystrokes through the open WiFi are easily obtained.

    Similarly, your home WiFi network should be password protected, which would force anyone who uses it to enter in a password. This stops people from practicing something called War Driving, where people sit in a car and slowly drive through a neighborhood looking for open WiFi hot spots. If they can get onto your network, they can probably get into your computer.

    Oh yeah, if you're not using your computer, turn it off. Especially if your WiFi is not password protected.

So, the bottom line, is... Be Aware. Be Vigilant. Be Secure. And NEVER, EVER give out your Social Security Number to anyone on the phone unless you called them and you are 100% sure you're talking to someone you know needs it.

Stay safe.

-Mik Muller