Message for our friends and clients More Information
For A Safer Online Experience
What You Need to Know to Stay Safe Using the Internet
Revised February 5, 2020
Originally Published November 2001
The worst thing people, or companies, used to have to worry about online was getting a virus on their computer and losing some data. While viruses are still a significant issue, viruses today can do a great deal more damage than erase some computer data.
In today's world, people and companies may not only lose data, but also fall victim to identity fraud, ransomwares, and significant financial loss!
Identity fraud is a rampant issue in today's world. However, one can limit their exposure to potential fraud by following some simple guidelines and best practices.
- First and foremost, always be aware and vigilant.
- Use common sense when using any electronic connected device.
If you wouldn't visit a questionable store, neighborhood, or give a stranger personal information; then do NOT do it online or using a connected device.
Use judgement when visiting websites and clicking unknown links. If a website suddenly asks to download or open an unexpected file, be weary.
Many websites use a tracking download for innocent sales or marketing purposes. However, many more are malicious websites attempting to infect the user's computer with a malicious program; often with intent to steal sensitive information, hold data for ransom, or install a harmful virus.
Email Attachments & Links
Email attachments were one of the first methods used to infiltrate a user's computer and gather sensitive data. Many viruses and malware have been, and still are, spread through emails with attachments.
Follow these basic tips to avoid harmful attachments:
- Never open an email from someone unknown. If receiving an email from an unknown source (especially foreign), do not open it. Instead delete it immediately.
- If the email is from someone known, but the attachment is not recognized or expected, do not open the attachment. Instead, contact the person and make sure that they were meaning to send the attachment.
- Be weary of emails from known sources with links to unknown sites and CC'd to numerous other email addresses. Often such email links are to servers that will begin downloading malicious software to the computer.
- Attachments to an email can be in the form of an image file (.jpg, gif, png, tiff, bmp), zip file, PDF, or .exe file; all can potentially contain harmful and malicious content.
Malware & Viruses
According to Wikipedia, malware is "any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems."
As noted above, malware is installed on victim's computers (often without their knowledge) by visiting a questionable site or as an email attachment or link. Malware is a generic term for malicious software meant to cause harm.
There are many variations of malware including:
- computer viruses
- trojan horses
- & other malicious programs
There are numerous anti-malware programs available to help users who may have unintentionally already installed malware. Most anti-malware programs will search and find the affected files and delete; eliminating any threats.
If a computer has been infected with malware or any software that tracks usernames, passwords, or key strokes, it is imperative that AFTER the affected computer has been cleaned, that all users systematically go through, update, and change any compromised usernames or passwords.
Usernames & Passwords
Usernames and passwords are imperative to keeping information safe. Even with the safest, most secure system in place, if a username and password are correctly entered, any hacker will have access to the user's sensitive data.
To avoid having a username and password guessed, users should employ some standards for username and password generation:
- Avoid using easy to guess usernames, as the username is half of the "unlock" combination.
- If possible, avoid using an email address as the username.
- Try to make usernames and passwords no less than 8 characters and preferably 10 characters or more, as longer means more difficult to guess.
- Use upper and lowercase letters, numbers, and symbols when creating a username or password.
For example, instead of the password "goonies" one might use "go0N!es" whereby substituting one of the lowercase o's for a zero, capitalizing the n, and changing the lowercase i to an exclamation point.
- Avoid using family names, birth dates, anniversaries, and other easy to guess combinations.
Some additional username and password safety tips suggested by experts are:
- Avoid using the same username and password on all sites, use a different combination for each site. If one website is hacked, the stolen usernames and passwords won't be usable on other websites.
- Change and update usernames and passwords on a regular basis; and certainly if there has been a known data breach and personal information was vulnerable. Ideally a password should be updated semi-annually, but at minimum changed annually.
- Signup to receive notifications at financial institutions for immediate notice of any transactions that may be out of the ordinary.
Before sharing any personal information, make sure the website is secure and employs an SSL Certificate. Certificates issued by third parties confirm that a website employs encryption technology when transmitting sensitive data.
Such certificates offer the user peace-of-mind that the sensitive information being shared with the site is encrypted. Without the "ssl-key" offered by the browser's SSL certificate, the information cannot be decrypted should a hacker gain access and "listen in" on the website interaction (track keystrokes, etc).
Storing Sensitive Data Online
If a website is going to store sensitive data (credit card information, social security numbers), make sure the developer employs an encryption hash technique for sensitive data.
Even the best security in the world can be hacked; nothing is 100% failsafe!
By using a hash encryption, if the information is ever hacked, it's encryption cannot be undone without proper "keys" which can only be generated by the server.
When connecting via wifi, a computer's information being sent over that wifi signal is only as secure as the wifi signal. If a user is connected to an unsecured wifi connection, any other user connected to that wifi signal has potential to hack and view all user data being transmitting over that wifi signal.
This means a hacker can view bank usernames and passwords if users are logging into their bank while on an insecure wifi connection.
Make sure to only connect to wifi signals that are "locked" and require a password or passphrase to access.
Social Media Safety
Keep all social media accounts and information private. Limit what is available publicly; versus what private information is only available to trusted colleagues, friends, and family.
Be cautious even when sharing with trusted individuals!
If a trusted family member, friend, or colleague's social media account gets hacked, all of that user's "friends" private information once thought only viewable to the trusted individual, is at risk. All the personal information that was meant only for the "friend" is now potentially viewable to the hacker and subject to misuse.
Limit the personal details that are put online, whether public or private!
Again, nothing is ever 100% secure online. Hackers can use any number of programs to eventually crack any type of security and generate the needed key to decode sensitive data.
However, the talent, knowledge, time, and cost involved to decode some encryptions and securities is quite significant; the average hacker or identity thief will move on to the next "easy target" and leave the "secure" data alone.
Newsletter Archive Topics
- Design & Development
- General Information
- Marketing, General
- Online Security
- Organic / Natural SEO
- Search Engine Marketing
- Website Conversion
- Website Technologies
Newsletter Article Ideas?
We want to hear about it! Our newsletter is geared towards you so email your article ideas or questions to firstname.lastname@example.org.