“The hackers are breaching the architecture, not the authentication mechanism”
– Garret Grajek, CSO at dinCloud
How do I protect myself from being hacked?
Here are twelve best practices that will help you protect your accounts.
- You should never trust anyone or any site with your credentials. Period.
- Two-factor authentication
The difficulty of obtaining both authentication factors make 2FA accounts more difficult to hack than simple password protected accounts. E.G., You would need to gain access to both login credentials and the corresponding mobile phone to confirm the authentication.
- Hyperlinks in email
When you get deals and online promotions, avoid clicking on the hyperlinks directly. Type in the physical URL on your browser instead. Never click on any hyperlinks received from an unverified source. If you get an email that says you’ve won $1000 cash and wonder if the deal is too good to be true, it is.
HTTPS is a more secure protocol than HTTP as it encrypts the network packets that you are sending and receiving from the server. Always make sure you are visiting an HTTPS website before engaging in financial transactions or activities. Confirm there is a green lock icon on the top left corner of your browser. Make sure it is not spoofed (a re-creation of the website you were attempting to go to, by hackers).
- Website reliability
If you notice any suspicious behavior such as glitches or warnings, avoid logging in or interacting with the website. The website may be hijacked or DNS spoofed.
- Visit established websites only
Rely on established websites only when making financial transactions or activities. For many startup websites, it’s tough love, but honestly we do not know who is behind the codebase. It could be an outdated application. It could be a rogue coder. It could be someone inexperienced.
- Install popular anti-spam software
Install publicly recommended anti-spam and anti-virus software. You can vastly reduce the chances of being phished by reducing spam.
- Install Firewalls
Firewalls can detect where traffic is coming from. Next-Generation Firewalls are very effective against virus attacks, spyware, and DOS attacks.
- Be Download Conscious
Do not download any unverified applications. Unverified applications can act as VPN middleware, providing a method for hackers to penetrate into a network.
- Visit the web via a secure wireless network
Anyone can eavesdrop on your connection, capture your network packets and use the data for malicious purposes. If the network is not secure, make sure the website you are visiting is HTTPS encrypted. Otherwise, avoid logging into any system or make any financial transactions.
Make sure your passwords are unique and tailored for each website. Periodically reset your passwords. This is part of a containment and damage control strategy.
- Sharing and passing on your knowledge
There are systems and infrastructure that are far beyond your control, such as Target or Sony for example. Educate anyone you care about regarding web security. Everyone should be aware of how to protect themselves. You might be the most secure and tech-savvy person in the world, but your spouse or coworkers might not be. Their email system, which contains sensitive information about you, may have been compromised. Your home address and social security information may have been leaked. If they are not aware of web security best practices, you might already be in trouble.
The opinions expressed in this post represent those of the individual author, Benny Wong, and not those of IEG or WNET.