Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Seven hints to stay safe online

The Web and social networking are part of daily life, so it is important to learn to use them safely and securely.

There have been a number of attacks recently against high-profile social networking accounts -- French President Sarkozy, teen pop star Selena Gomez, and even social network wunderkind and Facebook founder Mark Zuckerberg have all fallen prey. Web surfing and social networking are here to stay, so the trick is figuring out how to protect your computer and your personal information while you're online.

A McAfee spokesperson e-mailed me a list of online security practices recommended by McAfee. Here is an overview of seven steps you can take to secure your online activities:

1. Update your browser. Newer browsers have better security controls and protection than older browsers. Make sure you are using the latest version of your Web browser of choice to take advantage of features like phishing filters that can protect you from attacks.

2. Do it in private. Public Wi-Fi hotspots like those at McDonald's or Starbucks are very convenient, but they are also -- in a nutshell -- insecure. There is typically no security or encryption enabled which means that anyone within range of your wireless connection can potentially intercept your data, including any account numbers or passwords you might type in.

In general, you should stick to reading the news and weather at public hotspots, and avoid ever typing any username, password, or other account data that should be kept private. If you absolutely must log in to Facebook, at least use the new security setting that uses HTTPS to set up a secure, encrypted connection with the social networking site.

3. Keep 'em guessing. Your username and password should be different for each site. Yes, that is more tedious and cumbersome for you to try and remember what your credentials are for each site, but it means that an attacker who compromises your Twitter account will only compromise your Twitter account, rather than having the master key that grants access to every site and service you use on the Web.

4. Double-check the domain. Before you start typing in sensitive information like your password or account number, take a peek at the address bar just to make sure that the site you are logging into is the legitimate site, hosted from the correct domain.

While you might think you are logging in to facebook.com, attackers will often create a realistic-looking malicious spoof site with a domain like facebook.hacker.com, or facebook_login.hacker.com. The bottom line is that the end is the only part that matters. If it says facebook.twitter.google.hacker.org, the real domain is simply "hacker.org" and the rest are simply subdomains created to distract and confuse you.

5. Suspicious messages are suspicious for a reason. Have you ever received an e-mail, or a private Facebook message from someone you know -- but who almost never contacts you? Did it seem odd that after months or years or no communication, this person sent you a message out of the blue simply saying "Is this you in this video? LOL.", accompanied by a URL-shortened link to some unknown destination? Did it seem suspicious and make you think twice about clicking the link? It should have. If it seems suspicious -- at all -- assume that it is malicious and just delete it. If you are concerned that it might be important, then contact the alleged sender directly to make sure it is legitimate.

6. Clear history and log out. If you use a public PC, like at a library or a hotel lobby, to do any Web surfing, make sure you erase your tracks before you leave. You should use the anonymous or private browsing mode of the browser if there is one available. When you are done, you should go into the properties for the Web browser and erase the history and cache to remove traces of your Web-surfing activities.

You also need to make sure you manually log out of sites you log into. Just because you shut down the browser window doesn't necessarily mean you are logged out of the site. Whether intentional or pure accident, the next user of that same PC may find that your account is still actively logged in, granting complete access to a stranger.

7. Protect your PC. It wouldn't be a list of recommended security best practices without a reminder to properly protect the PC. You should have some sort of security suite, or collection of tools, providing personal firewall security and protection against viruses, spyware, phishing attacks, and other malware. As important as installing the protection is, it is more important to make sure the tools are frequently updated. Security software is typically only as secure as its last update. As new threats emerge, security software may be unable to detect or defend against them without the current update data.

There you have it. None of it is rocket science. In fact, most of it is simple, common sense. The dirty secret about PC and online security is that it is 90 per cent common sense and healthy skepticism. The security software just helps guard against the other 10 per cent.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: DLP, Facebook, IPS, LP, McAfee, McDonald's, Starbucks, Web Security
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: antispam, Facebook, internet, Internet-based applications and services, malware, online security, phishing, security, social networking, spam, viruses
Latest Blog Posts
Whitepapers
  • Leveraging the Service Catalog to Scale Your MSP Business
    When assessing an MSP’s maturity and prospects, one question provides more insights than any other: “What’s in your service catalog?” A well-defined service catalog can set the framework for growth. The lack of a service catalog can significantly impede an MSP’s ability to scale. This paper explores why the service catalog is so vital, and provides some practical guidelines MSPs can apply in order to ensure their service catalog provides maximum utility and benefit.
    Learn more »
  • SOA Best Practices and Design Patterns
    By learning from the experiences of those organisations that have been through the process and looking at the standard best practices of large‐scale technology implementations, success can come earlier and more dramatically. Read more now.
    Learn more »
  • NetScaler 2048-bit SSL performance advantage
    Citrix® NetScaler® provides advanced layer 4-7 traffic management and load balancing. Like other leading Application Delivery Controllers (ADCs), NetScaler can offload computationally expensive SSL processing responsibilities from web and application servers to speed the delivery of SSL-protected applications. Learn more.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments