The internet is a not a safe place. Oh sure, it looks like it on the surface, but millions of websites are infected with malware-spreading scripts that make infecting your PC as easy as visiting the wrong web page. Indeed, as the web becomes more and more sophisticated and more commercial transactions utilize the web, the more incentive there is for the creation of new vectors for malware transmission and threats that no one could’ve even imagined a few years ago. So bearing that in mind, here are the top 5 things to keep in mind to stay safe when browsing the web:
1. E-Mail is not as secure as it looks
Email remains a common vector for malware, although these days it’s more a vector for phishing messages–those emails that attempt to trick you into giving away your information. The first rule of email is to use a provider who scans incoming messages for infections. This is crucial, as almost everyone’s mailbox is constantly inundated by infected attachments. The good news is that your provider is probably already doing just that–especially if you’re using one of the big webmail providers (Gmail, Yahoo, Windows Live Mail) or email provided by a major ISP, like Comcast or AT&T. That said, you won’t get infected in email if you simply don’t open unexpected attachments. If you’re not sure if something’s legit, ask the sender via IM or email before you open it. And never, ever open those “Please forward to everyone you know” emails.
With the rise of email filtering, phishing attacks have become the more serious email threat today. Phishing emails pose as missives from trusted sites–like your bank, eBay, Facebook Paypal, or Google–and ask you to log on to fix your account. Unfortunately, the links in the email aren’t to the sites you trust, they’re to sites that look like your trusted site, but are really just fronts to harvest your information. The most insidious of these phishing sites will actually harvest your info, then forward you on to the real page you’d expect to see on the site, if you’d actually logged on. To avoid phishing emails, don’t click links from trusted sites in email–instead open the browser and type the site’s URL in manually.
2. Learn How To Manage Passwords
Passwords are a pain in the butt, but they really don’t have to be. Every site requires a separate password, and it’s nearly impossible to keep track of them all without using some external software. It isn’t recommended to trust your passwords to an app though, because that app represents a single point of failure. But using just one password on all the sites you visit would be dangerous as well. So what to do?
The happy medium for passwords is to remember a handful of good ones and use a strategy to keep managing them simple. Have a generic low-security password to use for sites you’ve just signed up for that don’t seem very prominent (or don’t have an https:// connection option), and essentially any site you aren’t sure if you completely trust. Then it’s a matter of not using that password for sites that store more personal or financial data.
Now, develop a second password unrelated to the first one. Use it for sites you trust and that have sensitive data on it. Make sure the password is secure: that is, it’s not just a dictionary word. Toss some numbers in there, capitalize the second letter, etc. it should be more than eight characters long.
Now, the final password, and it’s for your e-mail. Why is your e-mail separate from the others? Because nearly all sites, even secure ones, allow a user to reset their password if they have access to the e-mail account that was used to sign up for it. As with the second password, make sure this password is unique, is at least eight characters long, and has numbers and letters in it.
Phew. That’s a lot of work for passwords, but it’ll keep you safe, and three passwords aren’t that hard to remember. Oh, and for goodness sake, don’t keep them in a document called “passwords.txt”.
3. Keep Your Eyes Open on the Web
Every modern browser includes tools that will warn you away from known dangerous sites. Google Chrome is particularly good at warning users away from sites that have been reported to be spreading malware.
That’s a good start, but you need to pay attention to sites that your browser thinks are safe too. After all, even the best browser needs a few of its users to get infected before it knows a site is bad. Don’t be the guinea pig for others, and if you know what to watch out for, you should be fine.
First off: train yourself to not click “Approve” or “OK” on every dialog you’re presented with. I know every piece of software you’ve ever installed has all of those useless dialog boxes, and malware developers know it too.
This applies to sites like Facebook and Twitter too. The fewer apps you give access to your account, the less likely it is that you’ll be exposed to malicious software or have your private info harvested as a result. This is especially important if you’ve entered your contact info into your Facebook profile. Do you really need to have fifteen Farmville clones tied to your Facebook account? Do you really want to give your Twitter password to some stats tracking site you’ve never heard of before? Always think before you click. You can see all the apps you’ve authorized to connect to Facebook here and Twitter here.
4. There’s No Such Thing as a Free Lunch
For some reason, the web seems like a magical place to people, where deals abound and you’re going to get lucky. Well surprise: the same rules of capitalism apply in the digital world as in the physical one, and there is no such thing as a free lunch. So be very skeptical of free or heavily discounted offers. Unless they’re from a source you know and trust, they’re probably not legit.
Not sure about a deal that seems to good to be true? Well, Googling the company name might not help much. Companies practicing shady SEO practices know that more savvy users will try Googling their company, so they make sure the first page results are stacked in their favor. Just because some blog post says that it is legit doesn’t make it so. Try asking around on Twitter or Facebook for other people to check it out as well before you start sending any site your information, no matter how good the deal appears.
There’s a lot of great free software available on the Internet, but there are an even greater number of malicious apps disguised as helpful free software. Only download software you trust, and only download that software from the developer’s page or a trusted repository–like Sourceforge or Download.com.
5. Run the Latest Versions of Software
Keep all of your software updated. No, really, do it. With all the threats attacking Flash, Acrobat, OS security holes, and browsers, you need to keep your software up-to-date or risk attack. It’s simple, it’s easy, and it’s necessary.
If you have any questions about how to keep your enterprise environment free from security vulnerabilities, give the IT experts at Phoenix Synergy a call.
