Articles > Information Security
Printer Friendly Version
Views: 4579

Online Security & Safety 101

Last Updated: 10/28/14

The First Steps in Online Security is Awareness and Caution

Don't Believe Everything You Read

You would be amazed how often this one phrase, when put to practice, can save you from a security nightmare. Just because you get an email saying your account will be suspended, does not mean it really will. Be skeptical about everything you read until you have confirmed it from another source. Here is a list of common scams, however there are many more than I can list here:
- Emails pretending to be your bank.
- Emails pretending to be from the FBI.
- Emails pretending to be from a friend who has lost his wallet while traveling out of the country.
- Webpages that tell you that you are infected with numerous viruses.
- Websites that say your computer is at risk.
- Emails that pretend to be a response to a security breach.
- Emails saying your account will be suspended if you do not respond.
- Phone calls pretending to be your internet provider or Microsoft to inform you of a virus infection.
- and many more.

Never reply to an email with confidential information. A legitimate company will never ask for important information via email. You can normally tell a scam, because it with have two elements urgency and telling you to take action.

Watch this security video for more information on suspicious emails:
http://www.youtube.com/watch?v=_gWunsTwkZ8




Please read my social engineering prevention article for more info:
http://www.paulscomputerservice.net/articles/article.php?ID=239

FAKE Antivirus/Security Software is Common
I have partially covered this in the last paragraph, but it deserves extra attention. FAKE antivirus or FAKE security software are EXTREMELY common. Do NOT believe a website that says you are infected with a virus or similar infection. Unless you are visiting the website of an antivirus company specifically to do a virus scan, then assume any virus warnings are FAKE. One of the most successful malware attacks ever is convincing people they are infected so that they download FAKE antivirus software that takes over their computer and asks for money.

Don't Believe Everything You See
Phishing websites are very common. This is where hackers build a website that appears identical to a real business (bank, paypal, facebook, yahoo, etc....) and they trick you into giving them your username and password. Just because a website has a valid company logo does not make the website safe, secure, and legitimate. BEFORE entering your username or password into any website verify that the URL in the address bar displays the correct domain name (i.e. yourbank.com NOT yourbank-online.com or yourbank.othername.com). Also verify that the URL starts with HTTPS not HTTP. Also, if a website you regularly visit appears different, then use a little extra caution. Do not assume the website has performed an update, even if an update is the proper explanation. 




Facebook: Not as Friendly as You Think
Facebook viruses and scams are very very common. Be careful about clicking on links posted by your Facebook friends. Use common sense. Do not click links that your friends are not likely to have posted. Most malicious Facebook posts are unusual. Examples: in a foreign language, really bad grammar, links promising to show a video of you, unbelievable claims, etc... Also, NEVER use the same password for Facebook as you use for the email account that you login to Facebook with. These guidelines apply to all social networking sites.

Do NOT use your search bar for every website address!
Learn what the difference is between your address bar (also called location bar) and your search bar. Your address bar is designed to accept web addresses like: http://www.google.com. Your search bar is designed to accept search queries like: cheap laptops. You should NOT visit every website by typing website.com into your search bar and then clicking the top search result. This is a very dangerous habit. Learn how to type http://website-name.com into your address bar. Poisoned search results are very common. This is where search results from a search engine (like Google or Bing) will have malicious/dangerous links in the results and often very close to the top of the page.

In other words, if I search for ebay.com on Google and then click the very first result, I might be clicking a malicious advertisement or a malicious search result and end up getting a virus! If you know the website you want to visit, type in the address. Don't search for it!

Keep Your Software Updated
  (**DO NOT skip this section**)
Most people do not realize how important it is to keep their computer software up-to-date and most of us have update fatigue from seeing so many messages about updating our software!. Out dated software can allow hackers and viruses into your computer. Here is a short list of software that runs inside your web browser and is therefore important to update since it can be attacked by a website:
- Adobe Flash Player
- Java
- Adobe Reader
- Silverlight
- Quicktime
- Your web Browser (Internet Explorer, Google Chrome, Firefox, etc...)

keeping that list of software up-to-date can be challenging since updates come out so often! if asked to allow automatic updates, say yes! Consider paying $10 a year for software that will keep the software up-to-date for you:  https://ninite.com/updater/

Take Precautions to Prevent Security Breaches

Using an Alternate Web Browser
Consider browsing the internet with an alternate web browser. This means using any web browser other than Internet Explorer. Internet Explorer is the most targeted and most susceptible web browser to exploitation and infection. Therefore using an alternate browser can make you a smaller target for malware infection. There are many alternative browsers to choose from. I prefer Firefox, but you can also try Google Chrome, Opera, Safari, and many others.

Antivirus Software
There is no good reason to not use antivirus software. It is necessary and free! I like AVAST!, AVG, or FortiClient .  For a larger list of free antivirus software. Check here: http://paulscomputerservice.com/articles/article.php?ID=179

Use multiple passwords.
This one gets said a lot, but often it is not put into practice. I think that having a separate password for every website is a noble goal, but is very hard to obtain. I suggest a more obtainable password goal, instead use a set of passwords and rotate through them. Say you use 4 to 12 different passwords on 80 websites. This is still a great security improvement over using one password for all 80 websites. The main thing to remember is: do not use the same password on your email account as you use on other websites. This is because it is very common for a company to have their website compromised and all the passwords leaked, which if the website isn't something important, like your bank, then it isn't a huge deal, right? WRONG. Since most people reuse their passwords too much, even a small password leak at a tiny website, can allow hackers into all kinds of secure websites where you have chosen the same password!

Choose a Secure Password
Do not use the following for your password: your child's name, your pets name, your favorite sports team, your spouses name, your birthday, or any combinations of them. These are too commonly used and easily guessed by your neighbor or co-worker. If you need help choosing a good long password, watch this video: http://www.youtube.com/watch?v=0QzhkOkvKnM

Use a Password Keeper
It is hard to remember the many passwords we must have for our many websites. The solution? Use a password manager! Here are a couple free really secure ones you can use. Just remember to be even more careful with your master password than you would be with a normal password. The master password lets you access all your other passwords in case you forget them. KeePass (http://keepass.info/) or LastPass (http://lastpass.com/)

Protect Your Children Online
Parental controls and Internet filtering are a must for any family that allows their children to use the internet. There are free choices and well as some great commercial products that are worth the money. I also suggest keeping the family computer in a common area, like the living room, and not giving children their own computers until absolutely necessary. Also, be cautious of portable/home electronics that your children have that may also have internet access without you realizing it. Examples, iPODs, MP3 players, video game consoles, newer TV sets, etc..

Parental Control Software List - http://paulscomputerservice.com/articles/article.php?ID=235

Other Precautions for Advanced Users

Here are some other solutions you can take that may be a little more complex.

Browser Add-ons
You can install the Firefox Add-on called NoScript (or ScriptNo for Google Chrome) which blocks all javascript until you white list each domain that you trust. Javascript is a very common attack vector! There are also other browser add-ons that can improve security on your browser or they can help you keep your browser plugins (adobe flash, java, quicktime, acrobat reader,etc...) up-to-date. Up-to-date plugins is always a good idea to keep security holes patched.

Processes &Startup List
Also, a startup list monitor is a good way to keep track of things that want to start with your computer that you many not know about. FortiClient includes a startup monitor. Other programs like Autoruns and process explorer can help you keep an eye on what programs are running and starting with your computer.




Keywords: security 101, best practices, prevention, improve security, passwords, antivirus, malware, hacking, prevention, firefox, browsers, exploits.