TechRadar partners with NCSAM
NCSAM was launched by the National Cyber Security Alliance & the U.S. Department of Homeland Security in October 2004 to make sure that our online lives - at work and at home - are kept safe and secure. That's what National Cybersecurity Awareness Month (NCSAM) – observed in October – is all about!
Staying safe online represents a significant challenge, and for families this is even more difficult with younger internet users too often unaware of the dangers that can lurk on the web. Well, just like any sane parent would not let their child wander around Times Square on their own, neither should these same children be let loose on the internet to roam free.
It can be difficult to maintain privacy online, with more of our data flowing onto the internet, including family photos and finances, to name a couple of potentially sensitive areas. Many folks are seemingly facing challenges in this respect, as last year in the US there were a staggering 16.7 million incidents of identity fraud, with a total of $16.8 billion (around £12.7 billion) stolen, according to the Insurance Information Institute.
While these are alarming statistics, there is plenty that can be done to keep you and your family from becoming victims. Here are six essential ways to maintain your privacy online.
1. Avoid public Wi-Fi
Public Wi-Fi in airports, libraries, hotels and coffee shops is an attractive resource in terms of staying in touch when away from home. These are open Wi-Fi spots, and many stores have them available these days, but the problem is that they are not encrypted like your home router’s wireless connection.
When using these wireless hotspots, you should be very cautious, particularly in situations where sensitive data is transmitted, such as account credentials or financial details. This is because a process known as Wi-Fi sniffing can be carried out, and the unencrypted packets of data can be grabbed by anyone within wireless reach of the signal – this is a form of wireless eavesdropping, if you will.
An additional danger is that malicious types can set up their own rogue Wi-Fi network masquerading as a legitimate free Wi-Fi spot, with the attacker being able to steal you and your family’s data.
In short, it is best to avoid using public Wi-Fi completely if possible, but potential workarounds including surfing with a VPN, or tethering to a smartphone, and encrypting the Wi-Fi signal so no unencrypted data gets transmitted. Also, don’t log into financial accounts while away from home.
- Check out our list of the best VPN providers in the market
2. No phishing here
Phishing scams are an attempt to extract sensitive information from an individual via a fraudulent email. Most folks know not to respond to the ‘Nigerian prince’ scam, requesting you to wire them money so you can subsequently inherit millions.
However, phishing scams are getting craftier, and now include authentic details, official logos, and originate from email addresses that seem legitimate at first glance as they include the company’s name in them.
Children using email should be warned never to respond to these emails. Also, banks and the IRS do not ask for your financial information via unsolicited emails. Good practice is for the emails in question to be forwarded to the fraud department of the respective organization which can be easily found via a web search – for Apple it is ‘firstname.lastname@example.org’ for example – and then delete the email.
Finally, if the message includes an attachment, don’t be curious and be sure to never open it, as this will inevitably infect your PC with malicious code, opening your system up to an attack.
A VPN is an excellent tool to keep your privacy online. Rather than your data leaving the home network and going onto the internet all out in the open, instead it goes to a distant server via an encrypted tunnel that creates a high level of privacy.
This is especially useful, as mentioned above, to make using a public Wi-Fi connection more secure. This is also handy on your home connection to ensure privacy, and that includes avoiding any potential snooping from your Internet Service Provider. In the past, ISPs have been called out for tracking users and selling their data (as if they did not make enough money already).
To celebrate National Cyber Security Awareness Month, IPVanish is giving a 69% discount on two year plans throughout October 2018, making its top-tier protection effectively $3.74 (£2.83) per month.
4. Batten down the passwords
Strong security starts with a strong password. You should have a Wi-Fi password of at least 12 characters or longer, with a combination of uppercase letters, lowercase letters, special characters, and numbers. Then apply this same principle to all of your online accounts, so they are safe from ‘brute force attacks’ that randomly try dictionary words.
While the above may sound obvious to more veteran users, research has found the most common passwords are ‘123456’ and ‘password’. Clearly too many folks are taking the lazy route, and the entire family needs to educated on this best practice for creating strong passwords to protect accounts. Another fundamental tip: never reuse the same passwords over different accounts.
5. Take two
While stronger passwords are vital to keep accounts secure, another important point is that you shouldn’t rely on them completely. A complex password may afford protection from a brute force attack, but it can still be obtained if, for example, a hacker breaks into the online database of passwords. This has become such a regular occurrence these days that there are even websites entirely devoted to letting users enter their credentials to check if their account is known to have been hacked.
Rather than relying totally on one password, there is an alternative and better approach known as ‘two factor authentication’ (abbreviated to 2FA). The idea is that two pieces of information are better than one, and to log into the account, you need something that you know – namely the password, which should still be a strong one as per the recommendations above – and also something that you have.
The something that you have – and presumably the hacker won’t – is most commonly a mobile phone, which can be employed for 2FA in several ways. The service you are logging into might text you a special code which you then enter as well as the password. However, this particular method can be vulnerable to being defeated via SIM card cloning (although that’s not exactly common).
The more secure, and therefore preferred option, is an authenticator app, which is installed on the smartphone, and performs the function of a security token, as it provides a number code that is only valid for a brief minute or less.
Another option for 2FA is a physical security key, the so-called USB 2FA.
In short, you should make sure that 2FA is enabled on all accounts that support it, and if you have a choice, use the authenticator app method. Teach the rest of the family how to use 2FA, as well.
6. Look before you leap
No discussion of online privacy would be complete without mentioning those pesky app permissions that pop up when installing a new application. While folks tend to just want to get their app working, they really should make sure that what the app is asking to access makes sense.
For example, it would follow for a reputable photo editing app to need access to your library of images, or else it wouldn’t be of any use. However, when you download that free calculator app, you might start to wonder why such an app would need access to your microphone, GPS or your contacts, as the intended use of the application should not involve any of those smartphone functions.
For those who aren’t careful, going along with such excessive permissions might be a serious threat to privacy, and could lead to you being tracked or eavesdropped upon. Does that seem paranoid? Well, there are already examples of smartphone apps using the device’s microphone to track TV viewing habits.