Imagine how rich you would be if you get a dollar for every time a data breach news gets published! If you are trying to figure out some reasonable ways to protect your online data, you are more alert than millions of other people living on this planet.
There are some popular misconceptions regarding data security among people. For example,
“It is 100% bank’s responsibility to protect my data”. “why someone would be interested in my personal data on social media?”, “only celebrities’ accounts get hacked, not a layman’s,” “how on Earth someone can misuse my personal details?”
How can you protect your online data?
In this article, we have uncovered the truth behind those misconceptions and provided some vital tips to protect your data online!
You should use different passwords for different accounts. If it is too difficult to remember hundreds of passwords, you can group the accounts with categories. For example, a separate group of social media accounts, financial institutes, shopping website, etc. and set a different password for each group. So, at least the hacker who got your Facebook’s password cannot log in to your bank account!
It is cliché to say that your password must contain an uppercase, lowercase, number, and a unique character. But if creating and remembering new passwords for different accounts seem a big hassle to you, you can be little creative with your password and use phrases for passwords. For example, 4Dogs@home, I<3Jalapenos. See, easy!
You can also use numbers for some words and letters or minimize the words. For example:
“I want to buy an iPhone!” will be Iw2biph!
“I use Facebook for 2 hours a day” will be IuFB42had
You can also use the password manager. They will generate strong passwords and automatically fill them into login fields with the click of a button. A password manager can also share single login credentials with other people without them being able to view the login information.
“Congratulations! You have won $1000000 lottery”-Everybody knows that these sort of emails are a fraud and should not be opened! Even my grandma knows it! The bad news is that even hackers know that and that’s why they are coming up with more creative ideas in their email hacking efforts!
You would certainly not share your SSN with that person claiming to be Nigerian prince on email, but what if you get an email from your bank asking to verify your SSN for the loan you have applied recently? Yes, at least the majority of us would share our sensitive information in such a case. Hackers know that. So, sending email wearing the mask of a financial institution is a popular email phishing trend. You would think that email is from your bank and the link in the email will lead you to the webpage that looks exactly like your bank’s official website. As soon as you log in with your credentials and submit the required details, and the hackers will get everything they needed!It is popular to send phishing emails, posing as a financial institution. Take extra precaution when you get an email from your bank, and if you are not sure, call them and confirm with them.Click To Tweet
To be on the safe side, do not click the links unless you are 100% sure about the sender. Directly go to the bank’s/financial institution’s website and log in there only. You can also call the customer care number and verify whether they have sent the email and the link in the email is safe to open.
Phishing emails do not only involve financial institute look-alike websites. There are many types of phishing emails. For example, you will get an email from a friend or relative telling you that they are in trouble and need money immediately! Or an email with product offerings that looks exactly like the email you usually get from your favorite eCommerce website. So, always be alert while clicking any links from your emails.
While downloading and installing any software from online, make sure you read the publisher’s name and security warning at the time of installation. All the genuine software publishers get code signing certificates to prove their authenticity and secure the software. If the software is signed by a code signing certificate, you will see this type of window at the time of installation.
If the software is not secured by a code signing certificate, it will show below type of window at the time of installation. Such software might be from a suspicious person and can bring viruses or malware along with them.
Public wi-fi – Working at the local coffee shop is so cool! Even J.k.Rowling used to write Harry Potter in a local coffee shop! But using public wi-fi to do your bank transactions or to send/receive other sensitive information might not be so cool! It is easy for other users to intercept your
data from public wi-fi ‘hotspots’ in places like cafés, airports, hotels, and libraries. So do not send and receive sensitive information when you are using public wi-fi. Avoid using free wi-fi that is offered by people you do not know or trust. Hackers generally attract the victims by setting up free wi-fi hotspots to steal users’ information.
Home or business wi-fi – Always have a strong password for your personal wi-fi. You can also hide your Wi-Fi network. Service Set Identifier (SSID) sets up your wireless access point or router in a way that it hides the network name.
5. Visiting websites
When you visit a website, always check whether it is encrypted. Encrypted site means the data you entire in the website (bank details, credit card/debit card information, SSN, Passwords, etc.) gets encrypted and cannot be decrypted and hacked in the middle of the transaction. Website owners get SSL certificates to encrypt their website. If a site is not encrypted, you will see HTTP:// (instead of https://, where ‘S’ stands for ‘Secure’) and ‘Not secure’ sign in the address bar. Do not write any sensitive information on such websites.
If a website is encrypted with an SSL certificate, it will show HTTPS:// and a padlock sign in the address bar.
Well, reputed organizations generally choose EV (Extended Validated) SSL certificate. It is expensive, difficult to get and hence, most trusted one. The address bar will show the official/legal name of the organization before the domain name. Most of the financial institutes take EV SSL certification. If you are interested in reading more about the benefits of SSL certificate, list of providers and what kind of options exist, we already wrote an extensive post about it and you can read it here.
6.Regular device security
What happens if your device gets stolen? It is an ugly scenario, and nobody wants to talk about it. Majority of people have a soothing misconception that they are always alert, and their device will never get stolen (until it actually does!). If we sound like some gloomy pessimists, let us show you some statistics from Kensington’s recent study report.
• One laptop is stolen every 53 seconds.
• 70 million smartphones are lost each year, with only 7 percent recovered.
