Online Security Secrets Straight From the Experts

Share this...
Share on FacebookTweet about this on TwitterShare on LinkedIn

Online security and privacy are seriously hot topics in today’s world, and for good reason. As our lives become more integrated and connected into the Internet of Everything, our world is rapidly becoming more convenient and less secure.

The thing is, most of us are too busy to give our online privacy a second thought, and as a result, those conveniences have become liabilities that many people aren’t even aware of.

Identity and information theft can do catastrophic damage in the blink of an eye, with effects and consequences that could follow you for years. Don’t let the daily grind get in the way – this is every bit as important as making dinner and getting to work on time.

We checked in with some of the web’s top security experts, and asked them the simple questions everyone needs to know the answers to. Here our dream team of security pros will give it to you straight, and give you their best security tips that years of experience in their fields have taught them.

First, we wanted to know,

What are some of the most common security mistakes people are making?

Here’s what the experts had to say:

chuvakin

First, meet Dr. Anton Chuvakin,   Research Vice President      at Gartner for Technical    Professionals Security and  Risk Management Team. He’s a  pro that has written numerous books in the security and online management fields, including titles like “Security Warrior”. Here’s what he had to say about some of our biggest security faux pas:

“I’d name these three:

– Short, simple passwords like “123456” and “password” are truly bad – use longer passwords (and write them down in a secure location) or use passphrases like “YouShouldUsePassPhrasesDuh!”

– Password reuse, such as using the same password for some silly website AND your work PC or your bank – password reuse kills! Use a password manager to securely record passwords.

– Sharing too much of your private info; try to share your sensitive info (SSN, especially) less. If you get an email, call, or SMS asking for it, don’t share it. If your bank needs it, call them and give them the info”

—————————————————————————-

abrams
Next we have Lawrence Abrams,    creator and owner    of BleepingComputer.com.  Lawrence’s area of expertise lies with  malware removal and computer forensics,  and he’s been awarded the Microsoft MVP in Windows Consumer Security. He agreed with Dr. Chuvakin, and had some additional insight from his field:

“Two of the most common security mistakes are to use the same password at every site, and to open up attachments without investigating where they are from.

As it has become a common occurrence for sites to become hacked, it may be possible to discover your account password on other sites that use the same login info, if the hacked site did not protect your data properly. This could lead to ID theft, illegal bank transactions, or other harm to the affected user.

The other issue is to open attachments without scanning them or investigating where they are from. This leads to malware being installed on the victim’s computer. The rule should be that if you receive an attachment from someone, send them an email asking if they actually sent it and if it’s legitimate.”

—————————————————————————-

jsmith

  Jeffrey Smith weighed in with our expert   roundup too, and gave us some simple,    easy to implement tips for improving our  everyday online security. Jeffrey’s seen a  lot as an IT Professional for Wombat    Security, and has spent a lot of his time focusing on turning the tables on cybercriminals, and using what’s he’s learned to better arm those in the security industry.

“I believe that there are three relatively simple mistakes that users are making on a day-to-day basis.

#1: Not keeping operating systems, installed applications, and antivirus software up to date. Developers issue updates to address critical issues and security patches. If people have disabled automatic updates or if they ignore legitimate prompts to download new versions of installed software, they are likely to expose their devices to unnecessary risks.

#2: Clicking on links and ads while on unfamiliar web sites. It may be a slight overstatement to say that danger lurks around every corner of the web — but only a slight one. It’s important to remember that anyone can create a trustworthy looking site. Actually earning trust is another thing altogether.

#3: Doing day-to-day tasks on a personal PC as an administrator. On personal PCs, users should only log in as an administrator when they want to load trusted software or make another administrator-level change. After that, they should log out and log back in as a general user. When you’re logged in as an admin, a lot more of your system is open to access — and if you come in contact with malware or an infected file during that time, you could do even more damage to your system.”

—————————————————————————-

moussaris

Our next security expert, Katie    Moussouris has a long and impressive    resume of credentials – she’s worked on    projects like Microsoft Vulnerability  Research and their bounty programs, and is an expert for the US National Body of the International Standards Organization. Katie is an ex-hacker and Linux developer gone security expert, currently working as Chief Policy Officer for HackerOne.

