Internet security – and privacy — are hot topics these days. Here at LNWM, we take great care to guard our online data network, as LNWM Technology Director Bill Frizzell pointed out earlier this year. But what about us as individuals? What can each one of us do to keep our personal online dealings private and secure? Here’s some really good advice from LNWM’s Kelly Clark.
Q&A with Kelly Clark
LNWM’s Senior Network/Database Administrator
Kelly, what type of email can people trust?
Kelly: None – seriously. Email is inherently suspicious. By that, I mean you should always be on the lookout for bogus incoming requests, especially emails that contain links and/or attachments, and even if the email seems to be from someone you know.
Why links and attachments?
Kelly: Both of these “add-ons” are ways to get at your device. A link can take you to a malicious website. If you click on such a link, you may think that it’s not a big deal. You’ll just think you’ve been taken to the wrong website or a website that gets an error message. What may not be apparent is that the site you’ve linked to is capturing your browser info, including any passwords or log-in info you’ve told your web browser to remember.
Keep in mind that an email attachment is probably more dangerous than a link. If you download a malicious attachment to your electronic device, you could potentially wreak havoc on your computer system.
What kind of havoc?
Kelly: There are two types of attacks that people often confuse. VIRUSES are computer programming attacks designed to disrupt how your electronic device operates. The goal is to disrupt or shut down your system. That’s very annoying but probably won’t lead to financial woes.
By contrast, MALWARE is software designed to capture sensitive information. It may seem like your computer is working as usual, but it could be that certain programs have been installed that are copying bank account and other sensitive info you may have had saved on your computer, including on your browser. The people behind “Game Over Zeus” and other nefarious malware are after information they can use to rob you.
How can you size up if a link is suspicious?
Kelly: If you get an email that includes a link, ALWAYS hover over the link with your mouse. If you do that, the URL (website address for the link) will appear on the left bottom of your screen. If you do not recognize the address shown, or if it seems suspicious to you, do NOT click on the link.
What are some red flags?
Kelly: If, for instance, you get an email from your bank that includes a link. You hover over that link and see that it starts with “Dropbox” or some other name instead of the bank name, followed eventually by your bank name. That is really, really suspicious. No bank will steer customers to an online-storage site like Dropbox.
What makes for a strong password?
Kelly: It has both upper and lower case letters; it has numbers and punctuation; it is at least 8 characters long, with 15 to 24 characters being ideal. A pass phrase of yours that is peppered with numbers and punctuation is a good place to start.
This is not just random advice. It’s based on testing how fast a hacker would take to figure out your password, based on what he/she knows about you from remotely accessing your desktop and browsing history. Internet-standards expert John Pozadzides estimates that adding just 1 capital letter and 1 asterisk to an 8-character password could change a hacker’s processing time from 2.4 days to 2 centuries!
Do you really need separate password for each website?
Kelly: Yes. Definitely. In particular, make sure your email password is different from all your online financial accounts. If hackers figure out your email password, they’re likely to immediately start trying it at all major financial institutions to see if one of your accounts turns up.
How can you keep track of all the passwords that change over time?
Kelly: Personally, I’ve installed a program called “LastPass” on the electronic devices I use most often; it stores the log-in info for the sites I visit, after I select to save this info. To access all my log-in info, someone would have to know the one master password I created (I’ve made it sufficiently complex and really hard even for even me to fully remember). I’ve stored this master password in a safe place that is accessible only to me. If the LastPass site is hacked, the intruders will also need my master password to access my info. So I feel pretty secure using this service.
How safe is it to use the “free public Wi-Fi” at places like coffee shops and airports?
Kelly: When you do that, you’re relinquishing your privacy. I suggest you don’t do any work while on a public Wi-Fi network that you don’t want to become public. Be especially wary of hoping on to public networks at airports or hotels, where hackers can hang out unnoticed. Before logging in via a public network, STOP to ask: Am I working on something that I wouldn’t mind being made public? While traveling, I actually have a laptop just for Internet access with no sensitive information on it.