This is the second in a series of articles on staying safe online and best practices for securing your computer, your accounts, and the data you have stored in them.
Computer security is a moving target. It takes awareness, continuous monitoring, and, frankly, a healthy dose of skepticism to shield yourself from hackers and other online threats. By skepticism, I mean you cannot assume everything online is always what it appears to be.
The internet can be a risky place for computer users who are naive about—or careless in implementing—good computing practices. Trust your instincts. If something doesn’t seem quite right, it may be worth spending an extra minute or two to confirm its authenticity. Don’t click on every link sent to you to see where it takes you. Verify that emails, web sites, and online offers are what they seem to be before divulging personal information in any form.
Here are some other helpful do’s and don’ts for staying safe online and reducing the risk of identity theft.
Use antivirus software
Installing and periodically running antivirus software on your computer is a no-brainer—whether you own a PC or a Mac. Read the annual online reviews of antivirus software and select one of the programs recommended to protect your computer from spyware, ransomware, and other nasty attacks. Be sure to download your software of choice only from a reputable site that you access directly.
Keep your computer up to date
Old software can contain vulnerabilities that hackers can use to gain access to your computer and infect it with malware or steal personal data. Keep all of your programs current. This applies to your browser as well. Whether you use Google Chrome, Microsoft Edge, Mozilla Firefox, Opera, Safari, or another browser to access the World Wide Web, be sure to install security patches or updates immediately.
Verify files before you download
Do you know the source of the file you are about to download or the link you are about to click? Be careful. It could harbor a malicious virus, key logger, or other software that installs itself on your computer. If in doubt, check it out before you take action. Did a trusted friend, relative or associate send you a file you were not expecting? If necessary, take a moment and contact the sender for confirmation that they did indeed send it. Do not open executable email attachments unless you know their origin and specifically requested them.
Don’t bite on phishing scams
Phishing scams are those in which scammers impersonate people or businesses (i.e., banks, credit card companies, social media sites and the like) to trick you out of your user name and passwords. The goal of these scams is to entice you into entering your personal data and/or account numbers to steal your identity—and ultimately your money. Be careful when and where you disclose your personal information online—particularly when it involves a transaction you did not initiate.
Password security
Avoid using passwords that are short, simple, or easy to guess. Remember…passwords that are eight characters long are only of “average” strength. Make your password longer and use a combination of letters, numbers, symbols, and capitalization. Each of your online accounts should have its own unique password. No exceptions. Password generators and managers are useful utilities to consider if you have multiple online accounts and find it difficult to create strong passwords or remember them once you do.
Use encryption
Divulging personal information, account numbers, or details about your personal life online can have devastating consequences. Encryption is an easy and affordable means of protecting your data from prying eyes. Whether you utilize full-disk encryption on your computer’s hard drive, or secure selected files of your choosing with a cloud, hardware or software solution, encryption is one of the best methods of preserving your confidentiality. Google “how to use encryption” to find out more and decide which method best serves your needs.
Enable UAC
User Account Control (UAC) is the alert that appears on your screen asking you to verify that you are the one initiating the action about to take place on your computer. Do you want to allow the following program to make changes to this computer? You may tire of seeing this reminder, but remember it is there to protect you from installing malicious software. Leave it enabled.
Use Wi-Fi encryption
Wireless networks have security vulnerabilities that wired networks do not. Protect the wireless connection at your home or business by:
Installing security patches and updates — Keep your router’s firmware current and be sure the devices that connect to your network are up-to-date.
Choosing a strong administrator password — The default passwords for routers are usually very weak (e.g., admin, password, Netgear, Linksys, etc.). Change the default password of your wireless network to something longer and stronger.
Disabling remote administration — Some wireless networking routers offer you the ability to allow administration of the router remotely. However, unless you are technically savvy and familiar with WLAN security you should disable this feature.
Changing your SSID — Your Service Set Identifier (SSID) is simply the name of your network. Change the default name to a longer, more secure name that does not contain any personally identifiable information about you or your address.
Using MAC filtering — Each network adapter has a unique MAC address. If your router offers MAC filtering, using it will allow you to limit the number of devices allowed on your wireless network.
Beware of free software
Whether you download, install, and run software on your computer, tablet or mobile phone, you should know by now that free software isn’t always free. Infected apps and programs can hide worms, viruses, malware, and malicious “backdoors.” A backdoor is harmful software that gains access to a program or computer bypassing normal authentication and security measures. Be certain that both the software and the web site source from which you download it are trustworthy.
Turn on two-step verification
Many online services (e.g., Facebook, Gmail, Twitter, Yahoo and Google, etc.) now offer two-step verification, a second layer of defense to verify that you are the person actually signing into your account. They accomplish this by sending a numeric code usually via text message to a device that only you have access to — your phone, for example. (Or, in some cases, it can be sent to another email address.) This security feature is a fast and easy way to prevent anyone from accessing your email account or using it — even if they know your password.
No single security checklist of computing best practices can ever cover everything you need to know to remain safe when you are online. Still, computer safety does not have to be complicated if you follow the do’s and don’ts provided. Stay informed. Keep your computer’s operating system and software current with the latest security updates. Most importantly, back up your computer files on a regular basis. Then, chances are, your travels on the information highway will be trouble-free.
Eric Kies, CFP®, is a Partner/President/COO in the Quad Cities office of The Planning Center, a fee-only financial planning and wealth management firm.
Email him at: eric@theplanningcenter.com.