Top 5 tips from cybersecurity experts on staying safe online
Following the much-publicised hack of pro-infidelity website Ashley Madison, or the cyber attack on the US Office of Personnel Management, or the Hacking Team saga, or a multitude of previous hack attacks and warnings from experts, you may be wondering how to stay safe(r) online.
Researchers at Google recently spoke to more than 200 cybersecurity experts, and 300 "non-experts", to find out how the two groups' online behaviour differed and what lessons about safety on the web could be learned.
Update your computer and software
“Update all the software and firmware to fix any possible vulnerability.” “Patch, patch, patch.” After attackers broke into cybersecurity firm Hacking Team's servers and dumped the company's data online, including several zero-day exploits (those unknown to software makers and therefore the easiest for hackers to take advantage of), Adobe and others quickly released patches for them. However, as security experts explained at the time, many users will not download the update, meaning they are still exposed to the exploit.
Google found that this was the biggest difference between experts and normal internet users, with 35 per cent of the former group always installing updates, compared to only 2 per cent of the latter.
'Password' is not a password
While non-experts tend to focus on the perceived strength of a password, with 30 per cent citing that as a top three tip compared to just 18 per cent of experts, using unique passwords for different apps and services is probably more important. People who pick what they believe are strong passwords (jumbles of letters and numbers, in both upper and lowercase) may be more likely to reuse that password across multiple accounts, meaning if one is compromised (say by a hack of the servers, as befell Ashley Madison, or Adobe, or Sony, or any number of companies), all of the others are too.
Use a password manager
Remembering different passwords for six dozen different services is an impossible feat, and may lead to insecure behaviour like writing them all down on a file that could be leaked (as an engineer at Hacking Team reportedly did). Using a password manager like LastPass, 1Password or Keepass is the secure, safe(r) way of doing that. "Password managers change the whole calculus, because they make it possible to have strong and unique passwords," one security expert told the Google researchers. Of course, password managers present their own potential risks, LastPass suffered a security breach in June, and while no customer passwords were leaked, the attractiveness of such services as targets for hacking is obvious.
Enable two-factor authentication
Two-factor authentication is becoming increasingly common, with most popular apps – Facebook, Google, Twitter, etc – offering it and even encouraging users to turn it on. 2FA works by adding a second layer of security in addition to a password, meaning for example that you may have to generate a code using an app on your phone in order to login to your email service. More than 80 per cent of the experts in the Google study said they used 2FA on all their accounts.
Avoid insecure websites and dodgy emails
Security experts encouraged people to avoid clicking on links in emails from people they didn't know, and to be wary of visiting unknown websites, particularly if they request personal data. When users do visit an unknown site, as everyone does at times, the experts said to look out for the secure connection protocol HTTPS (which is indicated in the browser's URL bar) before entering any information, especially payment services. Using HTTPS was the third most mentioned security practice among experts.