In 2014, the United States had the security of several of its major corporations breached by computer hackers. Health insurance provider Anthem had its computer systems breached in a very sophisticated cyber attack, exposing the private information of over 80 million individuals. In November of 2014 Sony was the victim of another massive hack in which attackers gained access to countless intra-company e-mails and memos, as well as confidential financial information and even copies of yet-to-be-released films like The Interview. The hack was a major setback for the global conglomerate, which eventually turned political, bringing US intelligence forces in to investigate.
Like governments and companies, private individuals can also have havoc wreaked on their identities and bank accounts by hackers. Here are nine tips from experts to improve your online safety:
1. Strong passwords are the first defense
Alex Stamos, chief information security officer at Yahoo! and a world-class expert on online security vulnerabilities, believes that two simple solutions can spare most people the disaster of online security breaches: strong passwords and two-factor authentication.
Stamos argues that, because of media sensationalism when it comes to hacks, most people believe that it is impossible to defend one’s self against hackers, which is not true.
All it takes to defend yourself from basic-level hacks is:
A. Using a password-managing application, which can create hyper-effective passwords for all of your accounts
B. Always using second-factor authentication options (like images, questions, text messages) for e-mail and social media accounts
Adam J. O’Donnell, a principal engineer with Cisco’s Advanced Malware Protection group, added that people should be sure to use different passwords for each of their sensitive accounts.
2. New is not always clean
Giant Chinese computer manufacturer Lenovo came under intense criticism when it was discovered that the company knowingly sold computers with Superfish malware software preinstalled. This software is designed to automatically display advertisements, intercept all encrypted connections and leave online security doors open for spies. The lesson to be learned from this incident is that a new phone, tablet or laptop, could already be infected with malware and have multiple security vulnerabilities.
One of the most ubiquitous myths is that devices begin their lives with high, impenetrable security walls, and are pure from hostile software.
Most recently, technology companies scrambled to recover from the discovery that a major security flaw has existed on many operating systems for at least a decade. Users of Apple and Google devices, as well as online visitors of major sites, including US government portals, have all, apparently, been vulnerable to attack because of weak security encryption on tons of popular software around the world – dubbed the “Freak” flaw – that left a back door open for hackers.
The revelation proved that many devices come preinstalled with back doors, or weak spots.
3. Cyberattacks are getting rarer
The attacks that media sensationalism make most people afraid of are actually extremely rare. The chance that your online vehicle or smart-home system will be accessed by a hostile element is possible, but highly unlikely. You don’t spend every day fearing a serial killer, either.
4. Always use HTTPS
HTTPS, a communications protocol for online traffic, is the subject of many rumors: that it is outdated, ineffective and unnecessary. Furthermore, many commercial website operators believe that if they do not process credit card information, their sites don’t need HTTPS. However, the opposite is true: all sites need HTTPS, since without it, it’s easy for hackers’ surveillance programs to see exactly what visitors do on a particular website, then process the data to find weak spots that a site has.
5. The mightiest can fall
The false belief that well-made software is impenetrable cultivates bad practices in many users.
Parisa Tabriz, an engineer for Google’s Chrome security team, has compared information security to the practice of medicine – a field which combines art and science. Simply because the Internet is a technology does not mean that it is perfect. The idea that there will ever be a situation where there are no bugs or viruses is as likely in the online world as it is in the natural world. What’s more, the advantage lies with the bad guys – who only need one bug to carry out an attack – while software engineers must protect against countless kinds of bugs and viruses. There will always be bugs in software.
6. Update your software!
Almost all of us are guilty of, at some point, ignoring the annoying software updates that pop up on our computer screens. However, these updates are one of the biggest defensive walls between your files and their enemies.
A software update is usually provided to an application’s customers because a new virus has been detected or a bug has been defended against by the software’s engineers. The updates are Band-Aids for the new issues.
7. The cloud is dangerous
Whether you know it or not, everything is in the cloud these days. Your e-mail, your photos, your passwords, your bank statements, and even your sexual predilections.
The cloud is not unsafe outright; however, it does create additional security problems to be addressed. While you might not have control over your information in the cloud, its administrator is constantly defending it against attack. This administrator is, unlike you, able to monitor large and varied amounts of information that could signal a breach: whether it’s a single IP address logging into several different accounts, or a potentially-malicious file that was installed in many places all in one day.
That being said, defending a cloud can be a little like looking for a needle in a haystack – well-planned attacks can be subtle and elegant, making them harder to detect. While blatant, automated attacks can be easily noticed, with so much data to handle, good attackers can achieve their aims while leaving only a faint footprint.
A user has one major choice: whether to store information on a cloud service or a home server. Clouds, because they are complex, also provide more opportunities for attack. However, they also have better-equipped defense mechanisms protecting them. Can an individual user provide better security systems for his information than the professionals?
8. Hackers are not all bad
Computer hackers have a pretty bad image. They are, however, a necessary evil. Their activities are what constantly challenge the Internet and its defenses to stay updated, relevant and effective. Hackers are the irritant that keeps the online security industry on its feet. There are, also, hackers who access secret, vulnerable information but do not use it for illegal or unethical ends. Lastly, hackers are the people who wind up eventually being recruited by software companies to build the defenses that protect you – so we would be much worse off without them.
We have learned that normal, everyday employees like Edward Snowden, can do far greater damage to secure information than an evil-minded, nameless hacker.