The best defense is a team effort
Your home network is a busy place; you and your family use it for personal finance, gaming, social media and personal communication. Keeping it secure is a big part of protecting your privacy and identity. In this section we’ll suggest ways you can protect your personal computing hardware as well as your computer network. It’s all part of helping you create a strong defense against fraudsters and criminals. And, it’ll help you protect all of your online experiences and accounts, not just those you have with us.
Use a personal firewall
Just like anti-virus programs, personal firewalls are a necessity in today’s environment of open kiosks, free Wi-Fi access, etc., to help protect your computer from hackers.
Avoid malware; install anti-malware software
As you browse the Internet, certain web pages may install unwanted programs, cookies, spy programs, etc., to your system. Many of these can perform serious harm to your computer and can give the fraudsters “inside” tools to steal your information. We recommend you install both anti-virus and anti-spyware programs on your computer to help protect you. Avast is a great anti-virus program and MalwareBytes is recommended for anti-spyware. We strongly encourage you to keep them both up-to-date and scan your system often.
Consider using a "Secure Internet Browser" like Firefox or Chrome
While Internet Explorer is arguably the world’s most popular web browser, that also means the bad guys specifically gear malware to attack it. Consider using a secure web browser such as Google Chrome or Mozilla Firefox.
Update your system and applications
Just like your car, your computer needs regular tune-ups. Be sure to regularly check for updates and install security patches to ensure your operating system and applications are up-to-date and as secure as possible. Secunia has a good tool to scan, detect and update your computer’s vulnerable programs.
Create strong password
It’s hard to believe it, but one of the most common passwords people select worldwide is "password". Choosing a strong password for any online account is likely the singular most important step you can take to protect yourself.
Stay vigilant; know what to watch for
The bad guys are constantly thinking of new ways to get your information. That means you have to be constantly vigilant and know how to recognize fraud.
Passwords are a key component of securing your online information and are the first defense against online attacks. When you consider that some of the most common passwords are "password," "1234567," and "letmein," you quickly realize that it's not hard to make a password that's stronger than the worst of them. Here are some good guidelines:
Using the same password for every account is not a good idea. Sure, we can tell you that, but we know that's probably impossible. You've got anywhere from 10 to 40 or more different places you've got passwords, and you're probably going to repeat them, no matter how many times you hear that's a bad idea. That said, there are TWO places where we strongly suggest you make the password unique and extra hard: your primary financial institution and your primary email address.
The first is probably obvious to you, but the second is equally important. Your primary email account is usually your back-up for when you forget your passwords at ALL your other accounts, so if your primary email gets hacked, criminals will be able to use it to get your other passwords sent to them and they may end up with everything (and you with a big mess on your hands).
A passphrase is a sequence of words, rather than just characters. Yes, a passphrase is harder to crack and can be easier to remember. But don't use common sayings, quotes, or song lyrics, as they have all been added to cracker databases and aren't reliable. As good as they sound, "IHaveADream," "IWillSleepWhenIAmDead," "OpenThePodBayDoorHal" and "WhenInTheCourseOfHumanEvents," are going to let the crooks into your account before you even finish choosing them. You can make your passphrase harder to crack by adding features that also apply to passwords in general (see below).
When mixed case is allowed, adding a combination of upper and lower case characters, or even just a few stray case shifts, can improve the strength of your password or passphrase. Just remember which ones you capitalized, or you might lock yourself out of your own account with too many incorrect login attempts. Was that KerkNar9 or kErKnAr9?
Again, if they're allowed, adding in non-traditional characters can improve password quality. However, the basic substitutions of "@" for "a," "3" for "e," and "$" for "s" are all well recognized and programmed into most cracking programs, so just substituting those characters with a common and easily crackable dictionary word (see below) doesn't make it much stronger than a wet paper bag against a sharp knife.
Every word in the standard dictionary (yes, even antidisestablishmentarianism) has been added to the crackers programming and won't withstand an attack. In going after YOUR account in particular, a criminal will do some investigating and may know the name of your spouse, children, pet, high school mascot, and possibly even your sister's first cousin's brother's name. "ILoveSusanEmilyJohnandDagwood" is just not going to be safe enough.
It's true. A ten-character password is going to be harder to crack than a six character one. But if it's easy, it's still easy. Length by itself is not enough-quality is important too. A long AND well-formulated password is the best combination, as long as you can remember it without writing it down.
OK. You're probably going to write them down. We can't stop you. You're going to be worried about forgetting them. But here are two things you can do to make it just a BIT harder for the criminals. Don't put them in your wallet and don't leave them next to the machine (whether at home or office). If you MUST write them down, hide them very well or put them in a safe deposit box. If you want to avoid paper, there are software programs (password "vaults" such as Clipperz or KeePass) that will encrypt your list of passwords and make it hard to get into. If you use a vault program, make sure that the single password into your vault program is incredibly secure and strong, and do not write that one down ANYWHERE AT ALL! It's the key to the crown jewels of your identity.
How regularly? As regularly as you can, where doing so won't make your life incredibly inconvenient. But ABSOUTELY CHANGE ALL YOUR PASSWORDS IMMEDIATELY (from a secure machine) IF YOU BELIEVE YOUR IDENTITY OR ANY OF YOUR CREDENTIALS HAVE BEEN COMPROMISED.
Social engineering is what the bad guys do to manipulate you into inadvertently giving away your computer access or revealing confidential information. Rather than breaking into computer networks or systems, social engineers use psychological tricks to get access to your personal information. Find out more.
*These specific products are not recommendations, but just examples of available tools, and First Tech Fed doesn't endorse any specific password vault product.