Feb. 9 is Safer Internet Day. For the past 13 years, cyber-advocates across the world have used the second Tuesday in February to remind people to be careful out there. The day is now observed in more than 120 countries. And while most of the discussion is focused on keeping kids out of harm’s way, adults can also learn a thing or two.
Internet
safety is also about securing yourself from cybercriminals, snoops,
creeps, and assorted other denizens of the Net’s dark side. Follow these
13 rules and you should be able to surf in safety.
Rule #1: Update early and often
If
there’s a vulnerability in your operating system, browser, or other
software, be assured the bad guys know about it. But no matter how
quickly software makers plug that hole and push out an update, it won’t
do a damn bit of good if you don’t actually install it. So install
updates as soon as they’re available, especially those marked
“critical.” Better yet, set your OS and apps to automatically update if
possible. Yes, it’s a hassle to update Java and Adobe Acrobat every
flipping week, and some updates may occasionally break things. Do it anyway.
Rule #2: Honor thy antivirus software and keep it current
Installing
antivirus software isn’t the safety net it used to be, thanks to the
increase in “zero day” threats that appear before AV companies can
update their software. But they’ll still stop more than 90 percent of
the threats you’re likely to encounter. So get some. If you’re unwilling
to pony up $30 to $60 a year for BitDefender or Intel’s McAfee, you can download perfectly adequate solutions from AVG or Avast for free.
Rule #3: Don’t fall for that scam
You
know what’s an even bigger threat than malware authors and cybercrooks?
You. The easiest way for an attacker to get access to your logins is to
fool you into giving them up. This is usually achieved via a “phishing”
email that looks like it’s from your bank, employer, or the IRS; this
email aims to lure you to a bogus site where you enter your login name
and password. Once the attackers have your info, they can log into your
account, then steal your information and sell it to others.
An example of a phishing email pretending to be from everyone’s favorite federal agency. (Image: Phishme.com)
Some
phishing attempts are crude and easy to spot; others would fool all but
an expert. But the defense is easy: Just don’t click on any links
inside an email. If you got an email purportedly from your bank, type
your bank’s web address into the browser and go there directly.
Rule #4: Don’t touch that file
The
other way scammers get you is by sending a bogus attachment, like an
invoice or a contract for something you allegedly ordered. Opening the
document usually infects your computer. If you don’t recognize the
sender, just delete the email. If the message appears to come from a
friend or colleague, make triple sure that person actually sent it to
you before you open it.
Rule #5: Become a cyber-savvy parent
Sexting,
cyberbullies, and catfishing — being a parent of an Internet-age kid
isn’t easy. The best thing you can do is educate yourself. The Connect Safely site
has a slew of helpful, nonhysterical guides to keeping kids safe from
cyberbullies, dealing with SnapChat and Instagram, how to handle the
mobile phone conundrum, and a ton more. Common Sense Media is also an
excellent resource for how to be cyberparent, with recommendations for age-appropriate sites, apps, games, and the like.
Rule #6: Don’t be a boob about the Tubes
If
your kids are online, it’s pretty certain they’re spending a lot of
time on YouTube and other video sites. Most of that content is innocent
(if mind-numbing); some of it isn’t. You need to at least be aware of
what they’re watching and put some controls on it. If they’re still in
single digits, you might want to install Google’s YouTube Kids app on their tablets or phones.
Rule #7: Don’t install that new video player
Just
like in real life, most of the bad guys on the Internet hang out in
dicey neighborhoods — like adult sites, BitTorrent search engines, and
pirate Internet TV stations. At some point nearly all of them will pop
up a message saying that your Flash player is out of date or that you
need to install a new video player to watch whatever it is you’re trying
to watch. Don’t do that.
This
pirate site wants me to update Flash, but it’s really trying to get me
to install malware. (Also: Don’t use Flash if you can avoid it.)
Best-case
scenario is you’ve installed adware — software that will splatter
advertisements over all your Web pages. Worst case, somebody just made
your computer part of their zombie army.
