25 September 2017

10 online security blunders to avoid

Keep yourself digitally secure with the 10 actionable ideas.

There are few worse faux-pas than having your online identity stolen. According to the Javelin Strategy & Research study, in 2016 there was over 15.4 million Americans who had their identity stolen. It is estimated that nearly half of Americans will have their computer compromised or have been completely hacked every year. You’ve probably received the “emergency I’m in a foreign country and been robbed” emails pop up in your inbox, or maybe you’ve been a victim of ransomware such as WannaCry.

Today, more than ever, it’s important to be aware of your online security and take steps to protect yourself.

1. Overconfidence in your system

Mac is marketed as being virus-proof. And PC comes with anti-virus software pre-installed and enabled. Yet that doesn’t make your system invincible and in fact, can lead to a false sense of security. While it will help it won’t protect you from everything. It is important to practice common sense when opening emails and when browsing the web.

2. Having out of date software and apps

Apple is notorious for sending you reminders if you don’t update their software and they have good reason to. Out of date software and apps are more vulnerable to attacks than those that are up-to-date. While there is the occasional instance that breaks this rule, generally manufacturers release updates to protect you against vulnerabilitiesthat they discover.

Is your anti-virus software out of date? That, just like other software and apps should be updated regularly as well. If your anti-virus company has the option to allow auto-updates and automatic scans of your system that is one less thing for you to think about.

3. Change all of your passwords on a regular basis, and frequently.

Yes, it’s a pain. And then you have to remember what the dickens you made the new password. But the good news is you don’t have to do them all at the same time.

If it’s easier to have a reminder on your calendar and do them spread out, do it. Social media accounts could be one month, and emails accounts and your website the month after. The longer and more random the password, the harder for a hacker to gain access. Yet don’t skimp and rigorously change your password every 6 months by adding a few numbers to the end. This won’t help your security and may, in fact, hurt it.

Hot tip:

If you have problems remembering your password or have trouble coming up with new passwords that are secure, there are many companies that offer products to help you securely check and store. Check to make sure they themselves haven’t had security breaches though. We recommend Codebook and Dashlane

4. Using a common password.

Did you know the top 5 common passwords in 2017 are

  • 123456
  • 123456789
  • Qwerty
  • 12345678
  • 111111

Are they easy to remember, yes? Are they easy to guess, yes! The best types of passwords have a combination of capital and lower case letters, numbers and special characters, such as exclamation (!) or percentage (%).

Hot tip:

While using a password that is 6 characters is the standard minimum, the longer you can make the password the more secure you’ll be. Security experts recommend at least 12 characters.

5. If you’re using cloud services make sure they are secure too

Is your iCloud password 123456? Is the answer to your security question something that can easily be gathered from public information on your social media accounts? While it might be the easiest to have your security question be “favorite pet” and the answer “Buddy” it’s more secure if you use a nickname of the pet or incorporate numbers in please of letters.

6. Using the same username and password across many accounts.

While having different passwords and usernames across your various accounts is a pain it is also more secure. Your username can also be as simple as FirstName001 for one account and LastName002 for another. It’s important that you don’t repeat the information; if one account is compromised it is easy for them to gain access to all of the others that feature the same information.

7. Trusting an email address because it looks right.

Recently we have been seeing a few phishing emails that look as though they come from Itunes or Amazon. While they have almost entirely gotten the correct format and design there are a few things thay haven’t been able to fake (yet).

The first is that they don’t include your billing or mailing address, sometimes they don’t even include your name. They may have your full name, email address, yet your billing address is no where to be seen.

The second is that while their email may appear as though it is from, for example, when you click to view who it is really from you get a long jumbled email with a mix of letters and numbers numbers. In the example below you will note the email is not from & there is no name provider no billing address. All point to a phishing scam.

8. Not changing passwords when an employee or volunteer leaves.

While this may mess up your scheduled ‘change password’ calendar it’s important that if an employee or volunteer leaves, even if it was amicable, you should change all of the passwords they had access to.

It is also important to note that not everyone in your organization needs to have “administrator” access to the backend. It’s worth spending a few minutes to work through the authorized users but determine what level of permissions they need.

9. Not having backups of your system and files.

Your website houses photos, events, contacts, and information about you and your company. But if the worse happens and it’s hacked or disabled are you prepared to start from scratch? With a little preventive planning and monthly backups even if the worse happens you won’t have to start at the beginning again. Sure you may lose some information but you’ll still have the majority.

10. Not using websites that are https.

If you’re anything like us you often switch between Chrome, Firefox, and IE. Sometimes the URL is saved and easily comes up, other times you have to type it fully out. You may think you’re on the right site when you make your purchase but if you haven’t double checked you may be on a fake site. Always double check that it says https: before the URL

Hot Tip:

As of October 2017, Google Chrome browser has been rolling out extra warnings for those sites that do not have an SSL certificate. Those who have https, will display a lock icon with “Secure” written in green next to it.


Other articles you may be interested in:

Elyssa Respaut

Elyssa works as an occasional writer when not otherwise managing projects.