How to Fight Back Against Hackers and Protect Yourself on the Web
Over the last few months we’ve discussed just a few of the many surfacing stories regarding breaches of computer or Internet security. Whether the threats are from organized crime, shadowy hacker groups like Anonymous or LulzSec, or coming with the alleged assistance of foreign governments, it seems that security online is at an all-time low.
That’s probably something of an overstatement. Arguably it’s more likely the web was significantly less secure even a decade ago, before corporations and governments began taking cyber-security seriously.
Still, threats to our online privacy and security are growing – and growing more sophisticated. So it’s more important, now than ever, to take what steps we can to protect ourselves. Below, some (hopefully) helpful suggestions.
#1: Surf “Secure”: You can be forgiven for not knowing much about the Internet’s new security protocol, even though it’s probably right before your eyes.
Not that long ago that the new “https:” security protocol was officially approved and implemented by browsers like Explorer and Firefox. You’ve no doubt seen that “http:” string in your web browser many times – it’s probably up there right now. It stands for “Hyper Text Transfer Protocol”, and it’s basically an instruction to your computer that the data it’s about to see and exchange is in the web’s various “html” languages.
Without getting into the technical details, suffice it to say the new “s” at the end of the string stands for “Secure” and it creates a relatively secure connection between your computer and the Internet. Using an encryption algorithm, the “https:” tool gives users a mostly private channel to surf the web and share private information. While many websites do not support the new secure format yet, an expanding number do. One example is Facebook, which advises all of its users when logging on to make sure they’re using the “https:” secure connection.
In short – use it when you can, and when you can’t, just remember that you might not be alone online.
#2: Just Say No: That email a friend just sent you with the funny picture “you just have to see”, or the thumb drive someone gave you to transfer a file to your computer? Be very careful before opening them.
One of the oldest and surest ways to spread a virus or bit of malware over the Internet is as a “document” given to you by a friend. But don’t blame your friends – blame clever hackers. For decades they been hiding bad bugs in small executable files masquerading as documents, like text or pictures, sent via email and accompanied by come-on messages like “You’ve got to see this!” or something similar. Sent from a friend, it’s natural to think they’ve sent you something you’d like to see, but once you open the file, it launches the bug which then often infects your computer, seizes all your email contacts, and sends out copies of itself to all your friends with the same come-on – often without you ever knowing.
As a general rule, if someone sends you something you haven’t asked for, even a friend, think twice about opening it. If you have any suspicions, drop your friend a note asking what they sent; if they don’t know what you’re talking about, delete the message immediately. As for flash drives, viruses can just as easily hide there, installing themselves the moment you insert the drive into your computer. Like before, when you open the drive, don’t open (or double-click) on anything you don’t specifically want. And as for those hidden bugs you can’t even see…
#3: “Auntie Knows Best”: Auntie, in this case, being anti-virus.
You can only do so much to keep your computer safe and free of malware; many of the more modern viruses are fairly sophisticated and engineered to hide in the deepest corners of your computer. To fight back, you need something just as technologically sophisticated, and that’s an anti-virus.
Just like their biological counterparts, computer anti-viruses are designed to protect you against a new infection. But unlike the traditional shot, however, these digital anti-viruses also sweep your computer of older infections. Better still, they also update themselves regularly, responding to new threats floating around the web.
Some anti-virus programs cost money; others are free. Not surprisingly, those that cost are generally much better at updating, sweeping and responding to new threats. However any legitimate anti-virus program is better than none, as without anything it’s nearly certain your computer will become infected – if it hasn’t already.
The CNET blog provides a great list of free programs to download here; if you’re interested in something a little more robust and can afford a few dollars, shop around online for the best anti-virus package.
#4: No Pass Given: It’s the bane of digital life – the password. Whether logging in online or dialing up a friend on your mobile, it’s likely your device first wants you to enter a password or code of some sort. These codes are designed to make sure that you and only you have access to your personal equipment and accounts, so you would think people would take them more seriously. In truth, many people regard these protections as little more than a bother – and those are the people most likely to get hacked.
Passwords vary greatly in complexity; some only want letters or digits while others demand a mix of upper and lower-case letters, numbers, and non-alphanumeric symbols such as # or &. The more complex the password, the harder it is for hackers to crack.
Unfortunately, these complex strings are also harder to enter – or even remember. Thus many people use the simplest codes they can, such as “passord1″ or “12345″ or such. While easy to enter, passwords like these are so easy to break they can hardly be called passwords – they might as well be called please-break-into-my-computer-words.
Good advice: choose a password that’s complex – use a mix of digits, letters and symbols. Better advice: don’t use the same password for all your online activities – if someone can hack into one of your accounts, they’ll have access to all of them. Best advice: change your password often – preferably every 30 days.
This is especially true for mobile devices. A shockingly large percentage of people never bother to change the factory-set pass codes on their mobile devices, leaving them wide open for a “spoofing” hack so easy even children are doing it. As we noted in our most recent post, a few mobile phone providers are now requiring individuals to enter their pass codes when checking voice mail, but there’s no requirement to change the pre-set codes. Before making your first call on a new phone, change your pass code, and then keep changing it, ideally once a month.
#5: Encrypt, Encrypt, Encrypt: While the “https:” protocol provides good, basic protection, these days it may not be enough. Especially if you’re concerned about keeping your web activities private or want to hide your identity online.
For those, the solution is encryption. We’ve discussed it here often before, but it’s worth repeating – a solid encryption program such as Tor, Freegate or Psiphon (just to name a few) will help you cover your tracks on the Internet, shield your identity, and keeping for private conversations private. They also, sometimes, have the added benefit of some of the other precautions above, such as filtering out viruses or mandating secure pass codes, depending on the program.
Of course these are only a few of the many steps you can take to protect yourself online, but they’re a solid start. If you’re interested in learning more about cyber-security, the U.S. Computer Emergency squad at the Department of Homeland Security has a great FAQ resource that’s worth exploring.