Rule #8: Use a password manager
Yes,
passwords suck. But until we get a better replacement, we’re stuck with
them. So do yourself a favor and use a password manager like 1Password,
Dashlane,
or Lastpass. They will both act as a password vault, storing all your
thousands of logins for different sites, and also auto-generate
fiendishly difficult-to-crack passwords on your behalf. Just don’t
forget the master password to your vault or you’re screwed. (Tip: Use a
song lyric or some other easy-to-remember-yet-unique phrase for your
password, the longer the better.) They aren’t foolproof, but they’re better than using “123456” for everything.
Rule #9: Protect your logins
One
way to find out if your password has been stolen is to see if someone
is logging into your accounts from an unknown machine. With more and
more sites using Facebook and Twitter as ways to prove you are who you
say you are, this becomes especially more important.
Facebook has a Security Checkup page
you can use to see if someone else has been logging into your Facebook
account and lets you log out of any unknown ones with a click. Companies
like Apple, Google, Twitter, and Yahoo
have deployed so-called “two-factor” (or “two-step”) authentication,
which requires you to enter an additional piece of information when
logging in from an unfamiliar device — usually a 4- or 6-digit code sent
via text to your phone. If you think someone else might have access to
your accounts, it’s a good idea to change your password and then
implement two-factor.
Rule #10: Secure all your Wi-Fi passwords
Most
people don’t realize this, but your home Wi-Fi actually has two
passwords. One is for the network — that’s the one you type when you log
on from a new device. The other password is for the router; this allows
you to go in and change network settings (like your Wi-Fi password).
Most people remember to change the first set of logins but not the
second, and the router defaults are widely known (usually “admin” and
“password”). So anyone within range of your home network could log into
your router, change the settings, lock you out of it if they wanted to,
or simply capture all the information flowing out of your network. Not
good.
Image: Cisco
You’ll
want to change your router’s defaults. Instructions vary depending on
the router, so you’ll need to visit the manufacturer’s website and
search for “change router admin password.” (To get you started, here are
instructions for Netgear, Linksys, and Belkin.)
Rule #11: Don’t get sucked in by fake Wi-Fi hotspots
If
you’re logging on from a crowded café or an airport lounge, you’ll
probably see “free” Wi-Fi hotspots galore. Some are legit, some are
definitely bogus. You’ll want to find out if in fact the café or lounge
offers free Wi-Fi, and what the network name is, before you log on.
Otherwise you could be handing all your Internet traffic to some rogue
access point or that creep behind you with a laptop. When in doubt, pony
up some money for a legit public hotspot you know is secure.
Rule #12: Use an encrypted connection in public
Even
if you’re on a legit public Wi-Fi network, someone else on the same
network could snoop on your data unless you take the right precautions.
First, if you are logging on to your webmail or another
password-protected account, make sure to use the encrypted version of
the website — the address always starts with https (not http). Otherwise, anything you type is sent in plain text and can be captured by someone else on the same network.
A good explanation of how two-step authentication works, courtesy of Google.
The
best option, if you can: Connect to the Internet using a virtual
private network (VPN), especially if you’re dialing into work. This
creates an end-to-end encrypted connection between you and the Net,
making it virtually impossible for anyone to spy on you.
Rule #13: Technology can help — but it can’t solve everything
If you’ve got kids at home, technology can give you a handle on what they’re doing on the Net. Circle can monitor every device on your home network
and let you set rules about where and when kids can access the Net.
(Unfortunately, right now it works only on iPhones; Android support is
coming later this year.) The upcoming Screen app will let you control all your home devices from your phone. Norton Online Family Premier
can cordon off the nastier parts of the Net and give you a window into
their chat conversations and video consumption. And of course,
anti-malware software can help fight off the nasties for everyone.
Ultimately,
though, the burden is on you. Like liberty, the price of Internet
safety is eternal vigilance. And not just on one day each year.
