While security is everyone’s responsibility, it’s not always easy to get right. Our “Security Best Practices” blog series will provide simple tips that enable users to improve their online security. These articles aren’t for pros, but for those trying to get their basics down.
After our most recent research on the dangers of exploit kits, we wanted to put together a quick list on some of the easiest things that you can do to stay safe online. The Internet can be a risky place; it is an excellent resource for shared knowledge but, unfortunately, also a common vector for ransomware, malware and other nasties that exist for no other reason than to steal your data and make your life more difficult. Here are three steps that the everyday user can follow to stay safe online.
1. Always maintain patches and updates on your browser
Always download and apply the latest software patches regardless of your preferred browser. If you browser is not supported with regular software updates, as in, it has gone End of Life, consider choosing a new browser. For example, as recently as January 2016, Microsoft announced that it would no longer provide security updates or technical support for older versions of Internet Explorer. The company will stop providing updates if you use any version of Internet Explorer prior to the latest version 11. A well-maintained browser will warn you when a webpage you are about to visit might be loaded with malware.
- Most browsers update automatically. If your browser does not update, always select “Yes” when your browser gives you a prompt for an update. Also, make sure to update any installed browser plugins.
- Along with the browser itself, the plugins are of critical importance. Most exploit kits attack flaws in Adobe Flash, Oracle Java or Microsoft Silverlight. If you are using these plugins, they must be kept up-to-date.
- Install an antivirus program and ensure that you are receiving regular updates for it. Antivirus programs help protect your computer against most viruses, worms, trojans, and other unwanted invaders.
- Considering installing an ad-blocker program. Ad-blockers are crucial for stopping the stream of unsolicited ads that are a common means of delivering exploit kits and other programs that can take control of your computer without your permission.
- Make sure to disable Flash. Adobe Flash is one of the preferred vectors that cyber criminals use to attack your computer. HTML5 is supported by most major sites like Facebook and YouTube, and is a safer alternative.
Figure 1: If your browser looks like this, consider upgrading (Source: viola.org).
2. Be wary of suspicious links and never open unsolicited attachments
You should always be wary of the source anytime you are given an option to download a file. A file downloaded from an untrusted source could contain harmful code that could do all kinds of damage to your computer or mobile device. It could take control of your computer, compromise your personal data, and possibly expose you to identity theft. If you come across a file or a download that sounds too good to be true, it probably is.
- Check the hyperlink that you are about to click on to download anything. Make sure the URL that you are about to visit is where you want to go. Malicious software is often hidden behind misleading links. For example, accidentally typing “examlpe.com” when you meant to type “examples.com” could take you to a website interested in stealing your personal information.
- If you are downloading, for example, Google Chrome, make sure that you download it from Google’s own site, rather than some 3rd party.
- Before downloading any program, be sure to do your homework. Google the program before downloading and see what other users are saying.
Figure 2: This website is suspicious because it’s offering a download but it’s not the site for the author of the software. This site might be a threat. (Source: How To Geek)
3. Watch out when asked to give personal information
How are you supposed to enjoy the Internet and all it has to offer without providing some details about yourself? You can’t, really. Vital personal tasks, such as staying in touch with friends, banking, or conducting other business, require you to provide some of your valued personal information. If you do provide information online, our advice is to play it safe and confirm that you are providing the information to a trusted source.
- If you are asked to provide personal information online, make sure the website address loads with “https” and a green padlock icon in your browser status bar. This ensures that the connection is private and the information you are providing will be seen by only the website you are visiting.
Figure 3: Notice the lock image and the HTTPS address. (Source: Wikipedia)