How Secure Are You? Tips For better PC security
The internet is arguably one of the greatest inventions of all time. Literally millions of web sites exist for the purpose of research, entertainment, news and information, socializing and everything in between. It’s made the world a smaller place, and while some might argue the fact, I think a better place. In fact, it’s hard to imagine a time when we didn’t have the internet at our fingertips.
According to the Internet World Stats that collects its data from Nielson//NetRatings and the International Telecommunications Union (ITU) as of August 2009 there are 1,733,993,740 people on the Internet world-wide and 227,719,000 people in the United States on the Internet with that number increasing daily. With the boom of the internet, there has been a boom in the number of hackers and bad guys looking for ways to exploit the internet for various reasons. Some hack for profit by taking over web sites and redirecting the traffic. Some create phishing sites to try to steal your identity or credit card information while some hackers hack just for the challenge and the thrill of it. What this means to you is that you have to always be vigilant in your cyber-travels. This article will try to educate you on what you should be on the lookout for and things you can do to ensure you don’t become a victim to these “ne’er do wells” out there.
In today’s article, we’re going to examine this from the desktop level. A future article will examine server security, so stay tuned.
Phishing, Spam and other Email Scams
One of the most prevalent hacker schemes is called phishing (pronounced “fishing”). In a phishing scam a hacker will create a copy of a well known site, such as a bank, BestBuy, Ebay or PayPal…it could be any site that takes credit cards or contains credit card or other personal/sensitive information. Once they have created this fake and very authentic looking site, they will send out a mass email that appears to come from that site. That email will try to convince you to either enter your username and password or credit card information under the guise of “we’re updating our records”, “you’ve won a contest” or “there has been a security breach and we need to verify your information to ensure your safety”. Be aware that the real company would never ask you to divulge that information. Should you receive an email like this and you have doubts about its authenticity, you should contact the company via phone to confirm, but under no circumstances should you enter your username/password or any other sensitive information into a web site that you have clicked a link in an email to get to unless you are absolutely sure of the emails origin.
Another prevalent scam is called the 419 or Nigerian scam. This is a variation of the old “Spanish prisoner” scam. The way this works is that you’ll be contacted by someone you never heard of who claims that you either inherited a large sum of money or that this person has a large sum of money to move out of their country and requires your assistance. In exchange for your assistance, they will give you a large cut of this sum of money. Of course, “your assistance” is in paying the scammer a sum of money up front to assist the scammer in getting the money out of the country (claiming he has to bribe officials, pay for transport, etc). The bottom line is that if you are legitimately owed money, you will be contacted via more traditional methods such as a certified letter. Never trust an email from someone promising you a large fortune. The old adage of “if it sounds too good to be true, it probably is” holds true here
PC security starts with one of the most simple but often overlooked aspects – a password. I am always surprised at the number of people with a PC that have no password required to log into it. What I usually hear is “I’m the only one that ever uses this PC”…but that couldn’t be further from the truth. If your PC doesn’t have a password, I can almost guarantee that you are NOT the only person using it – you just think you are. The easiest computer in the world to hack is one without a password. Hackers will easily gain access to your PC and use it for all sorts of evil, such as using it to attack web sites or other computers, spreading viruses, sending out spam and more. ALWAYS…ALWAYS (did I mention ALWAYS?) have a password for your PC…the stronger the better. So, what is a strong password and how do you make a strong password? I’m glad you asked. First, it should never be a name or a dictionary word. Hackers use scripts called brute force scripts to try to guess passwords. A brute force script will try literally thousands of username/password combinations from a database to see if one works and if your password is “abcd1234â€³ I can guarantee you this script will find it, so you might as well not even have a password. You should always use a combination of UPPER case and lower case letters as well as numbers and special characters. One good way to create a very strong password but is easy to remember is to take a 7-8 word phrase (or two shorter phrases) and use the first character from each phrase. Capitalize the first four letters then add one special character to the end. So, for example “how much is that doggy in the window” could be “HMITditw?” No one would ever guess that password but you would easily remember it. You can also substitute numbers and characters for letters – @ could be “a”, $ could be “S”, 3 could be “E” and so on.
Also, don’t write your password and stick it to the bottom of your keyboard. If I were a hacker (fellow office worker, “friend”, etc) who somehow gained physical access to your PC, the FIRST place I would look would be for a postit note with your password on it.
Next, protect your PC from viruses. Make sure you have virus protection installed. AVG offers a free version that has actually worked quite well for me and checks your email and downloads for potential viruses. It also automatically updates itself with the latest virus library. Norton and McAfee are two other companies that offer protection software but there is a fee associated with their products.
Because email is the one application where your permission is not required to send you something, it is the most abused application on your PC. Of course, it’s also the one application you really cannot live without. So, here are some basic rules to help protect your email.
1. Never open an attachment from a sender you do not know. Attachments can contain viruses and all sorts of bad things.
2. You should have at least two email addresses. One that is private for friends, family and business associates. Instruct them to never give this email to anyone. The second one would be used for things that you purchase online or forms you fill out. This allows you to do a couple of things. First, if you receive an email to your “private” email, you can trust it more. Secondly, you can set up more aggressive spam filtering on the secondary email.
3. Never put sensitive information (passwords, credit card numbers, etc) in an email as email is not encrypted and can be intercepted as well. Should you need to provide this information to someone, it’s best to use the old-fashioned method and call them on the phone. Think of it as sending a postcard written in pencil. As the card is delivered it makes numerous stops and can be altered or read by various people.
4. Never reply to a spam email, even to “unsubscribe”. Any sort of response acknowledges that the email address is legitimate and you open yourself up to additional spam. Simply hit the delete button – it takes less than 1 second to hit that delete button.
5. Just like your PC password, always create a strong password for your email accounts.
PC security requires some basic steps and some basic common sense. You lock your house at night and when you leave. You lock your car when you go into the store. Be sure to do everything you can to “lock your PC” and you greatly increase your chances of not falling prey to the hackers of the world.