Katie had this to say on simple personal security mistakes:

“Aside from poor password choices or reusing passwords across multiple sites that store sensitive data, many people don’t use the extra security features offered to them on popular sites, like two factor authentication.”

For those that may not be clued in to the term, two factor authentication is just any form of login that requires two different factors for access. In the case of online services, it would be something along the lines of a secure password and mobile verification (think along the lines of codes and links that are required for online account access).

—————————————————————————-

precise

Next we have Michael    Plambeck  of PreciseSecurity.com.   PreciseSecurity is an excellent  resource for everything from tech news to security concerns, and even includes a Tools and Resources section with numerous step-by-step tutorials and troubleshooting guides.

When we checked in with Michael about online security, he had this to add:

“Clicking yes to install updates that popup in their browser window. This will quickly get you infected with malware; stop, read, and think about what you’re seeing to decide if this is a real piece of software you want to install or malware.”

—————————————————————————-

qamar

  Our next expert, Ali Qamar, is a freelancer   gone security pro. He’s the founder    of Security Gladiators – a tremendous    source of information for tech enthusiasts  and average Joe’s alike looking to beef up  their online security. Ali had some great  advice for internet users, particularly those that participate in social media platforms (and let’s face it, that’s pretty much everybody).

“I believe the most common mistakes Internet users today are making include not getting their hands on quality antivirus (I mean a reliable antivirus solution with paid keys, not cracked), using somewhat stagnant and universal passwords all over Internet, and giving away their personal information literally everywhere (for example, why not fake it a bit on social profiles and be careful while uploading pics that they don’t contain any of your personal info?).”

—————————————————————————-

Kline

  Evan Kline is a lawyer practicing in    York, Pennsylvania, that has expanded his   talents into the tech world to cater to his    clients. His site 40Tech.com features  tons of great articles for the average reader  on news, security, and breakthrough  technology in the industry. Evan takes security back to basics, saying simply:

“The most common security mistakes people make are reusing passwords on multiple sites and using weak passwords. In addition, people take risks when they don’t update software and operating systems when security patches are released.”

—————————————————————————-

magid

Our next expert is a big name in the  industry. Larry Magid is founder  of SafeKids.com and ConnectSafely.org, and  is an on-air tech analyst for CBS News. Larry  cites the importance of basic password sense for  your mobile and home devices, saying,

“The most common mistake is not having a secure password or not password protecting all your devices.”

—————————————————————————-

prati

 Our next expert, Soumya Pratihari, is  founder and editor of the tech  blog Techcular.com, where he publishes a  myriad of articles on recent news,  developments, and security concerns for a  variety of devices. With his engineering degree  in Information and Technology, we were curious to see what his take on this question was. Citing the importance of top-of-the-line security software, Soumya adds:

“The most common one is underestimating the power of an all-in-one security software. People tend to take things for granted, and this practice gets them into trouble. You never know what activity of yours – may it be browsing a website or downloading something – will make you vulnerable to malicious activities.

Always, always have a licensed and regularly updated all-in-one security software installed on your system.”

—————————————————————————-

daniel

 Daniel is Editor-in-Chief of the blog  over at Appcessories.co.uk – an  awesome site dedicated solely to the cool  gadgets that now interact with our apps  and smart devices. Daniel is a tech  enthusiast, with a mad love for all things  Apple. We checked in with him to see what he had to say about some of the most frequently made security mistakes.

“Internet security has been a big concern since the early days of the World Wide Web, and yet there are still so many people who do not take their own security seriously.

What are some of the most common security mistakes people are making?

There are a few big mistakes that lots of people make, all of which compromise their online security. The first is using a password that’s incredibly weak. According to Gizmodo, the three most popular passwords in 2014 were 123456, password, and 12345. You don’t have to be an experienced hacker to guess those!

Next, too many individuals leave their private Wi-Fi network open and not password protected (or “protected” with one of the aforementioned weak passwords). There’s simply no excuse for doing this, especially since almost every device can remember networks. Create a strong password, type it in once, and you’ll always be able to use your network. Leave it unprotected, and you subject yourself to unauthorized users on your Wi-Fi at best, and identify theft at worst.

Finally, people can be their own worst enemy when it comes to online security. They offer up loads of personal information on social media profiles, blogs, and other participation-based websites. And of course, the more information a potential identity thief has access to, the easier it is for him or her to steal your identity.”

