Bank accounts emptied, credit ruined, identity stolen and lives turned upside down – without a perpetrator ever walking in your door. Anyone who goes online can get hacked.
We asked three experts for advice on what you can do to make your corner of the Internet more secure:
• Dr. Magdy Attia, dean of the College of STEM at Charlotte’s Johnson C. Smith University.
• Redvers Davies, founder of Hackerspace Charlotte, an open-technology lab.
• Will Enck, assistant professor of computer science at N.C. State; his research focuses on systems security.
Their top tips:
1. Don’t share your passwords. “Sharing” means using the same password for more than one purpose: Internet sign-ons, email, online banking and so on. This is human nature, Enck said: “It’s very hard to remember lots of different passwords for the different sites, so people commonly use one password across multiple websites.”
This makes things easy for hackers: If one password is revealed, they have the works.
“Your email is the one you should keep most secure as it is the center of your online life,” Davies said. “Example: If you forget the password to your bank account, you may be able to get a change-password link emailed to you. Well, if a hacker has already broken into your email, that person could reset your password and control your accounts.”
2. Change your passwords and make them long. “Your password should be changed every month or every two months – and make it hard to guess,” Attia said. “Some people use kids’ names, birthdates or whatever. But there are software packages that can scan a large number of passwords to find out what can work. A hacker can use these tools to scan for possibilities.”
Length of your password is more important than complexity. Consider the math: Hackers use programs that sort through combinations of letters and numbers at lightning speed. Longer passwords mean more work for hacking software – and hackers generally want quick results.
Davies offers this tip: Many email providers offer a “two-factor” authentication option in your settings: When you sign on with your password, a message is sent to your phone that prompts you to enter an additional access code. Use it.
Enck agrees: “It is simple to turn on and gives you a fantastically great advantage; I highly recommend it. A number of sites use this. I’ve been using this for two or so years; it’s not that onerous to use.”
3. Keep your system updated. Programs like Acrobat PDF reader, Microsoft and Java are heavily abused by hackers, and patches and new releases often contain upgrades that close avenues hackers use. Keeping these programs up to date is smart, Enck said.
Uninstall software you no longer use. Having fewer older programs means less opportunity for hackers.
4. Get protected, stay protected. There are many good antivirus programs out there, Davies said, that protect you from 95 percent of the danger that’s out there. “But each program covers a different 95 percent – and that’s the problem.”
A free one he recommends is Microsoft Security Essentials. It provides protection from spyware, malware and viruses.
Enck said firewalls provide another level of defense. But because they’re so common – often already installed on new computers – many hack attacks can evade them. Firewall protection also has to be kept up to date, Attia advised.
5. Stick to visiting secured sites. Web addresses that begin with “http” use the basic Hypertext Transfer Protocol. But with “https,” the “s” on the end stands for “secure”: It authenticates the website and the Web server you’re communicating with.
A tip from Enck: “The Electronic Frontier Foundation has a campaign called HTTPS Everywhere that tries to direct you to an https site whenever possible.” At https://www.eff.org/https-everywhereyou can download and install this free safeguard add-on for Chrome, Firefox, Firefox for Android and Opera.
6. Be email cautious. “We all receive emails and don’t really know who the source is,” Attia said. “So never open an email – especially an attachment – from an unknown source.”
Infections can come from already-hacked friends, too. One example: A hacker sends an infected message to everyone in the victim’s online address book. Open its attachment, and you unwittingly become an infection spreader, too.
Be suspicious if a friend appears to have sent you an email with no subject line, a subject line that only says “RE” or “FW” or is uncharacteristically vague or brief (example: “Hey” or “ILOVEYOU”) – especially if the email text contains an Internet link. Be on the safe side: Call that friend first to check.
7. Be careful what you click. “Avoid clicking links that promise free prizes or gifts. Hackers play on our greed; it’s psychological,” Attia said.
Davies offered additional red flags: “Avoid offers of smileys, screen savers and coupon-printing software. Be incredibly careful if you’re downloading free movies: peer-to-peer networks are full of malware.”
8. Be leery of third-party security alerts. “If you’re browsing the Internet and a website’s pop-up tells you have have viruses, it could be a trap to get you to download harmful files,” Davies said.
Attia mentioned a variation of this that operates if you’ve already been hacked: “You can get messages that say you need to upgrade your protection by buying something online using your credit card. Some people immediately respond – and that’s a disaster.”
Some hackers hire call centers overseas. “They claim to be from Microsoft or whatever,” Davies said. “They’ll say, ‘We have detected a virus on your machine; go to this website, download and run this program so we can fix it for you. This gets them inside your machine. And this happens a lot.”
9. Be wary of software downloads. “If you are getting software at a discount or for free online, remember that there’s no such thing as a free lunch.” Enck said. “There’s lots of pirated software out there, and there’s the increased likelihood there’s some sort of malware in it.”
When you’re ordering any kind of software for any device, Enck said, buy it conventionally – like from a manufacturer’s website – not through links.
Attia offers a caution about USB flash drives: “You may get this as a gift from someone, but it could have some other software stowed away. Once in your computer, it may get access to all your files or infect your information. Any peripheral connected to a computer can infect it.”
10. Be app-alert. “Be careful what you put on your phone,” Attia said. “If you go to a website you don’t know, what you’re buying for 99 cents could be designed by a hacker anywhere in the world. Always use reputable apps, and select them cautiously.”
“The number of platforms (like Windows, Apple, Android) with app stores is increasing, Enck said. “There are some bad alternative app stores for Android out there. Users should stick with the official one for their platform.”
And Enck has a tip for some mobile users: “If you have Android, don’t go get software just because it’s free. Use the Google Play store for apps. And if you can on your device, never click the box in ‘settings’ that allows the installation of settings from unknown sources.”
THE BOTTOM LINE
“It’s all about numbers,” Davies said of hackers. “They want the maximum payoff for minimum work.”
When it comes to brute force hacking, Enck said he’s reminded of an old survival saying: “You don’t have to run faster than the bear, just faster than your friend.”