Opening Words from Sun. August 23: "Top 5 Ways to Protect Yourself Online" by John Wahlers

Top 5 Ways to Protect Yourself Online, According to IT Industry Security Experts

First, I’d like to introduce myself. My name is John Wahlers and I’m currently employed as a data center systems engineer on my company’s core infrastructure team. My team manages our company’s storage environment, our physical and virtual server infrastructure, and our messaging platforms. I’ve been working with computers for 30 years and I actually started learning programming languages when I was 8 years old. I’ve been working professionally in IT for 20 years and I earned a bachelor’s degree in computer science from Webster University.

I’d like to start by debunking some personal online security myths that a lot of people may have.

One myth that many people believe is “No one would want to hack me, I don’t have anything valuable that anyone would want”. The truth is that attacks on your personal devices aren’t done by one hacker intentionally going after your computer or phone because they know you and are specifically targeting you; these attacks are done by automated means like scripts hidden inside advertisements or on infected websites or by bots that just scan literally the entire internet, looking for anything that’s connected and attempting to exploit all known vulnerabilities on those connected devices. Also, any piece of personal or financial information is tradable on the internet’s black market, no matter how unimportant or benign it may seem to you. And it’s not necessarily your information a hacker may even be after; in many cases, it’s your device’s storage or its compute power. Hackers may store their illegal files on your devices so if the hacker’s own computers are seized by their government, the hacker can’t be charged with possession of that illicit material. Hackers may also use your computer as a zombie in their botnet to send spam, run distributed denial-of-service (DDOS) attacks on web services, mine cryptocurrency, and spread their viruses to other online devices.

Another common myth is the idea “I don’t do anything risky online…” or “I only go to sites that I know or large, well-known sites…” “…so I won’t come into contact with any malware”. Again, the facts quickly debunk this myth. Large, well-known, seemingly trustworthy sites like Facebook and YouTube have been tricked into hosting malware that has infected people’s devices. A few years ago, over 600,000 WordPress blogs were simultaneously hacked to invisibly host malware that would attempt to infect anyone who visited the site without any visible signs that the infection was taking place. Long gone are the days where you only had to worry about the “dark corners” of the internet trying to infect your device; now, any website you visit could potentially be trying to infect your device, usually without any awareness by the site’s owners.

So, finally, let’s look at the top 5 ways to protect yourself online, according to IT industry security experts.

#1: Always keep everything updated. This includes workstations, laptops, tablets, phones, routers, etc. People may be wary of updates because they’re afraid an update might “break” something, but on the whole updates fix more problems than they cause. Once an update is made available for an operating system, application, or device, every hacker in the world is immediately knowledgeable about the security flaw that the update closes, which greatly increases the risk for users who haven’t yet applied that update. This doesn’t need to be a time-consuming manual process, either; wherever possible, make sure auto-updating is enabled. This is typically an available option in operating systems, web browsers, web extensions and plug-ins (Java, Flash, etc.), and desktop applications (word processing, games, financial applications, antivirus, etc.).

#2: Use a different, strong password for each thing that uses a password. This means that logging into your computer would be one unique, strong password; each of your email accounts would be different, unique, strong passwords; your social media accounts would each be different, unique, strong passwords; each of your bank accounts, etc. This may sound like a daunting task, but using a password manager like KeePass, LastPass, or 1Password can help. The problem with using the same password for everything is that when one web service you use gets hacked and your username and password is revealed, those hackers then have access to all of your other accounts like your email, your bank account, your social media accounts, etc. A “strong” password in this case has several requirements: A) Not a dictionary word in any language, nor any person’s or pet’s name in any language, B) Is at least 16 characters long, and C) Contains several capital letters, several lower case letters, several numbers, and several symbols (i.e., a completely random series of different types of characters). Again, using a password manager can help create random, strong passwords, and store them for you so you only need to remember two passwords: the one that logs you into your computer and the one that logs you into your password manager to access everything else

#3: Use two-factor authentication where available. Two-factor authentication is an additional security feature that can be enabled for many web services like Gmail, Yahoo, Dropbox, Facebook, Twitter, etc. Not every web service has two-factor authentication available as an option yet, but for those that do, it’s a very good idea to enable it because it literally requires a second factor – in addition to your username and password – to be used to login to the web service. Two-factor authentication can take many forms, but most popularly it’s a special code that is texted to your cell phone or given to you by a phone call or presented in an app on your phone at the time you go to login. The value in two-factor authentication is this code is always dynamically generated and available only for one-time use for your specific login at that point in time. The next time you go to login to that web service, the code will be different and again, only applicable for that point in time. This means that someone attempting to hack into your account, even if they have your password, would have a much more difficult time because they most likely wouldn’t also have access to this second factor.

#4: Use multiple antivirus and anti-malware programs, and also use ad-blocking and script-blocking web browser extensions. Different antivirus and anti-malware vendors have different focuses and they release updates on different schedules in response to different threats. It’s very important to choose only one antivirus program to run in “realtime” (or to have “resident scanning” or “24/7 always-on” enabled) and then only use the other antivirus and anti-malware programs for ad-hoc scanning on your own schedule. Ad-blocking and script-blocking browser extensions can take some time to get used to and to train for your web browsing habits, but they greatly increase your online security.

#5: Always be vigilant. Maintain a healthy level of skepticism while online. Avoid clicking on ads and watch out for click-bait (shocking headlines that are clearly written with the sole intention of grabbing people’s attention). As with real life, if something appears too good to be true, it almost definitely is. There is no reason to be paranoid, though; just like walking through a crowd or driving on the highway, it’s important to remember that not everyone is out to get you, but it is a good idea to be prepared and take appropriate precautions to mitigate risk and maximize safety while still being functional and allowing yourself to enjoy your time.

Thank you!
John Wahlers