Your personal information is not safe.
That’s the conclusion of a study from Javelin Strategy and Research that highlighted the prevalence of cyberattacks in 2016. According to the report, a record high 15.4 million victims lost $16 billion in identity fraud incidents last year.
More than ever before, it’s important that you take action to protect your personal information. Follow these tips to reduce your risk of cyberattack.
Outdated software may expose you to viruses, malware, ransomware and other kinds of attacks. It’s important to keep updating your software as the developers release new versions, especially after a vulnerability is found.
Always upgrade to the most recent version of the operating system on your computer and mobile devices. With Microsoft PCs, enable the autoupdate option in Settings. On Macintosh computers, look for “Check for Updates” under the Help menu in the Finder. (Major Mac operating system updates will also pop up in the App Store.) On your mobile devices, look under Settings to see if an update is available — iOS updates will come directly from Apple, but Android updates might come from your mobile carrier. If your operating system is no longer supported, as is the case with Windows XP, it’s definitely time for an upgrade.
Updating your operating system is only part of the solution. You must be sure to update applications as well, such as your browser on your computer or your social media apps on your mobile devices. Failing to use the most recent version of applications can be dangerous.
You know by now that it’s unwise to set your passwords to simple, easy-to-guess things like “12345678” or “password.” But how advanced is your password, and how long would it take for a computer to discover it? There are several resources on the internet that can gauge the strength of your password, including How Secure Is My Password. (Both “12345678” and “password” would be cracked instantly, according to the site.)
Many experts advise that you choose a password that’s long and contains uppercase letters, lowercase letters, numbers and punctuation. In addition, the password shouldn’t be something with personal significance — if it’s simply your birthplace and zip code, someone can easily discover that information on social media. Check out our infographic for more tips on strengthening your password.
It’s inadvisable to use the same password on multiple websites. If you do this, if one site gets hacked, criminals can then gain access to your accounts on other websites. Also, passwords should be changed frequently. Some experts suggest changing the passwords every three months. That might not be practical, but keeping the same password for too long puts you at risk.
If you’re overwhelmed by passwords, there are several password management applications you can get. Most will work on your computer and mobile device, and will suggest complex passwords when you need them. Some of the most popular password managers are 1Password, Dashlane and LastPass.
Phishing and Attachments
How do you know if that email is really from your bank? Many hackers have taken to phishing — sending emails and establishing websites that look authentic, but are actually fraudulent — to collect personal information and passwords.
Most phishing attacks follow this pattern: First, you receive an email from a financial institution, web service provider or another company asking you to click on a link. Once you click that link, you’re taken to a website that asks you to log in. If you log in, the phishers have your user ID and password.
To detect phishing attacks, be vigilant. If the email looks fake — it has spelling errors or doesn’t look like other emails you’ve received — don’t click on any links. If you are not sure it’s legitimate, skip the link in the email and go to the site directly. If you have clicked on the link, look at the location in the URL bar at the top of the browser window. If you see something suspicious, don’t enter any information on the site. Red flags include URLs that are misspelled, don’t contain the company name or have weird additions. Another warning sign is http, not https, at the beginning of the address.
To test your phishing detection skills, take OpenDNS’s educational phishing quiz.
In addition, be suspicious of any attachments that you might receive in an email. While text attachments (.txt) are safe to open, any other type of attachment — including Microsoft Office files and PDFs — can contain malicious code that might take control of your computer, or log your keystrokes and send everything you type back to a hacker.
If you receive an attachment from someone you don’t know, simply delete the email. If it’s from someone you do know, but seems suspicious or out of character for the sender, contact that person directly to see if they actually sent the attachment and what’s in it. It’s possible that the sender has been hacked, and that their computer is automatically sending harmful attachments to everyone in his or her directory.
And, of course, don’t reply to any Nigerian princes offering to give you millions if you send them money or your bank account number.
You can reduce risks by activating features on your computer or mobile device, and by adding additional security software.
Both macOS and Windows have built-in firewalls, and they are turned on by default. A firewall is an important feature that protects outside parties from accessing your computer, while still allowing you to access the internet. These integrated firewalls should suffice for most users.
Anti-virus software can also help stop hackers from infiltrating your computer. Viruses and malware are spread through various channels, and there are many free applications that can identify and quarantine these kinds of malicious code. As with all software, it’s important to update this software frequently so that you have the latest virus definitions on your computer. PC Magazine’s picks for free antivirus software are Avast Free Antivirus, AVG AntiVirus Free and Panda Free Antivirus.
If you use public Wi-Fi often (like at airports, hotels and coffee shops), consider investing in VPN software. A VPN, or virtual private network, is common in corporate environments, where it’s used to connect workers outside the office with internal networks. A personal VPN works in much the same way, acting as a tunnel that bypasses any possible eavesdropping to connect your computer or mobile device directly to the internet. Some VPNs are free.