Tips to Internet security basics for home and small business users

With the prevalence of social media use, online banking and other online uses of personal or financial information, online security is more important than ever.

But a survey by security website Security Baron suggests many Coloradans don’t follow best practices widely recommended by security experts, including multi-factor authentication and password vaults. According to the survey, Coloradans scored an average 31 percent on the test.

Scott Warner, vice president of sales at Connecting Point Greeley, 2401 17th St., spoke with The Tribune about a few internet security basics:

1. Creating a secure password

Warner said the biggest threat for individual users is having their personal accounts hacked because of weak passwords. With all that’s required for most passwords, like lower- and uppercase letters, numerals and special characters, in varying ranges and not repeating prior passwords — not to mention, in some cases, changing your password every 90 days — keeping track of strong passwords can be daunting.

Warner recommended home and small business users invest in a password management tool, which can automatically generate secure passwords users don’t have to remember or write down. When required to log into a website, password management tools can automatically fill in the username and password. Warner recommended LastPass, which is available to individual users for free. Premium, family, team and enterprise options are also available for small fees, from about $36-72 a user annually.

LastPass reported in November 2017 the average employee using the service is managing 191 passwords. Keeping that many accounts secure manually isn’t practical.

2. Safe browsing

According to Cisco’s Visual Networking Index, 94 percent of the North American population will average 261 gigabytes of internet traffic per month by 2022. With so much activity, there’s plenty of unfamiliar territory to traverse on the internet, but some websites could contain malicious data that could compromise your security.

If a link seems suspicious, Warner simply recommended hovering over the link to see the URL. A link that shows up in your inbox as “YourBank.Web” could take you instead to “GiveHackersYourPassword.Web”, but if the attempt isn’t very sophisticated, a simple wave of the mouse will tell you its true destination.

For a safety net, Warner recommended a paid DNS (Domain Name Server) scanning tool, like Cisco Umbrella. If you go to a website with malicious data, the a DNS scanning tool can block that site before it loads.

HTTPS, which literally stands for Hyper Text Transfer Protocol “Secure,” has become a standard for secure websites, rather than HTTP, Hyper Text Transfer Protocol. HTTPS is usually shown at the start of a web address (without having to type it into the address bar) and indicated by a small padlock icon. Warner pointed out harmful data can still find its way onto HTTPS sites.

From a business standpoint, Warner said it’s important to check your firewalls for HTTPS compatibility. A firewall needs to have deep packet inspect to be able to verify the safety of data from HTTPS websites, he explained.

3. Secure email use

A primary email address, where password reset links are typically sent, are big targets for hackers to get users to reveal personal information. This is commonly done through phishing, where a hacker makes an email look like you’re sending information like a password or credit card number to a reputable company, when you’re really sending that information directly to the hacker. The first step in defending against phishers is a good email filter, Warner said.

Many email providers, particularly from the larger search engines, integrate email filters, so everyday users don’t have to find a new email filter. If you find yourself as the target of a lot of phishing attempts, it might be time to try a new email provider.

The other way to prevent phishing is to enable multi-factor authentication, Warner said. Offered on most major services, multi-factor authentication asks for verification from an email or phone in addition to a username or password.

Email attachments are another vulnerability for many users. Warner said the rule of thumb is: “If you don’t know what it is, don’t open it.”

Particularly .zip and .rar files can contain malicious data, but .pdf files are usually trustworthy. If you’re unsure what’s in the attachment, Warner recommended simply asking the sender.

4. Keep your systems up to date

All these tools, whether they’re for password management or DNS scanning, could become worthless if they aren’t updated. Hackers are always working to find new security vulnerabilities, and a firewall can’t do anything to fix those vulnerabilities if it isn’t up to date.

Most importantly, the operating system itself needs updates to function with other software as it gets updated. On Jan. 14, 2020, Microsoft will stop updating Windows 7, Warner pointed out, so small businesses on a tight budget need to prepare to switch to new systems if they haven’t already.

Source: The Tribune