Online security is no longer just for your IT guy. Studies show that the average American is more worried about being hacked than robbed, a sure sign that recent data breaches have infiltrated the public psyche.
Luckily, security programs are a lot more sophisticated and accessible than they used to be. Two-factor authentication and similar methods once considered to be high-level security protocols are now everyday IT solutions. In fact, there are many low-cost or free IT services that protect internet users’ personal data.
If you want to move hacking down your list of potential boogeymen, check out this layman’s guide to proactive IT security solutions.
Invest in a two-factor authentication program
Have you ever tried to log into a website or app and received a notification that you were being sent a separate verification code as well? Then you’ve witnessed two-factor authentication at work.
2FA is one of the simplest IT solutions available for securing your password against data breaches. When you have 2FA turned on, your accounts need more than a username and password to let you in—usually, they’ll require a one-time token sent to a particular device to which you have access. This extra layer of authentication ensures that someone can’t access your account with stolen credentials.
Many programs and operating systems already have an optional 2FA feature. For instance, you can set up Google’s 2-Step Verification for your email and Google Drive accounts by visiting your account security settings. (For more on individual 2FA settings for common apps and services like Google, Facebook and Instagram, check out PC Magazine’s extensive article on the topic.)
That said, it may be easier to simply invest in a single 2FA service for all your logins. Cloud-based authentication services like OneLogin generate single-use password strings every time you attempt to log into one of your registered accounts. To access your Facebook account, for example, you’d need your email address, your Facebook password and a one-time code, which makes it much more difficult for other people to steal your credentials.
Add an encryption extension to your browser
Imagine two people having a private conversation in a busy restaurant. They could keep their voices down and hope no one is close enough to overhear, or they could use a special code to ensure no eavesdroppers listen in.
Now imagine those two speakers are your device’s browser and a website to which the browser is connecting. In this scenario, HTTPS is that secret code. Officially, it’s a secure protocol that encrypts data sent from your computer to the websites you visit.
The trouble is that some sites don’t use HTTPS faithfully. Instead, they turn to its unencrypted twin—HTTP—in hopes of avoiding performance issues like the slight latency that comes with encryption. But HTTP comes with a major drawback: All information is sent as plain text. If that text includes your credit card details or other personal information… well, you can easily see the problem.
Installing a browser extension like HTTPS Everywhere will automatically activate HTTPS on websites that support it, making your personal information that much more secure. No more broadcasting your credit card number to the masses!
Subscribe to a personal VPN service
It may seem convenient to use the public Wi-Fi at a coffee shop or hotel (after all, who wants to eat up data when they don’t have to?) but you risk paying the price in security. Although public Wi-Fi seems innocuous enough, there are couple of ways that unsavory characters can hijack these networks to steal personal data.
First, there’s the infamous man-in-the-middle attack in which a hacker essentially “listens” to the data you send over the network. By using particular hacking software, this “man in the middle” can eavesdrop on wireless signals that will subsequently allow them to access any data you download or upload to the network, including web pages, site credentials and logins. Bet you’ll never check your bank account at a Starbucks again!
Other methods of attack are more obvious but just as malicious. For instance, a hacker might set up a fake Wi-Fi network and name it something like “hotelguests1” to trick you into logging on. This technique is called Wi-Fi spoofing, and it’s more common than you might think.
For better public Wi-Fi security, you may want to invest in a personal virtual private network (VPN). These IT solutions generate a virtual peer-to-peer connection that is much more difficult for intruders to intercept. Although that extra layer of security doesn’t come for free, most individual VPN plans go for around $2 to $10 per month—a small price to pay for peace of mind.
Impressions belong on “Saturday Night Live,” not in your email. Unfortunately, impersonation scams are fairly commonplace… and we’re not just talking about the kind that involve posing as Nigerian princes. Last year, a wave of calls and emails went out from scammers pretending to be the IRS and threatening jail time unless recipients made an immediate tax payment. Sadly, some of the people who received these calls were ultimately defrauded.
Keep in mind that any organization can be impersonated, with scammers typically choosing to exploit services you use all the time by creating emails designed to mimic the logos and communication styles of Apple, Netflix and the like.
To protect yourself from scammers, never click on a link from an email—ever. Instead, copy and paste the link so you can see if the URL is legitimate (for example, if the email purports to be from Netflix, the link it contains should start with www.netflix.com). Additionally, never give out your personal information over the phone or via email, and if you suspect suspicious activity, follow the Consumer Financial Protection Bureau’s advice and reach out to local police or your state attorney general.
Ready to stand up to the specter of personal data theft? Download our Cyber Security Infographic to learn more about hacking and how you can protect yourself against it.