There have been a number of attacks recently against high-profile social networking accounts -- French President Sarkozy, teen pop star Selena Gomez, and even social network wunderkind and Facebook founder Mark Zuckerberg have all fallen prey. Web surfing and social networking are here to stay, so the trick is figuring out how to protect your computer and your personal information while you're online.
A McAfee spokesperson e-mailed me a list of online security practices recommended by McAfee. Here is an overview of seven steps you can take to secure your online activities:
1. Update your browser. Newer browsers have better security controls and protection than older browsers. Make sure you are using the latest version of your Web browser of choice to take advantage of features like phishing filters that can protect you from attacks.
2. Do it in private. Public Wi-Fi hotspots like those at McDonald's or Starbucks are very convenient, but they are also -- in a nutshell -- insecure. There is typically no security or encryption enabled which means that anyone within range of your wireless connection can potentially intercept your data, including any account numbers or passwords you might type in.
In general, you should stick to reading the news and weather at public hotspots, and avoid ever typing any username, password, or other account data that should be kept private. If you absolutely must log in to Facebook, at least use the new security setting that uses HTTPS to set up a secure, encrypted connection with the social networking site.
3. Keep 'em guessing. Your username and password should be different for each site. Yes, that is more tedious and cumbersome for you to try and remember what your credentials are for each site, but it means that an attacker who compromises your Twitter account will only compromise your Twitter account, rather than having the master key that grants access to every site and service you use on the Web.
4. Double-check the domain. Before you start typing in sensitive information like your password or account number, take a peek at the address bar just to make sure that the site you are logging into is the legitimate site, hosted from the correct domain.
While you might think you are logging in to facebook.com, attackers will often create a realistic-looking malicious spoof site with a domain like facebook.hacker.com, or facebook_login.hacker.com. The bottom line is that the end is the only part that matters. If it says facebook.twitter.google.hacker.org, the real domain is simply "hacker.org" and the rest are simply subdomains created to distract and confuse you.
5. Suspicious messages are suspicious for a reason. Have you ever received an e-mail, or a private Facebook message from someone you know -- but who almost never contacts you? Did it seem odd that after months or years or no communication, this person sent you a message out of the blue simply saying "Is this you in this video? LOL.", accompanied by a URL-shortened link to some unknown destination? Did it seem suspicious and make you think twice about clicking the link? It should have. If it seems suspicious -- at all -- assume that it is malicious and just delete it. If you are concerned that it might be important, then contact the alleged sender directly to make sure it is legitimate.
6. Clear history and log out. If you use a public PC, like at a library or a hotel lobby, to do any Web surfing, make sure you erase your tracks before you leave. You should use the anonymous or private browsing mode of the browser if there is one available. When you are done, you should go into the properties for the Web browser and erase the history and cache to remove traces of your Web-surfing activities.
You also need to make sure you manually log out of sites you log into. Just because you shut down the browser window doesn't necessarily mean you are logged out of the site. Whether intentional or pure accident, the next user of that same PC may find that your account is still actively logged in, granting complete access to a stranger.
7. Protect your PC. It wouldn't be a list of recommended security best practices without a reminder to properly protect the PC. You should have some sort of security suite, or collection of tools, providing personal firewall security and protection against viruses, spyware, phishing attacks, and other malware. As important as installing the protection is, it is more important to make sure the tools are frequently updated. Security software is typically only as secure as its last update. As new threats emerge, security software may be unable to detect or defend against them without the current update data.
There you have it. None of it is rocket science. In fact, most of it is simple, common sense. The dirty secret about PC and online security is that it is 90 per cent common sense and healthy skepticism. The security software just helps guard against the other 10 per cent.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.