In 2009, Scott McGready stumbled on a massive phishing swindle targeting his company’s email server.
Thousands of emails bombarded the company in a short period of time. They all came from the same source, pretending to be someone or something they weren’tin order to enticement people into clicking on shady connects and giving up their personal data.
“While analyse it, I stumbled upon the phisher’s database which had[ the] personal data of thousands of people, ” McGready says. “I was astonished how little effort was required on the fraudster’s proportion to acquire such a trove of information.”
This discovery triggered McGready’s interest in information security and teaching others how to protect themselves from scam. Since then, this journey has taken him from the U.K.’s National Trading Standards department to the documentary series “Secrets of the Scammers” to his own company and beyond.
Here are merely a few lessons from McGready and some other IT professionals about securing your personal data:
1. Know there is a LOT of data about you online.
“Having data readily available online means that things like phishing emails can be automatically tailored to targets without much effort, ” McGready says.
But what does “data” really mean in this case? Um. Er. Fairly much everything. Even if we don’t realise it . Something as simple as your basic browsing habits and location history can actually discloses a lot about you. Even if your name’s not attached to it, a savvy social hacker could still figure something out.
2. Be aware that your friends may uncover info about you even if you’re not on social media.
“We tend to share every detail of our lives on social media because we was obliged by peer pressure whether that be adding your birthday to your Facebook profile because the website keeps asking for it, ” McGready tells. But it’s worse when your friend tags you in that photo from high school with your school mascot in the background and oops . There runs another security question.
3. Pay attention so y ou can mitigate the risks( though probably not entirely avoid them ).
McGready recommends maintaining your social media profiles as private as possible and asking your friends and family to do the same. “Even those that intentionally aren’t on social media may be easily findable by their friends or household that share the ‘dinner table selfie.'”
4. It’s better to be proactive than wait until you’re compromised.
“We hear about data leaks almost every week, it seems, ” McGready tells. “The general public are no longer asking ‘if’ their data is compromised, but instead ‘when.'”
This might voice scary. But it’s also a good reminder to remain sharp .
5. Check the Facebook apps and third-party services that might have access to your account.
“It’s worth checking what data you share with specific companies and merely devoting out the bare minimum in case of a data violate in the future, ” McGready explains.
For example: Does Bejeweled Blitz truly need permission to access everything you’ve ever put one across Facebook, to post on your behalf, and to spam your friends and family? It’s not just annoying it puts you at risk if that datum leaks .
6. Take some time to get rid of those old accounts.
A clever hacker might still be able to figure out something through your iwasdefinitelyacool1 5yearold @aol. com email address. “Many of us, myself included, also have a large number of ‘dormant accounts’ on websites that we no longer utilize, ” McGready tells. “I’d fully recommend logging into these accounts and changing all the profile info before deleting the account.”
7. Don’t feel bad if it happens to you. Even IT professionals fall for it!
Georgia Bullen, technology projects director for New America’s Open Technology Institute, recounts how she was hacked:
“My password wasn’t secure enough and so someone had built a programme designed that was logging into not-secure-enough accounts and then spamming.”
What she felt at the time is all too familiar for anyone who’s been hacked: “Embarrassed, confused, and then really worried that someone else was going to click on something from me.”
8. B e smart, pay attention, and know what you’re get into with any website or service you sign up for .
This bears repeating because a little awareness can make a big difference.
9. Have a solid P @$$ w0rds plan.
Passwords are the Achilles’ heel of the modern world but there’s a trick.
“It’s wholly possible[ for hackers] to take one password, consider where you’ve re-used it, and then get access to those accounts as well. And that’s where “the worlds biggest” threat happens, ” explains Harlo Holmes from the Freedom of the Press Foundation.
That’s why, in general, passwords should be different for every website or service employed, and consist of three random terms, interspersed with special characters ; a DiceWare password like “correct horse battery staple” is a good place to start.
Password managers can help out by creating unique passwords for you. Which leads to…
10. Use a password director.
Password administrators can generate strong, random passwords for you. And they keep track of all of your different passwords so you don’t need to memorize them yourself.
All you need to do is recollect one super-secure master password in order to unlock every other possible password combination. That way, says Bullen, you can’t even construct the mistake of verbally giving your password away because you genuinely don’t know it yourself!( Unless it’s your master password, in which case, ya know, don’t do that .)
11. Set up two-factor authentication( 2FA) for added security.
Safety is good, but a back-up plan is even better. 2FA sends a code to a device on your person simply to make sure that the person logging in is actually you . Even if your password does get compromised, the hacker probably doesn’t have access to your smartphone, too.( Probably .)
Mozilla’s Amira Dhalla explains how it works 😛 TAGEND
12. Consider utilizing a separate email address with a separate strong password for important accounts like banking .
That way, even if you do use the same password elsewhere, hackers will have a harder hour get in to your important accounts.( Make sure this secondary email account has two-factor authentication, too !)
13. Be sure to hover over connections before you click them.
“Links may seem legitimate, but upon hover, they actually redirect to a completely different place, ” McGready says.( Don’t believe me? Insure what happens when you click on www.upworthy.com/ definitely-not-an-upworthy-page .)
14. Always double-check the URL in the address bar.( But even that’s not always safe .)
Ever notice that green padlock in your browser bar? It’s a good sign! … except when it’s not. As McGready explains, “While it’s true that this means your data is encrypted between your computer and the website itself, it doesn’t legitimize the website.”
15. Procure your router.
It may seem harmless to use the default password for your router, but that can actually leave you vulnerable to hackers( there are even websites that can be used to find out different routers’ default settings ). And person accessing your router can access pretty much your entire home network. So it’s worth taking that small extra step of setting up a strong user name and password.
16. Be wary: These days, the internet is in everything from lightbulbs to baby diapers. Which is super cool! And bad.
McGready sees “the internet of things, ” or IoT, as the biggest online threat on the horizon . Even if you have worried about Amazon spying on you, you probably didn’t consider who else could be spying on you through a vulnerable Wi-Fi or Bluetooth system built into your smart home. “The issue goes when these wireless chips are integrated by default on all products, whether the customer wants them or not, ” McGready explains.
17. Exercise a little extra caution.
It all boils down to the fact that humans are too trusting.
We trust that our friends aren’t going to uncover our address over Twitter. We trust that some disgruntled Angry Birds employee won’t hijack our connected Facebook page because we didn’t pay attention to permissions. We trust the green padlock in the browser bar that maintains our credit cards secure, even if the website taking that info wants to use it for a shady purpose.
Simply put, we trust that the internet is largely good and that people are, too .
But it doesn’t hurt to double-check. For more on how to stay safe on the internet, check out these videos from Mozilla.
It’s hard to solve a problem you can’t assure which is why McGready is so passionate about teaching online safety.
“Show the public exactly what is possible and what they should be watching out for, ” McGready tells. “It’s one thing to tell person that a scammer can send a text which appears to be from a legitimate company or a known person; it’s another thing wholly to send a text to that person’s telephone which comes from ‘Mum.'”
There’s no “one weird trick” to protect us from the dangers of technology. But we can do our due diligence as long as we know where to start .
Make sure to visit: CapGeneration.com