Online Security


This blog post was published on Friday 29 April 2011.

With the recent nightmare scenario surrounding Sony’s Playstation Network (PSN), a lot of people are concerned about online security.  Sony have admitted that personal information, including dates of birth, mother’s maiden names, addresses and credit card numbers are included in the data stolen by hackers.  This is a major incident in the world of the web, one of the largest security breaches ever.

Is the web safe?  How can I protect myself from fraud and identity theft?  Is there any way I can protect myself?

The web is by definition a public area.  Celebrities especially seem to forget this when posting on Twitter or Facebook.  The greatest strength of the web - that you can access all of it, from anywhere in the world, all the time - is the reason why security breaches like the one affecting the PSN are inevitable.  The web is not inherently safe, but you can protect yourself to a certain extent if you follow the following guidelines:

  1. Use credit (not debit) cards
  2. Use different and strong passwords (a password manager helps)
  3. Protect your data
  4. Use up-to-date software

If you keep these things in mind when using the web, you will protect yourself from the majority of attacks, and minimise the impact an attack has if you do fall victim to one.  The web is a wonderful resource, I love it and can’t imagine living without it now, but common sense should prevail with these things, always remembering: the web is public, not private.

1. Use Credit Cards

When paying for goods or services, use a credit card, not a debit card.  Credit cards have guarantees so that if your card is stolen or used fraudulently, you can claim the money back.  Debit cards do not have this (as a general rule).

2. Use Different Passwords

Use different and strong passwords for each of your online services.  If you are like me you will have well over 100 accounts at different websites across the web.  Most of these are tied to my email address - so if you use the same password for more than one website, and one of them gets hacked, you are leaving your other accounts wide open.

Think of it like this.  If you owned 100 houses, you would not have one key to open them all, you would have 100 keys.  That way, if a key gets stolen, only that house is vulnerable.  Otherwise, you would have to change the locks on all 100 houses if your key went missing.

It is the same with passwords.  It’s a pain I know, but if you use different passwords for each website, and store them in a password manager (Keepass is excellent, I strongly recommend it), then if one is compromised you don’t have to change all your passwords.  Using a password manager also means you can have strong passwords (e.g. ‘7h9O&£lp1@’ is a stronger password than ‘bennettstreet1’) because you just copy and paste from the password manager into a website.

3. Protect Your Data

Your personal information is valuable - don’t treat it lightly.  Your date of birth and mother’s maiden name especially are used by your bank to identify you, so make sure you don’t make that information available, on Facebook or anywhere else that is publicly available.

Try to keep other information - like your address - secret as well.  Your friends will know where you live, other people don’t need to know!

Don’t use social networking tools that allow you to ‘Check In’ to a place, or announce to the world that you are on holiday.  If someone knows where you live, and discovers you are in a coffee shop, or away on holiday, you are effectively telling them your house is nice and empty and ready to be burgled.

When you are entering passwords or financial information, make sure that the site is using SSL.  You can tell because in modern browsers, you will see a padlock in the address bar, or the bar itself will go green - when this happens it means the site you’re accessing has been verified and your connection to it is secure.  If this does not happen, do not enter your personal data, because it will be sent unencrypted, and therefore could be plucked out of the air by a hacker while it is travelling between you and the website.

4. Use Up-to-date Software

Internet Explorer might be comfortable and you may have used it for years, but unless you are using IE9 you are leaving yourself vulnerable to attack.  Use Firefox or Chrome for a much faster and safer browsing experience on all versions of Windows / Mac OS X / Linux, or upgrade to IE9 if you are running Windows Vista or Windows 7.

Please buy some antivirus software, or use Microsoft Security Esssentials, or AVG if you don’t want to pay for it.  Antispyware software like Malwarebytes can also help protect your computer from malicious software.  Windows comes with a half-decent firewall, and most routers have built-in firewalls too, but if you are concerned, contact your ISP to ask them.

For all these programs, and for your operating system, ensure you check for updates regularly, and install security updates as soon as they are available.  Don’t skip them because they’re annoying!  Keeping your software up-to-date is one of the best forms of defence.

 

I hope these tips are helpful to people.  Remember the web is public, and act sensibly, and you should be fine.