Industry Insights


The Eight Vital Strategies for Online Security

The Eight Vital Strategies for Online Security

Online threats began with the internet, and have multiplied every year since. In recent years, those threats have become more dangerous and damaging, so protecting online activity with robust security is vital. Individuals can do many things to make their digital world as safe as possible, whether they use desktops, laptops, tablets, smartphones, or other devices. Here are the most important steps.

1.    Always use the most up-to-date software version

Many computer users think manufacturers issue software updates mainly to add new subscription-based features to software - in other words, to make money. Sometimes that's the reason, but much more often it is to eliminate recently discovered security vulnerabilities.

The last few years should teach computer users some salutary lessons. On at least half a dozen occasions, criminal hackers locked millions of users worldwide out of their computers and demanded a ransom to unlock them. Those "ransomware" attacks would not have happened if the computer users had followed the most basic rule of online security: always keep software up to date. Some of the targeted systems were using Windows operating systems that Microsoft no longer supported.

What makes these episodes harder to understand is that many of the vulnerable computers belonged to large organizations like national health services, hospitals, and multinational corporations. Whether it was due to IT department carelessness or finance department penny pinching, these debacles were expensive, inexcusable, and entirely avoidable.

2.    Use anti-malware software from reputable sources

Cheap anti-malware software abounds on the internet. Some do a good job, but many do not. The safest route for users is to pick a well-established, well-proven brand. If in doubt, read online reviews of other users and industry experts.

3.    Change passwords regularly

In recent years, hackers stole user passwords and other personal data from numerous large companies including Yahoo, the US Justice Department, Snapchat, Verizon, FACC, LinkedIn, Oracle, Dropbox, The National Payment Corporation of India and dozens more. Most hackers are highly skilled and clever and cover their tracks very well. That means the thefts are often not discovered for days, or even weeks, easily long enough for the criminals to exploit the stolen passwords.

Email Password vulnerability

Most people's email account password is of particular importance because it is through the email account that they receive resetting instructions for all, or most, of their other account passwords. If a user forgets, for example, their LinkedIn password, LinkedIn will send the resetting instructions to them by email. So if hackers have access to the user's email account, they can, in theory, reset all the user's other passwords, and so gain access to their other accounts.

People who regularly change their passwords limit their exposure to such hackers. The problem with passwords, however, is that most users have numerous accounts and struggle to remember all the related passwords. Regularly changing them is such a nuisance that many people just don't do it. Many companies are experimenting with biometric authorization (usually involving iris or fingerprint recognition systems) in place of passwords. These systems are still in development, so software password access is still the most widely used option.

Passport Management Software

One solution to the nuisance of remembering and changing multiple passwords is to use password management software. That software stores all the user's passwords in one place, which the user can access with just a single password. It is not 100% safe, however. In 2016, one of the leading password management software companies was itself hacked, and the hackers stole user account and password information.
Hard copy list of passwords

Some people use a low-tech solution to solve the problem of remembering many passwords and regularly changing them. They write all their accounts and passwords by hand on a sheet of paper, which they keep near their workstation. Doing this by hand gives added security. The only way a criminal can access the passwords is by breaking into the user's premises. Even then, a single sheet of paper, perhaps hidden in the middle of a book, is hard to find or stumble upon.

The hard-copy solution facilitates easy password changing. The user can change some or all the passwords by just writing the new ones on the same sheet. Laying the sheet out in columns makes this process easier, allows the user to change passwords frequently, and include the date of those changes. The downside, apart from the bother of writing by hand, is that you can lose or misplace a single sheet of paper. Taking a photo of the sheet, printing a few copies of it and then securely deleting the photo image file addresses that problem. One caveat is that if you lose even one of those sheets, all the passwords become vulnerable and so all need to be changed as soon as you notice the paper is gone
Use multi-factor authentication where available

Multi-factor authentication means that access to an online account requires the input of a password plus some other data such as a PIN number. Many bank websites use this form of authentication. Some websites enhance security further by requiring the user to input a one-off or dynamic code that the site sends to the user's cellphone as a text message. Each dynamic code can be used only once and within a short period of when the site sends it. That reduces the likelihood of an unauthorized person using it, for example, if a phone is stolen or lost.

4.    Only access secure websites

Hackers use many routes to infect computers. One is through websites. Ideally, users should access only secure websites of well-known, reputable organizations. Secure websites display the prefix "https" (rather than just "HTTP") in the address bar. Most also show a lock symbol near the address bar. It is inadvisable to share sensitive information with insecure sites or to download files from them.

5.    Email security

Email is the hacker's favourite way of spreading malware. Emails from strangers are often benign, but they may also contain malware. Even emails from known contacts and friends can be infected because criminals can hack into an email account and send infected messages to anyone on the user's contact lists. The best protection against email malware is to keep anti-malware software up-to-date and to be wary when opening attachments that you were not expecting.

6.    Use encrypted smartphone messaging software like WhatsApp or Signal

You may not be a secret agent, but it's still nice to know that you can send and receive messages without someone else snooping on them. WhatsApp and Signal are smartphone apps that use similar code and provide end-to-end message encryption. That means that, even if a hacker or a business competitor intercepts a message, they won't be able to decipher it.

7.    Back up important data regularly 

This advice is frequently ignored and sometimes even scorned. That might be because people believe that since they carry out so much of their digital data activity online, that the cloud provides more than enough backup. On the most basic level, it doesn't; the word "backup" means at least two independent copies. Regardless of the cloud, experts advise keeping local copies (on a computer of another device) of relevant documents because access to online services can be interrupted or suspended. For a private individual, it can be inconvenient if their documents become inaccessible even for a short time, but for a business, it can be quite costly.

8.    Back up computer hard drives

Apart from regularly backing up important individual documents, a full hard drive backup is vital because no storage device is immune from failure. PC and laptop hard drives can hold an enormous amount of data and, for most people, losing it all would be inconvenient at best and disastrous at worst. Large capacity external hard drives, about the physical size of a pack of cards, are widely available. They are reasonably priced, simple to connect, and easy to use as backup devices.

The online world with all its connected systems has enhanced people's lives immeasurably. It has opened up a whole new virtual world of almost limitless possibilities to individuals and businesses. Like the physical world, however, it is full of dangers, and people can choose to tackle them, or to ignore them at their peril.