Bank accounts emptied, credit ruined, identity stolen and lives turned upside down – without a perpetrator ever walking in your door. Anyone who goes online can get hacked.
We asked three experts for advice on what you can do to make your corner of the Internet more secure:
• Dr. Magdy Attia, dean of the College of STEM at Charlotte’s Johnson C. Smith University.
• Redvers Davies, founder of Hackerspace Charlotte, an open-technology lab.
• Will Enck, assistant professor of computer science at N.C. State; his research focuses on systems security.
Their top tips:
This makes things easy for hackers: If one password is revealed, they have the works.
“Your email is the one you should keep most secure as it is the center of your online life,” Davies said. “Example: If you forget the password to your bank account, you may be able to get a change-password link emailed to you. Well, if a hacker has already broken into your email, that person could reset your password and control your accounts.”
Length of your password is more important than complexity. Consider the math: Hackers use programs that sort through combinations of letters and numbers at lightning speed. Longer passwords mean more work for hacking software – and hackers generally want quick results.
Davies offers this tip: Many email providers offer a “two-factor” authentication option in your settings: When you sign on with your password, a message is sent to your phone that prompts you to enter an additional access code. Use it.
Enck agrees: “It is simple to turn on and gives you a fantastically great advantage; I highly recommend it. A number of sites use this. I’ve been using this for two or so years; it’s not that onerous to use.”
Uninstall software you no longer use. Having fewer older programs means less opportunity for hackers.
A free one he recommends is Microsoft Security Essentials. It provides protection from spyware, malware and viruses.
Enck said firewalls provide another level of defense. But because they’re so common – often already installed on new computers – many hack attacks can evade them. Firewall protection also has to be kept up to date, Attia advised.
A tip from Enck: “The Electronic Frontier Foundation has a campaign called HTTPS Everywhere that tries to direct you to an https site whenever possible.” At https://www.eff.org/https-everywhere you can download and install this free safeguard add-on for Chrome, Firefox, Firefox for Android and Opera.
Infections can come from already-hacked friends, too. One example: A hacker sends an infected message to everyone in the victim’s online address book. Open its attachment, and you unwittingly become an infection spreader, too.
Be suspicious if a friend appears to have sent you an email with no subject line, a subject line that only says “RE” or “FW” or is uncharacteristically vague or brief (example: “Hey” or “ILOVEYOU”) – especially if the email text contains an Internet link. Be on the safe side: Call that friend first to check.
Davies offered additional red flags: “Avoid offers of smileys, screen savers and coupon-printing software. Be incredibly careful if you’re downloading free movies: peer-to-peer networks are full of malware.”
Attia mentioned a variation of this that operates if you’ve already been hacked: “You can get messages that say you need to upgrade your protection by buying something online using your credit card. Some people immediately respond – and that’s a disaster.”
Some hackers hire call centers overseas. “They claim to be from Microsoft or whatever,” Davies said. “They’ll say, ‘We have detected a virus on your machine; go to this website, download and run this program so we can fix it for you. This gets them inside your machine. And this happens a lot.”
When you’re ordering any kind of software for any device, Enck said, buy it conventionally – like from a manufacturer’s website – not through links.
Attia offers a caution about USB flash drives: “You may get this as a gift from someone, but it could have some other software stowed away. Once in your computer, it may get access to all your files or infect your information. Any peripheral connected to a computer can infect it.”
“The number of platforms (like Windows, Apple, Android) with app stores is increasing, Enck said. “There are some bad alternative app stores for Android out there. Users should stick with the official one for their platform.”
And Enck has a tip for some mobile users: “If you have Android, don’t go get software just because it’s free. Use the Google Play store for apps. And if you can on your device, never click the box in ‘settings’ that allows the installation of settings from unknown sources.”