25 Sep 2017

10 online security blunders to avoid

There are few worse faux-pas than having your online identity stolen. According to the Javelin Strategy & Research study, in 2016 there was over 15.4 million Americans who had their identity stolen. It is estimated that nearly half of Americans will have their computer compromised or have been completely hacked every year. You've probably received the "emergency I'm in a foreign country and been robbed" emails pop up in your inbox, or maybe you've been a victim of ransomware such as WannaCry. Today, more than ever, it's important to be aware of your internet security and take steps to protect yourself.

Keep yourself digitally secure with the 10 actionable ideas.

Blog template for Amdee.png 

1. Overcomfidence in your system

Mac is marketed as being virus-proof. And PC comes with anti-virus software preinstalled and enabled. Yet that doesn't make your system invincible and in fact can lead to a false sense of security. While it will help it won't protect you from everything. It is important to practice common sense when opening emails and when browsing the web.

 

2. Having out of date software and apps

Apple is notorios at sending you reminders if you don't update their software and they have good reason to. Out of date software and apps are more vunerable to attacks that those that are up-to-date. While there is the occasional instance that breaks this rule, generally manufactuers release updates to protect you against vunerabilities that they discover.

Is your anti-virus software out of date? That, just like other software and apps should be updated regularly as well. If your anti-virus company has the option to allow auto-updates and automatic scans of your system that is one less thing for you to think about.

AdobeStock_101797828.jpeg

3. Change all of your password on a regular basis, and frequently.

Yes, it's a pain. And then you have to remember what the dickens you made the new password. But the good news is you don't have to do them all at the same time.

If it's easier to have a reminder on your calendar and do them spread out, do it. Social media accounts could be one month, and emails and website the month after. The longer and more random they are the harder it will be for a hacker to gain access. Yet don't skimp and regiorously change your password every 6 months by adding a few numbers onto the end. This won't help your security and may in fact hurt it. 

Hot tip:

If you have problems remembering your password, or have trouble coming up with new passwords that are secure, there are many companies that offer products to help you securely check and store. Check to make sure they themselves haven't had security breaches though. We recommend Codebook and Dashlane

 

4. Using a common password.

Did you know the top 5 common passwords in 2017 are 

  • 123456
  • 123456789
  • Qwerty
  • 12345678
  • 111111

Are they easy to remember, yes. Are they easy to guess, yes! The best types of passwords have a combination of capital and lower case letters, numbers and special characters, such as exclamation (!) or percentage (%). 

Hot tip:

While 6 characters is the standard minimum the longer you can make the password the more secure you'll be. Security experts recommend at least 12 characters.

 

5. If you're using cloud services make sure they are secure too

Is your iCloud password 123456? Is the answer to your security question something that can easily be gathered from public information on your social media accounts? While it might be the easiest to have your security question be "favorite pet" and the answer "Buddy" it's more secure if you use a nickname of the pet or incorporate numbers in please of letters.

 

6. Using the same username and password across many accounts.

While having different passwords and usernames across your various accounts is a pain it is also more secure. Your user names can also be as simple as FirstName001 for one account and LastName002 for another.The important thing isn't to repeat the information; if one account is comprimised it is easy for them to gain access to all of the others that feature the same information.

 

7. Trusting an email address because it looks right.

Recently we have been seeing a few phishing emails that look as though they come from Itunes or Amazon. While they have almost entirely nailed the correct format there are a few things thay haven't been able to fake (yet). 1st, they don't include your billing or mailing address, sometimes they don't even include your name. They may have your full name, email address, yet your billing address is no where to be seen. The second is that while their email may appear as though it is from, for example, [email protected] when you click to view who it is really from you get a long jumbled email with a mix of letters and numbers numbers. In the example below you will note the email is not from [email protected] & there is no name provider no billing address. All point to a phishing scam.

Apple Phishing Email.png 

8. Not changing passwords when an employee or volunteer leaves.

While this may mess up your organized scheduled change password calendar it's important that if an employee or volunteer leaves, even if it was amicable, you should change all of the passwords they had access to. 

 

9. Not having backups of your system and files.

Your website houses photos, events, contacts and information about you and your company. But if the worse happens and it's hacked or disabled are you prepared to start from scratch? With a little preventive planning, and monthly backups even if the worse happens you won't have to start at the beginning again. Sure you may loose some information but you'll still have the majority.

 

10. Not using websites that are https.

If you're anything like us you often switch between Chrome, Firefox and IE. Sometimes the URL is saved and easily comes up, other times you have to type it fully out. You may think you're on the right site when you make your purchase but if you haven't double checked you may be on a fake site. Always double checked that it says https: before the url

Hot Tip:

As of October 2017, Google Chrome browser has been rolling out extra warnings for those sites that do not have an SSL certificate. Those who have https, will display a lock icon with "Secure" written in green next to it.Security in Chrome Browser

 

Let us help protect your website with monthly maintenance

 

Other articles you may be interested in: