How to Protect Your Online Security - Pillar 4: Securing Yourself
This article is part of a series on online security. In our last post, we explored ways to protect the communication channel between you and your online accounts. In this post, we will explore ways to secure yourself.
PILLAR 4: Secure yourself from unauthorized internal access
Much of the focus of IT security is on protecting you from outside actors when in reality your weakest link is you and those closest to you. Here are two scenarios:
1) You receive a very authentic looking email from an online service that you use. It contains a link that you click. You are asked to enter your password to access the site. You do.
Or consider a variation on this scenario: someone gives you a USB key that contains a presentation they want you to copy to your computer. Unbeknownst to you, the file is infected, or the USB key self installs a malicious file on your computer.
2) You bring your work laptop home one evening. You step away for a few minutes, not locking your user account when you do (because, let’s face it, who does that when they are at home?). Your nine year old gets on your computer, opens a web browser, and accesses what he thinks is a legitimate site. Unbeknownst to him, that site has been compromised by hackers. Your kid clicks on a link on this site. At that moment, you return to your computer, shoo your kid off, and carry on with your work. What you don’t know is that your machine is now infected with malware because of the link your child clicked. That infection can range from innocuous (ex. changing your search engine to serve you different ads), to the serious (ex. accessing your video camera and microphone or tracking your keystrokes).
Your protection against scenario 1 is very old-fashioned: Stop, breathe, and don’t work so fast. Think for a moment before click-click-clicking away. Always remember that your IT provider may have installed protections on your computer, email servers, and networks, but none of these provides 100% protection. If you receive an email purporting to be from an online service you use, asking you to log into your account, just don’t click on the link in that email. Open a web browser and type in the site address manually, log into your account, and see if anything is being asked of you.
Your protection against scenario 2 is very simple. Lock your devices every time you step away from them, and don’t share those passwords with anyone.
This article concludes our series on online security. If you’d like further guidance on the topic, contact us here.