There’s no doubt that 2016 was a turbulent year for the Internet. A record number of large scale hacks and data breaches exposed consumers to the darker side of the online world, with 4,149 breaches uncovering over 4.2 billion records of personal data. That’s almost 3.2 billion more records than the previous all-time high of 1.1 billion from 2013.
The last year has also demonstrated how vulnerable every single one of us are to cybercrime, with even influential tech figures such as Facebook CEO Mark Zuckerberg becoming the victim of a hack.
Moreover, huge global companies were hit too. Yahoo! suffered a devastating breach that exposed over one billion user names, email addresses, phone numbers, dates of birth, passwords, security questions and associated answers.
One of the key causes for this growing threat is that we live in a ‘technology-first’ age, where we look for the easiest and quickest way to live, work, and communicate. Digital devices and online tools are now integrating into our personal and professional lives, whether it’s connected coffee machines and smart bulbs, to core tools such as our email addresses and online shopping.
The Internet of Things (IoT) has endless possibilities, and while it’s great for consumers, it also plays heavily into the hands of potential hackers. If one account or connected device can be hacked then it often creates a domino effect that can be difficult to counteract.
What is clear however, is that now is the time for consumers to take measures to protect themselves. You insure your car or your home because of its value, but why not your online identity? It is often easier than you think, as our ten simple tips to help keep you and your personal information safe online show:
1. Disable autofill on your browser
Autofill automatically completes form fields when pages load, such as your address and card details, and almost all of us are guilty of using it. The danger however is that hackers can obtain this information in a number of ways, as can thieves if they physically steal your device. It’s best to avoid storing your details on websites and just take the time to add them manually when purchasing online.
2. Passwords - don’t make it easy!
Make passwords difficult to crack. Simple words like ‘password’ could turn into ‘pA5sw0rD!’, making it harder for anyone to decipher by creating a ‘Strong Alphanumeric’ password, substituting letters for numbers, hashtags, or punctuation. Also make sure you change your passwords regularly, and never use the same one across multiple different devices or sites.
3. Use a nickname if possible
Your full name has a lot of value - even if you may not think so! People are more inclined to use their full name online, especially on social media, but using a shortened version - or a nickname - will make it harder for hackers to find other accounts that are associated with a person, which helps to contain the ‘fire’ if you are hacked.
4. Use two-factor authentication whenever possible
Two Factor Authentication, also known as 2FA, TFA or two step verification, is an extra layer of security you should always choose. The process requires a regular password as normal but it also asks the user for a secure login code, usually provided in a text message, before you can gain access to the account.
5. Signup for login notifications
This one is exactly what it says on the tin. Login notifications alert the account holder when someone tries logging into your account from unrecognised devices or browsers. These alerts can come from web browsers, emails or texts depending on which method you prefer. You can usually activate these alerts in the security settings of most banking or social media sites.
6. Increase junk filtering and avoid clicking through on emails
Changing the level of spam that gets into your emails can be a simple yet effective way of protecting yourself from hacks. Increasing automatic filtering can help you avoid questionable mail that might look authentic, but is in fact a phishing scam. Often hackers mimic big companies like Apple or PayPal stating that users need to verify purchases, so don’t get caught out. If in doubt, contact the company directly for confirmation.
7. Avoid free Wi-Fi and disable it when not online
Data-hungry mobile users can now access free wireless connections in almost every public space or business, but few are aware of the potential risks. Often these free networks aren’t password protected and that means that once you’re connected up it can be a gateway for hackers to gain access to everything else that is stored on your mobile device or laptop. Try to avoid public Wi-Fi where possible, and keep it turned off when you aren’t using it to stop any automatic connections.
8. Check the HTTPS access
HTTPS is also known as HTTP over TLS, HTTP over SSL, and HTTP Secure. It’s a widely used web protocol that adds security and encryption over computer networks, but you might recognise it as the little padlock that appears on certain websites! It’s a system that authenticates sites and blocks anything that might put you at risk, so when you’re shopping online always check for the HTTPS access as it’s almost always a sign you can trust the service.
9. Use a firewall, anti-virus program and anti-spyware software
Firewall, anti-virus and anti-spyware programs help keep computers and laptops safe, and should be used wherever possible. They help control incoming and outgoing network traffic to your computer, stopping unauthorised users from gaining access. Most operating systems come with a firewall but you can install additional antivirus programmes such as AVG, McAfee or Norton, and there are a wide range of anti-spyware products available as well.
10. Check if your details have already been stolen
The final, and arguably the most important step, is to check if any of your details have already been compromised. Contrary to popular belief, you don’t have to wait until you’ve been hacked to find out if your details have been stolen. There services you can use, such as OwlDetect, that monitor, detect and alert you if your details are available online and could be in the wrong hands. OwlDetect covers everything from email addresses and bank details to credit card and passport numbers for a fee of £3.50 per month, but there are free services that can also check some information. HaveIbeenPwned, for example, checks email addresses.
Across all of these tips there are two common themes. The first, as I’ve already mentioned, is proactivity. You can’t assume companies, websites or the government will be able to protect your personal information, so it’s vital that you take steps to help counter the threat. Don’t wait for an attack before you build your defences. The second theme is that they are easy. All of the steps above are quick, easy and cost effective, so there really is no excuse not to act. Bury your head in the online sand and you could end up paying a heavy price.
Professor Richard Benham, advisor for OwlDetect