Four tips to stay safe online

By John Stream, SwitchThink Solutions Chief Information Security Officer

Cybercriminals are targeting us every day in our work and personal lives. Attackers use various tactics, exploiting weak passwords to gain access to personal and business accounts. They leverage stolen passwords from one source to breach multiple systems, potentially leading to severe consequences such as unauthorized network access and even ransomware deployment. Thankfully, there are cybersecurity strategies we can all practice to stay safe online and prevent ourselves from falling victim to these types of attacks.

Want to stay safe online? Start by doing these four things.

1.    Have good home network security. Securing your home network is often the easiest place to start ensuring your online identities stay safe. First, select a good Wi-Fi password or passphrase for your home network. This ensures that every device on the network has been authorized. Next, configure all devices to automatically apply updates. This includes the obvious, like PCs, routers and cell phones. However, the numerous other Internet of Things (IoT) devices on one's home network can be targeted, including streaming devices, video game consoles, webcams and even smart refrigerators. Lastly, practice safe web browsing to help ensure a safe home network. 

Additional tip: Avoid installing free software or clicking on pop-up messages or other banners — especially those claiming your computer is infected. Often, the free software downloads are infected with questionable scripts that at best can render your computer extremely slow, and at worst contain remote access tools or a keylogger - software that records your every keystroke. 

2.    Keep up with prudent password practices. Access to your valuable information and finances is protected by a simple, yet crucial measure: the password. Safe passwords are broken into three basic parts:

•    Creating a strong password
•    Not reusing a password
•    Not sharing a password with others

The longer the password, the stronger it is, especially those that are twelve or more characters. Also, creating unique passwords for each site makes it more difficult for an attacker to jump from one website to another using your password.

Passphrases are another great tool for creating secure passwords. Often, passphrases consist of three or more random words separated by a mix of spaces, symbols and numbers because they are easy to remember, easy to type and extremely difficult to guess. Online passphrase generators can be a useful resource, or you can look around your house and play eye-spy with three random objects. For example, Mixer.Coffee.Kitty2 is long, random and has plenty of complexity.

3.    Use Multi-Factor Authentication. Sometimes, when logging into secure websites, like that of a health care provider or banking institution, users are often required to enter a 6- or 8-digit random PIN code sent to their email or cell phone. This PIN code prevents an attacker from gaining access to sensitive information with a single password. This code ensures that there is an additional piece of information required to which only the user should have access. This additional piece of information is called Multi-Factor Authentication. Multi- or Two-Factor Authentication (MFA or 2FA) is an additional layer of protection that requires two of the following:  Something you know, something you have or something you are.

•    Something you know is your password.
•    Something you have is the 6-digit code.
•    Something you are, such as your face ID or fingerprint.

Instead of choosing to send MFA codes to an email address, it is highly recommended to use SMS or third-party apps, like DUO Mobile or Google Authenticator to receive or generate these random codes. If attackers gain access to an email account using a stale password, the extra layer of protection that MFA offers is rendered useless. 

4.    Learn to spot suspicious messages. Phishing attacks have become quite common. Attackers will send text messages, emails or direct messages on social media to convince users to give up their password. These messages often:

•    Come from a familiar sender.
•    Contain a link to an imposter website.
•    Will attempt to cause fear or alarm.

A common example of one of these messages could say, “Someone in Indiana has requested to be linked to your checking account.” or “You made an attempt to change your debit card PIN.” 

If you suspect you’re being phished, check if the message came from a known source. If the sender is unknown or looks suspicious, these messages can almost certainly be regarded as a scam. However, it is easy for attackers to change the name on their email account to resemble that of an authentic company or institution. The next step is to check the email address or phone number. An email address that doesn’t include the same ending as a company’s website address is a red flag.

Scam messages often warn users of a problem as well as offer a quick and easy solution, typically in the form of a website or tool linked within the message. But by following the advice of these messages or clicking any accompanying links, users may be walking right into an attacker’s trap. Sometimes, these links lead to copycat websites intended to look authentic, enticing users to enter their usernames and passwords. Once attackers have this information, they begin to determine how to do the most harm. 

The best course of action with a suspicious message is to ignore it and instead reach out directly to the company in question. Speaking with customer service can quickly verify the authenticity of any messages in one’s account. To learn more about these phishing scams, check out our other article on scams to avoid this year.

Stay vigilant!

In a world where cybercriminals target us daily, safeguarding our online identities is paramount. Attackers exploit weak passwords to access vital information and can even breach company networks, leading to disastrous consequences. To stay safe, remember the following measures:

•    Secure your home network: Strengthen your Wi-Fi password, update devices regularly and practice safe browsing to protect your home network from potential threats.
•    Adopt strong password practices: Create unique, lengthy passwords for each site, consider using passphrases and never share your passwords.
•    Implement Multi-Factor Authentication (MFA): Use MFA to add an extra layer of protection by requiring something you know, have or are to create secure logins.
•    Recognize suspicious messages: Beware of phishing attacks through emails or messages and verify sender details and URLs before taking any action.

By incorporating these cybersecurity best practices, you can strengthen your online defenses and prevent falling victim to cyberattacks.