We wish your device live long and prosperous, but you should also make sure that if it gets stolen, the damages are minimal. Always log off when you’re finished working. That way, if your laptop/mobile is stolen, the thief cannot log into your important online accounts. Secure your mobile with fingerprint, biometrics or unique codes. Have a strong password for locking your laptops. So, when they get stolen, the thief cannot enter into the system.
7.Device security when you are getting rid of it
Whether you are reselling your old mobile/laptop or throwing it in the garbage bin, delete all the data before doing so. Visit all the websites where you generally have login information and Log out from all the accounts. Make sure your login credentials are not saved there. For laptops, delete/rewrite all the data from the hard drive.
Two-factor authentication (also known as Two-step verification) allows you to use one another security method along with your regular password. It requires a second verification step, such as the answer to a secret question, a personal identification number (PIN), a secret code or phone/email verification with a one-time password (OTP). You can have Two-factor verification for your Facebook, Google, Dropbox, Apple ID, Microsoft, Twitter, bank account, shopping website accounts, and other important accounts. Even if a hacker gets your password, s/he cannot log in to your account because of this additional layer of security.
9.Firewalls, anti-malware, security scans
Malware is a malicious script that is designed to invade a device without the device owner’s consent. It includes computer viruses, spyware worms, trojan horses, etc. Hackers hide them in websites, emails, downloadable software, files, photos, videos, etc. Make sure your computers and mobile devices have robust anti-malware, anti-virus, and anti-spyware programs. Do Frequent scans for viruses. Avoid clicking on suspicious links.
You should also install Firewalls. A firewall protects websites and computers from viruses, malware, hacker attacks, etc. It assists in blocking dangerous programs, viruses or spyware before they damage your system. Hardware-based firewalls provide a robust level of security.
Just like with Autocorrect, everyone has a love-hate relationship with software updates! Hackers are always in search of vulnerabilities and security patches in current software. So, Software updates are created by fixing current software loopholes and critical security patches from recently discovered threats. Unfortunately, you can run, you can hide, but you can’t escape from software updates! You must keep updating all the operating systems and software whenever the latest updates are available. You can also automate updates.
11. Data encryption
Encrypt your data on your removable storage devices (USB drives, SIM cards) and cloud storage. Removable storage devices can simply be plugged into another device, and the holder of the device instantly gets access to all the data stored in it. But if you have encrypted your data, no other person can interpret the data if the storage device gets stolen or lost.
Cloud storage is always an attractive backup option. But not all the cloud storage service providing platforms are equally secured. So, you must choose a cloud service that encrypts the data you stored or at least offer you an encryption option. Some cloud service providers take care of both, encrypting your files on your own computer and storing them safely on the cloud. Therefore, no one (even the service providers) will have access to your files. It is called “zero-knowledge” privacy. Some of the well-known “zero- knowledge” cloud service providers are Spideroak, Tresorit, and Wuala.
12. Social media caution
“Who is interested in using my personal data? I am not a celebrity or any Richie rich!” Well, there are online marketers who are keen to know your age, nationality, geographical locations, likes and preferences, webpages you like to surf on, and your friend circle and family (a.k.a influencers). These details help them to decide which online advertisements to show you, where to place those ads to make maximum effects on your mind and influence your purchase decisions.
Not only marketing strategies are formed on the base of your personal information, but hacking can also be planned on the base of the information you share over social media. “How on Earth someone can misuse my personal details? What’s wrong with posting pictures of Fluffy-my cute little dog or vacation to my hometown and enjoying my favorite dish in my first school’s cafeteria?”
Well, people generally use their personal details to set passwords and security questions. Imagine you have set your password using your name, date of birth, your pet’s name or parents’ or spouse’s name, how easy it would for a hacker to guess your password. IF your security questions are “what is your pet’s name,” “what is your favorite food?”, “name of your hometown” or “which is your first school?”, don’t wonder from where hackers got the answers!
We are not saying don’t enjoy your social media. But be careful and don’t overshare.
- Only add people whom you know and can trust.
- Go to privacy setting/Account setting and carefully select the visibility of each post.
- Do not click on “too good to be true” sort of links. “know your future based on your birthdate”, “know your personality type based on your food habits”, “Find out who viewed your profile on Facebook?” type of posts are sometimes filled with malicious scripts and can easily hack your profile.
- If you get suspicious messages and links from your friends/relatives, call them to confirm before clicking on those links. There are high chances that your friends/relatives’ account got hacked, and they did not even know about it.
- If you get posts asking for charity, fundraising for a cause, you make sure to visit their official website, call the concerned person and check all the tiny details before sending the money.
If you think following data security steps is too much work and eats up a lot of your valuable time, we understand you! But do you know what is even more time consuming and frustrating? The procedures you need to follow after the actual data breach event takes place. For example, banks and financial institutes take responsibility only if the deficiency is on their part. If the fraud had taken place due to a customers’ negligence, bank/financial institutes do not assume any liability.
For example, if someone has used your debit card with the correct ATM pin, you need to go to the police and cybercrime department instead of the bank. It is a lengthy and exhausting process. The procedure becomes worst if the cybercrime is committed from other countries. Hence, prevention is always better than cure in all the areas of life, including online security!
Medha M. is working as a Content Marketing Specialist for SectigoStore. She is a Tech Enthusiast and writes about Technology, Website Security, Cryptography, Cyber Security, and Data Protection. She had held a Management Consultant role in a range of organizations.