How to Have a Safe Cyber Summer
Originally posted on Fortinet Blog
Summer means vacations and down time. People are booking hotels, arranging travel or settling in at the beach with the digital version of a summer novel. For many families, the kids are home from school and permanently wired in to an array of connected devices. So, along with the sunscreen and bug spray, you need to take precautions to ensure you and your family are cybersafe this season as well.
That’s because cyber criminals want your money, your financial information, and your identity. If they can’t steal your money directly, they will steal your other information and sell it on the dark web. And they are really, really good at this. It’s why the global cost of cybercrime reached over $600 billion last year.
Here are seven things to remember to help keep you and your family safe while vacationing online this summer:
1. Practice safe wi-fi
As you travel to visit family or hit the beaches you will want to stay connected. Which means you will be logging into public wi-fi access points. While many of these are perfectly safe, that’s not always the case. People looking to steal your data have a number of tricks up their sleeves. They can connect to a public access point and then broadcast themselves as that access point. Which means you connect to them, they connect you to the Internet, but they can intercept all data between you and your online shopping site, bank, home security system, or wherever ese you browse to.
If you will be traveling internationally, you may also want to turn off wi-fi when entering a new country. We have seen incidents where travelers arriving at the airport connect to fake wi-fis and are hit with a man-in-the-middle attack. So it’s a good practice to turn wi-fi off until you can verify the SSID of a legit establishment with wi-fi. The same goes for Bluetooth—only turn it on when you need it when traveling.
For those backyard BBQs or gatherings of the neighborhood kids for a video game marathon, setup your home wi-fi with a separate network for guests. They can still browse the Internet while keeping them separate from your internal home network. They will also automatically reconnect to that guest portal the next time they are in the vicinity of your router.
Many smart devices also automatically search for known connection points, like your home wi-fi. New attacks can sense this, and simply ask you device what SSID they are looking for. When your phone tells them it is looking for your ‘home’ router, it replies with, ‘you’re in luck! I’m your home router.’ And your phone, not being nearly as smart as it thinks it is, goes ahead and connects.
The tricky part is that you can’t always tell a good access point from a bad one – which is exactly the point for cybercriminals. So there are a few things you can do. The first is simply ask an establishment for the name of their wi-fi SSID before you connect. You should also consider installing VPN software on your device so you can make a secure, encrypted connection to a known service. There are a number of low cost/no cost services that will ensure that your connections are always protected.
2. Upgrade your passwords
One of the biggest mistakes people make is using the exact same password on all their online accounts. Of course, we tend to use a LOT of different websites, so remembering a unique password for each site may be impossible to keep track of.
There are two approaches. The first is to use a password vault that stores the username and password for each account, so all you have to remember is the single password for that application and it takes care of the rest. The other is to create a tier of applications and then create more complex passwords remember for each group. One set for sites like social media, another for places you pay your bills, and another for your bank.
Creating strong passwords you can remember isn’t as hard as it seems. For example, use the first letters of a sentence or song lyric that you are familiar with, add some capitalization and replace some of the letters with numbers or special characters and you’ve got a pretty secure password. Just set a reminder on your calendar to change those passwords every few weeks.
Many online social sites also now support two-factor authentication. It’s an extra step in the login process as you have to enter a password and then validate that login using some other form of authentication, such as entering a code sent to your mobile device. But it significantly increases the security of your account and data.
3. Recognize scams in email and on the web
Don’t click on links in advertisements sent to your email or posted on web sites unless you check them first. As tempting as it might be, never open an email or click on an attachment from someone you don’t know – especially when it includes an enticing subject line, such as a cash reward or a bill for something you didn’t purchase (no matter how much you might want to see that receipt for the diamond ring you don’t remember buying.) And take a minute to look at those emails from people you know as well. Compromised accounts are regularly used to send malware to individuals in their contact list because recipients are far more likely to open those emails and attachments. So if an email message from someone you know seems strange or out of character, check with them first before you open it.
For websites, does the website look professional? Are the links accurate and fast? Are there lots of popups? Is there bad grammar, unclear descriptions, or misspelled words? If you hover your mouse over a link you should be able to see the real URL. Does it replace letters with numbers, such as amaz0n.com, or is it unusually long? If so, don’t click on it. It’s a phishing attack, and all you are going to get is a stolen identity. These are all bad signs.
4. Protect yourself from viruses and malware
Install reputable and well-reviewed anti-malware software, keep it updated, and run it regularly. And because no software is 100% effective, set up a schedule where you load and run a second or third security solution to scan your device or network. (Many solutions provide a free online version or let you run a free demo for a brief period of time.)
For more advanced users using a laptop or desktop, also consider maintaining a clean virtual machine on your device that you can switch to for your more security-sensitive browsing or to perform online transactions where security is paramount.
5. Keep your devices updated
One of the most successful attack vectors hackers use is targeting vulnerabilities that are already well known, but which are not being protected against. The developers of your devices, as well as the apps you run on them, all issue regular security updates designed to protect you from known threats. Download and run these updates as soon as they become available.
6. Control your social media
Many times, hackers will use information about you to make it more likely that you will click on a link. And the most common place for them to get that personal information is social media sites. The easiest way to prevent that is to simply set up strict privacy controls that only allow pre-selected people to see your page.
When traveling, limit your vacation messages on social sites. While it can be fun to tell everyone where you are going or what you are doing, that information also lets folks know that you are gone, which can put your home at risk of robbery.
For those with a more open social media profile, remember that cybercriminals often set up fake pages or accounts and then request that you add them as a friend. There are two quick things you can do to protect yourself from criminals using fake credentials hoping to steal data or trick you into linking to an infected site:
First, always look at the home page of the person making the request. If you don’t know them, and anything on their site seems odd, dismiss their request. And second, if the person making the request is someone you know, check to see if he or she is already a friend of yours. If so, there’s a significant possibility that their account has been hijacked or duplicated.
7. Educate your family and friends
Be a good net neighbor and share this information with your kids, your partner, your parents and siblings, and your friends. That’s because not only do you not want bad things to happen to them, but because they are also connected to you and you trust them. So if they get compromised, the chance that their information can be used to trick you into doing something you shouldn’t, like clicking on an link or downloading an infected file, is much higher.
We live in a digital world, and cybercrime is part of it. We lock our cars, deadbolt our doors, look both ways before crossing the street, and avoid dark alleyways. We need to develop the same cautions as we navigate our digital environment. You and your kids all may be safe inside your home or hotel room, but just as with the physical world, you are never 100% safe online. Risk comes with the territory. But if we all just exercise a bit more caution, impose just a little more scrutiny on the tools and applications we use, and develop just a little more online common sense, the digital world we live in would quickly become a whole lot safer.