Advertisement

  1. ITV Report

10 things you can do to protect yourself online

Cyber experts have warned that hacks, such as the one on the telecoms firm TalkTalk, are inevitable and as a result businesses must work harder at protecting the data they have.

TalkTalk says a 'material number of their four million customers have been affected by a data breach. Credit: PA

Michala Hart, the head of channel strategy at cloud computing firm Exponential-e, says no individual or business is ever completely safe online. "Once again, this latest attack shows that it's not a matter of if you'll be hacked but when", she says.

But while online security breaches might be all too common, you can take some steps to protect their accounts.

Here are 10 things people can do to protect their online identity:

  • Keep passwords safe

Experts say that your password should be treated with the same care as your front door keys: you wouldn't give your keys to a stranger and you wouldn't leave your front door wide open. Sticking a password on your monitor is tantamount to doing just that.

If you have to write passwords down to remember them, encrypt them in a way familiar to only you or write down a clue to remind you.

An alternative to writing it down is to use an online password manager. There are many online, such as 1password, LastPass and KeePass, but ensure the one you choose is secure and reputable.

Two thirds of people surveyed are vulnerable to hacking by using the same password for multiple accounts. Credit: PA
  • Create strong, unique passwords

The advice is always to use complex, unique passwords but a survey by Telesign of 2,000 people in the US and UK showed that two thirds of people use the same password for all accounts. This means that if hackers break one account, they will have access to everything.

Nearly half of those surveyed hadn't changed their passwords for over five years. Experts advise never to reuse old passwords or recycle them (password1, password2 etc.)

123456
The most popular 'worst password' used last year. Also in the top five were 'qwerty' and 'password'

Cyber experts advise to create unique, long passwords of eight characters or more using upper and lower case letters, numbers and symbols and change them regularly.

People should avoid using easily identifiable information, such as names and birthdays. The more complex the password the better, so made-up phrases using punctuation and numbers for letters could help you remember them - such as '!d0g5lykD3n7i5t5!' for 'Dogs like Dentists'.

2 years
How long it can take a hacker to crack a complex 8-character password, says expert George Shaffer
Hackers use face webpages to harvest data. Credit: PA
  • Check URLs

An easy way for hackers is to harvest usernames and passwords using fake webpages designed to look like ones you use, such as your bank or Facebook.

When you click a link you should always check the URL is the one you would expect before you enter any personal details. A secure way to open sites is using https:// at the beginning of the web address, which encrypts your data. If a green padlock is next to the address, the website is secure.

  • Protect your devices and wipe your data

Devices hold all the personal information that would be useful for hackers so people should physically protect their devices with passcodes and keep them safely locked away.

And when upgrading to a new mobile phone, personal data should be wiped before it is thrown away or recycled.

When upgrading to a new phone, remember to wipe data off your old device. Credit: PA

Disposing of mobile devices such as smartphones and tablets are happening as often as every 18 months. Unfortunately, too many people simply dispose of their mobile devices with little thought on just how much personal data their devices have accumulated. Remember to wipe your device with factory reset and bear in mind that SIMs & External Cards store details as well. Either use the old SIM on the new device or physically shred or destroy it to prevent someone else from getting your personal data.

– Nadia Ismail, at Risk Factory
  • Beware of phishing websites and downloading malicious software

Clicking on unknown links may lead to 'phishing' sites (that harvest usernames and passwords) or download viruses or malware (malicious software) onto devices that make them vulnerable to hacking.

Downloading attachments provides an open door for hackers so people should consider whether attachments can be trusted, even if they are sent from a friend - their email account could be compromised.

Phishing sites harvest usernames and passwords. Credit: PA

All our personal data, such as credit card details, date of birth and name and address has a value on the black hacker market and can be sold for a great deal of money – so hackers will continuously target suppliers and find the weakest link into their network to get at this information.

They could do this in a number of ways through phishing or vishing [voice phishing, using the phone], DDOS [distributed denial-of-service attacks], man in the middle attacks, malware, social engineering, malicious insiders or through spreading viruses. Whichever way they get to your information through a supplier it’s up to each and every one of us to take our own security seriously and certainly not wholly rely on your supplier.

– Yvonne Eskenzi, organiser of Security Serious Week
  • Use antivirus software and firewalls

Protection software and firewalls are essential as thousands of new viruses are detected every year. Most antivirus software automatically downloads updates on existing viruses and updates on new threats.

Choose a reputable programme to scan emails, monitor files, scan your computer and protect you from dangerous downloads.

Hackers can use fake public WiFi to jump onto devices. Credit: PA
  • Beware of public WiFi

Hackers can use unsecured public wifi zones to target people using mobile devices. They can also set up a fake network to harvest information.

When in a public place, ask an employee for the username and password of their wifi and wherever possible use well-known providers such as BT OpenZone or T-Mobile.

Once you have finished browsing on a WiFi, log off all services you were using and then ask the device to forget the network so it doesn’t automatically join next time you’re in range.

To be extra secure, it is not recommended to send or receive private information using public WiFi.

  • Beware of dodgy 'free' apps

Apps can be another method for hackers to download spyware onto devices. Always check the permissions on the apps before installing them to make sure they are not storing unnecessary personal information. For example, a game app should not have access to your contacts list or your network info.

Access Trojans (ATs) are usually downloaded invisibly within a programme and perform actions similar to legitimate software. Regularly update apps as they tend to patch security problems.

Be vigilant when using devices in public places. Credit: PA
  • Be vigilant

The easiest way to steal someone's identity is to dupe that person into freely handing the information over. Just because somebody calls or emails and appears to have some information about you doesn't mean they can be trusted.

No bank or business should ever ask for a pin or password and passwords should not be sent by email, ever. Monitor your bank and report any suspicious activity immediately.

Equally, when using tablets and laptops in public areas, be aware of people around you and avoid sharing personal details on the telephone in public places.

  • Take security seriously

Many banks and other businesses are using 'two-factor authentication' to phase out single passwords altogether so consider favouring those that take your data as seriously as you do.

As Professor Peter Sommer, visiting lecturer at de Montfort University in information system security, says: "Check the web news archives to see whether a company has been hacked in the past - and how it responded. TalkTalk has an unfortunately long history of recent problems."

Sources:

More on this story