Online Security and Privacy should be a concern for anyone using online services to store, process, or access their personal information. While there are many reputable and trustworthy online services that can make your life easier, there are also security and privacy concerns that go hand in hand with these services.
Social networking sites such as Facebook, Twitter, and LinkedIn can make it easy to engage your friends and coworkers online, but they can also allow anyone in the world to access sensitive information about your and your family. Your contact information, home address, date of birth, hobbies, interests, and even your location can potentially be accessed by anyone in the world. This type of information can be used to target you and your friends, take over your online accounts, commit identity theft or fraud, or even inform an attacker when you’re not home so they know the opportune time to commit a robbery. Attackers are known to take this information and leverage it for malicious purposes, so it’s up to each individual to use security and privacy best practices to limit their exposure online.
Security and Privacy Best Practices
Verify the identity of every site where you enter sensitive information
- Check the domain name and spelling.
- Check for the closed padlock icon.
- Check for the green https indicator.
Look at the following example of Amazon.com in comparison to a site pretending to be Amazon.com and make sure you can spot all three red flags listed above. The fake site has:
- No closed padlock icon
- No green https indicator; and
- The domain is amazon.hacker.com.
Also note that the domain name may be cleverly disguised. For example, the attacker may own www.Amaz0n.com where the “o” character is replaced by the number zero.
Attackers may also buy a similar domain such as www.secure-amazon.com or www.amazon-s.com which are both completely different from www.amazon.com and may be set up to look as convincing as possible to the real Amazon.com.
Use the privacy and security controls built-in to the sites that you use
YouTube, Gmail, Facebook, and many others have settings that you can turn on to help lock down your security and privacy settings. Some of these sites have security or privacy checkups or wizards that allow you to step through and configure each important setting.
For example, everything on your Facebook page could be publicly available to anyone in the world, but you can lock these settings down so that only your friends or a select group of people can access this information. While it is a best practice to take advantage of these features, you should operate under the assumption that anything you post on these sites could become publicly available regardless of the privacy controls used.
Use strong, unique passwords
Use passwords that are at least 10 characters in length (12+ preferred). Don’t use the same password on multiple websites, i.e., don’t use your Michigan Tech password on non-Michigan Tech sites. Consider using a password manager to keep track of your passwords for you.
Use Multi-Factor Authentication (MFA) whenever possible
Using MFA can prevent your online accounts from being taken over if your password has been lost or stolen.
For example, Gmail allows you to approve your online logins on your smartphone by asking for approval on the Google App or by sending a one-time-pin to your phone via text.
Keep your computer up-to-date
Updates to your computer and software will fix security holes that make your computer vulnerable to attack. Use automatic patching whenever possible to minimize the time your computer is vulnerable. Be sure to update your browsers, plug-ins, and add-ons such as Firefox, Adobe Flash, Java, Silverlight, etc.