Be cautious with social media.
Social media sites like Facebook, Twitter, LinkedIn, Instagram, and Pinterest are a treasure trove of personal information for identity thieves. Know and understand your privacy settings and exclude personal, detailed information from any publicly available profile.
Though often inconvenient to install, most software updates are developed to address security vulnerabilities. Thieves are aware of these software vulnerabilities and prey on users who don’t take the time to install updates to correct known problems. Operating systems like Windows, Mac OS, iPhone iOS, and Android; browsers like Internet Explorer, Chrome and FireFox; plugins like Java, PDF viewers, and Flash; and smartphone apps should all be updated regularly.
Protect your smartphone.
Your smartphone is probably setup to automatically login to many of your private accounts including email, social media, shopping, credit cards, and banks. If you’re not vigilant about protecting your phone, you’re opening access to all of these accounts if the phone is lost or stolen. To protect your phone and all of the sensitive information to which your phone has access, enable the PIN or fingerprint security on the phone, set it to lock after not being used for a few minutes, and configure the remote erase feature so you can erase the phone over the internet if it’s stolen or lost.
Protect the right accounts.
We are naturally cautious about accounts from credit cards or banks, but you should be equally protective of your email account. Email is often used to recover a forgotten password. If a thief is able to access your email account, they can use that account to reset the password on many of your other accounts or setup new accounts under your name. Additionally, many sites use your Google, Facebook, or Amazon account credentials to login to their systems. If a thief gets access to one of these accounts, they can have access to many other systems. For these important accounts, use complex passwords (see password manager below), enable multi-factor authentication (see below), set alerts to notify you when an unknown computer accesses the account, and restrict login to within the US only.
Use multi-factor authentication.
Since even the best passwords can be compromised, for your most important accounts, don’t rely solely on a password. As the name implies, multi-factor authentication relies on multiple pieces of information to grant access to systems. With multi-factor authentication, sometimes referred to as two-step verification, you login to a site with a password (the first factor), then you enter a random code (the second factor) that is sent to your smartphone and is only good for 30 seconds. For a thief to access your account, they must have your password and your smartphone. Google, Facebook, and Amazon all support multi-factor authentication, as do most password managers (see below) and an increasing number of banks and credit card companies.
Use a password manager.
You’ve probably been told that you should use complex passwords (more than 10 characters including lowercase, uppercase, numbers, and special characters) for better security. You’ve probably also heard that you should never use the same password for more than one system. Though these are best practices, without some way to manage these credentials, it’s not realistic. Hence, the emerging market for password managers. There are many available with varying features and designs, but the idea is that you are able to create and maintain complex, random, unique passwords for all of your online accounts and manage those credentials with a single tool. LastPass is one of the most popular personal password manager tools.
Be a skeptic.
To tweak an old adage, if it’s too good to be true, it’s probably someone trying to get your identity. If you get an unsolicited email or phone call, before providing any personal information, verify the veracity of the message and the identity of the sender. When you see a link in an email or on a webpage, point your mouse over the link, without clicking, and read the website address. If the beginning of the address is not a domain that you recognize, don’t click on the link.
Monitor your online accounts.
With regular data breaches, it’s a good practice to take advantage of a service that will notify you if one of your accounts is known to be compromised. At https://haveibeenpwned.com/ (pay attention to the spelling), lookup your email addresses to see if any of your accounts have been involved in a known data breach, and request to be notified if your account ever becomes known to be compromised.
Take advantage of user profiles.
Most modern computer operating systems (Windows, Mac, Chrome, Linux) allow for multiple user profiles to be setup on a computer. Most people setup one user profile with full administrative access and everyone in the family uses that single profile. It’s best to never allow users to login to the computer with administrative access. Rather, setup one administrative account that no one uses to log directly into the computer. All other users should be setup with standard, basic user permissions. When you login as a standard user, software cannot be installed in the background without prompting you for an administrator password. This prevents malicious software from installing without your knowledge.
Monitor your financial accounts.
Closely review your credit card and bank statements each month. Contact the merchant, your bank, or credit card company any time you see transactions you don’t recognize. When thieves get access to an account, they’ll often test the waters by posting small transactions to see if they are noticed before attempting to process larger transactions. Many banks and credit cards offer free credit monitoring or regular credit reports. All of the big credit agencies allow you to get your credit report once a year at no cost and some are starting to offer free credit monitoring. Monitoring your credit will alert you if someone is trying to setup accounts or get loans with your identity. The earlier you are alerted, the easier it is to respond.Are you thinking of a career in cyber security? UMHB could be a great fit for you! We invite you to visit our website to learn more about our Computer Science degree, or stop by for a campus tour!