If you use Microsoft Windows Vista, Windows Server 2008, Microsoft Office 2003 – 2010, or Microsoft Lync, you may be at greater risk of hacker attacks.
Yesterday Microsoft issued caution to users as hackers may try gaining access to computers by exploiting a “vulnerability” in its operating system.
As Dustin Childs explained via the Microsoft blog, they are aware of targeted attacks coming from the Middle East and South Asia whereby the hacker requires user interaction. The attack is “disguised as an email requesting potential targets to open a specially crafted Word attachment. If the attachment is opened or previewed, it attempts to exploit the vulnerability using a malformed graphics image embedded in the document. An attacker who successfully exploited the vulnerability could gain the same user rights as the logged on user.”
Computer, smartphone and tablet attacks are all too common place. And even though I use Windows 8 and have the latest Office software, so I’m not susceptible to this particular attack, it got me thinking if I am actually doing all I can to protect myself, my business and my clients’ businesses whilst working online.
Maybe not. So I decided a little refresher was in order.
Here are the top ways to stay secure online, in addition to having good internet security software installed on your computer:
Use strong, different passwords for each service
It’s recommended to use random passwords of any length, although the longer the better, that consist of numbers and letters, and that the letters be in both upper and lower case throughout.
Change passwords often
Change your passwords every 2-3 months. In actual fact changing passwords as often as once a month is the recommendation, but I’m more of a realist and know I won’t do it that frequently, so have given myself a more realistic timeline. If you can do it monthly, then all the better.
But of course it can be difficult to come up with a new password each time. Well that was until brilliant tools such as Lastpass became available. Lastpass creates strong passwords, so you don’t have to! Essentially once installed, you only have to remember one strong master password, and Lastpass does the rest.
The free version can be installed on all your computers, or upgrade to the premium version to cover passwords on your computer as well as mobile devices.
Check that the site uses SSL
SSL (Secure Socket Layer) encrypts data to and from servers.
By using websites that have an SSL certificate (shown as https://websitename.com or a padlock icon in web browsers) private information can be transmitted without any problems of eavesdropping, data tampering, or message forgery.
Most websites that ask for personal information to be entered; to sign in / register / make a purchase; will use SSL, but it’s something to check before handing over any sensitive information.
Be wary of email attachments
Whether from an address you recognise or not, be wary when opening email attachments.
In the past I’ve received emails from HSBC, and other well-known financial institutes, containing zip files that are potential viruses. It’s so easy to fall in the trap and open it because it’s from a legitimate company. Even easier to fall into it if you are actually one of their customers (I’m not a customer of HSBC so knew instantly that this was a scam). But regardless, your financial institution will not send zip files in emails for you to open. And if in doubt, contact them to check before opening.
Even if you receive an attachment from a friend’s email address, still be cautious. If you weren’t expecting anything from them, it could be that their email has been compromised.
If you do click to open a file without thinking, then close it down straight away and run a full scan on your computer to quarantine anything that may have been contained within it. And don’t go into any websites that require passwords until the scan has been completed.
Configure latest system updates
When your system displays a request to run an upgrade don’t ignore it.
I know I’m guilty of it, but ignoring these pop-ups when they appear because you’re right in the middle of something and think you’ll do it later, rarely happens! Or when it does, it’s often a few weeks later.
Instead, click the ‘OK’ button and run it. It shouldn’t take long and will help protect your computer better, as it’s often old software programmes that have the loopholes hackers need to ‘get in’.
Install a firewall
The internet being a public network means that any computer can connect to any other computer if there’s no barrier in the way. This barrier is called a firewall. And if not installed, will leave your computer wide open to virus, worms and Trojan attacks.
Be careful downloading files and installing software
Before downloading any software on to your computer, check it out thoroughly first. If it’s from a questionable source, it’s advised to find an alternative solution.
Hackers know that free software will be desirable to many business owners wanting to save their pennies, so they embed code into that software in a bid to gain access to your computer through what you think is just an innocent download.
The best thing to do is be vigilant of download sources, website reputations, and any application that had to be cracked in order for you to use it.
Clear cache and cookies regularly
We all know that cookies are used by businesses to keep track of usage on their website. Hackers can also use them in the same way, by saving information you’ve entered on websites for their deceitful purposes later on.
It’s therefore recommended to clear your browsers cache and cookies folder as often as possible to avoid this unscrupulous activity.
Being mindful of the above points and ensuring you have adequate internet security software should help you avoid any security issues in the future. But it’s also important to keep abreast of latest news, in case as in this instance, there’s something you need to be aware of or to act on quickly.