———————————————

These experts definitely offered some insight into some of the most basic (not to mention embarrassing) security mistakes that a lot of us are making. It may seem like security 101, but for the majority of us juggling a hectic life outside of the one we lead online, it’s something that also gets neglected and forgotten all too often.

Next we thought we’d talk solutions with our panel of pros, and asked them for a bit of advice on security for your average internet user.

What is your number one online security tip for the average user?


chuvakin

 Dr. Anton Chuvakin – Research  Vice President GTPSRM

“Hmmm….hard to name one. I am    split between “don’t use Internet  Explorer — use Google Chrome instead” and “make sure that all security patches are applied fast, preferably automatically” (probably the IE one should win…)”

—————————————————————————-

abrams
  Lawrence Abrams    – 
BleepingComputer.com

“Using different passwords for every site you  create an account at. To make this easier, use a password management tool like KeyPass.”

—————————————————————————-

jsmith

 Jeffrey Smith – Wombat Security

“I can’t give just one tip. I actually have to  give two.

I think that keeping your operating system,  installed applications, and antivirus software up to date is probably the easiest and most effective way to ensure that your devices are doing what they need to in order to keep your data and systems safe.

Trust and verify everything to ensure it really is a legitimate request/situation that you should interact with in any way. Tools by themselves cannot prevent all breaches because they cannot stop you from making bad decisions (like downloading pirated content or falling for “too good to be true” offers). It takes a healthy paranoia to protect yourself from cybercrime.”

—————————————————————————-

moussaris

 Katie Moussouris – HackerOne

“While no one is safe from a determined  attacker, using tools like password  managers to store complex, unique passwords, and enabling two factor authentication wherever available can help limit risks.”

 —————————————————————————

precise
 Michael Plambeck – 

  Precise  Security

“Spend $20-30 and buy malware prevention software. It’s a good investment considering your computer cost you $500-1500. I suggest malwarebytes, but there are many cheap good options.”

—————————————————————————-

qamar
 Ali Qamar – 
Security Gladiators

“My number one tip for average users  online is to try to stay up-to-date all the  time, and give special attention to your  passwords (you should use a different one on each site, as well as, try to make each one as difficult as possible). By up-to-date I mean the users should keep their Windows, antivirus, anti-malware, Firewall and everything (like browsers and plugins) up-to-date.”

—————————————————————————-

Kline
 Evan Kline – 
40Tech.com

“Use a unique, complicated password for  every site you visit. You can protect your  passwords all you want, but if a website is  hacked, and a hacker gets your email  address and password, he or she will try that address and password on other sites. The best way to use good passwords is through a password manager, like 1Password or LastPass. They make generating long and unique passwords very easy.”

—————————————————————————-

magid
 Larry Magid – 
ConnectSafely.org

“Have a secure and unique password for every site  and change them periodically. It sounds hard, but  it’s not, if you follow the advice in this  post: http://www.connectsafely.org/tips-to-create-and-manage-strong-passwords/

—————————————————————————-

prati
 Soumya Pratihari – 
Techcular.com

“Never download files, may it be videos, music,  software or PDFs, or anything from pirated  sources. Pirates are pirates, after all. Most pirate  sources are known for their malicious practices where they bundle a tracing script or keyloggers or similar tools with the file on downloads and later on take complete remote authority on the system. Always trust reputable and authoritative websites for downloading activities.”

—————————————————————————-

daniel
 Daniel – 
Appcessories.co.uk

“Honestly, the biggest tip is to think before  you post. It’s amazing to me how many  people mindlessly post personal data like  their address and phone number, or worse — their NHS number (in the UK), social security number (in the US), or other sort of national identification number.

Posting sensitive information like a credit card or driver’s license number is just as careless. Again: think before you post, and ask yourself if what you’re about to put up could potentially come back to hurt you.

Similarly, I would recommend that all users be extremely discerning about giving out this type of information. Never give out passwords, numbers, or anything else to a caller who claims to be from a particular company; only give requested information out when it’s on a call that you’ve initiated.”

—————————————————–

We got some seriously simple tips from our experts that any internet user can easily implement. Password security, software updates, and information sharing appear to be three of the biggest things you can focus on, so heed their words and start paying attention.

Next, we wanted to hear the wise words of firsthand experience, and see what lessons our expert panel had to learn the hard way.

Have you ever been hacked? If so, what did you learn from it?

 

chuvakin
 Dr. Anton Chuvakin – Research  Vice President 
GTPSRM

“Not for a while, but back in 2007 I had to face an interesting malware incident that I described here and here. (Despite the date, it still has relevance and some very modern lessons)”

—————————————————————————-

abrams

 Lawrence Abrams  – BleepingComputer.com

“No, I have never been hacked. Knocking on  wood…”

 

 —————————————————————————

jsmith

 Jeffrey Smith – Wombat Security

“I am betting I was hacked at some point,  but it went undetected. In 2003, it occurred  to me that the probability of me not being  hacked was pretty low given the amount of time I spend using a computer.

The lesson I learned was that I didn’t have the right tools installed to detect a hack — and I have not been on the web without those tools installed since 2003.

I also learned that controlled paranoia is an asset in the computer security industry. Do not trust people or websites you don’t know and always be on the lookout for imposters.”

—————————————————————————-

moussaris

 Katie Moussouris – HackerOne

“Not that I’m directly aware, but I  wouldn’t be surprised if I have. The way  I conduct all my communications is with the assumption that it might not be private, so I try to keep that in mind when storing or transmitting data.”

There are some things you can’t control directly, such as how medical records are handled by healthcare providers, or financial data is passed from the organizations that handle your mortgage, loans, and credit cards.

Hopefully, these and other organizations will embrace the friendly hacker community and set up vulnerability coordination and bug bounty programs to help them learn about inevitable security holes before criminals can exploit them.”

 —————————————————————————

precise
 Michael Plambeck – 

 Precise  Security

“One of my websites was hacked and a lot of bad pages were published on my site. Google penalized the site and I had to clean it all up. I learned that I need to have very secure passwords, use a random password generator, and keep your passwords in an encrypted file – you can do this easily using Microsoft Word.”

—————————————————————————-

qamar
 Ali Qamar – 
Security Gladiators

“No, fortunately not.”

 

 

—————————————————————————-

Kline

 Evan Kline – 40Tech.com

“A few years ago, 40Tech was hacked  through a plugin I was using on the site.  That taught me how important it is to stay  on top of security updates and alerts.”

 

—————————————————————————-

magid
 Larry Magid – 
ConnectSafely.org

“I’ve had a couple of accounts broken into, and  what I learned is to change passwords  periodically.”

—————————————————————————-

prati
 Soumya Pratihari – 
Techcular.com

“Although my system has never been hacked, as  I take my system security very seriously, once I  got a number of websites hacked. It was because  of an outdated WordPress plugin that had some vulnerabilities, and hackers managed to get access to my web server through it. They started sending hundreds of spam emails from one of my website emails, replaced their advertisement codes with mine, and served some codes to my website traffic for phishing purposes.

It took me a lot of time to clean all those injected codes and get rid of it. The lesson I learned from this incident is that you can’t blame them for robbery when you leave the front door open.”

—————————————————————————-

daniel
 Daniel – 
Appcessories.co.uk

“Yes, unfortunately, and it was definitely a  learning experience! First of all, I learned  about the importance of keeping software up  to date. Hackers have already identified the vulnerabilities in earlier, unpatched versions, and if you’re running old software (like I was), you leave yourself wide open.

Also, I learned to regularly (like, very regularly) check all of my websites and my financial information to make sure nothing looks awry. Not checking on a regular basis can mean that weeks go by without realizing that something’s wrong.

Most of all, though, I learned that with internet usage comes some risk. Unless you pay for everything with cash that you store under your mattress, never have a permanent internet presence, and avoid most of the modern technological conveniences, you’re at least a little susceptible to a hack. However, by being smart and taking the appropriate measures with your internet security, you can greatly minimize this risk.


A Pound of Cure
It’s not fair to paint a picture of the internet as a dark, scary place where you’re vulnerable to cyber-attacks, but the truth is that security breaches and hacks do happen. And while most users are no match for a sophisticated hacker, there are still a lot of measures you can take to reduce the chances that your information will be stolen. Be smart, think before you post, and be your own best line of defense.”