1. Don’t click on links you get from people you dont know.
If a stranger walked up to you and handed you a box in the middle of the street, you probably wouldn’t open that, right?
*ALERT ALERT* STRANGER DANGER
2. And even if it LOOKS like it’s from a friend, don’t click blindly if it seems weird!
Make it a practice to ask questions. Should this link be asking you to log into something? If so, try opening a new tab and logging into the proper account, then click the link again. Is it still asking you to login? PROBABLY PHISHING!
Worst thing that happens? You ask your friend if they really sent you that thing, vs. your account gets compromised.
3. Be wary of phishing attempts.
Phishing is a common practice used by scammers to appear legitimate in order to lure people into clicking on their links and entering passwords so that they can gain access to accounts.
QUESTION EVERYTHING! I mean, don’t be neurotic but take a beat and think about what you’re doing before you do it.
4. And the much more sinister SPEAR PHISHING.
Spear phishing builds upon regular phishing by picking specific individuals and doing research on them in order to create the aura that they are who they purport to be. They will appear to be from someone you know and they will use whatever they’ve googled against you.
5. If you think you messed up, don’t wait! Act!
Change your passwords and contact your IT Team immediately! If you think a personal account of yours has been compromised, do your best by resetting passwords, making them unique and complex.
If this is a work account, the quicker you contact IT and the more info you can give them about what happened the better—you might think you’ve hit all the bullet points but they may have more to suggest. Any little detail or information you give them will help them mitigate damage and lock down accounts.
6. Don’t feel stupid!
These things are easy to fall for, and it’s not your fault if you do. Today any one person might have 40 some-odd accounts online, and that’s a lot to keep up with. Don’t be scared to ask questions or hesitate. It’s great to be into new fads and new technology but don’t let it become your master.
Reach out to your IT team to ask any questions you have—they are there to support you!
7. Keep your computer up to date.
Make sure to install any security updates if your computer prompts you to do so. Even if you’re on Apple’s OS X—don’t assume that you’re safe. Updates will also help your computer run better, so usually it’s a win-win. Keep your programs up to date as well, especially things like Java, which are commonly targeted by malware.
Take a page out of Bey’s book and UPGRADE.
8. 2-Step Authenticate Everything.
2-Step or 2-Factor Authentication adds another layer of security by linking your accounts (most commonly) to your phone, so when you log in, it sends you a text with a code to input. So if someone were to get your password, if they don’t have your phone they still can’t log in. Gmail, Twitter, Facebook and many other companies provide an option for 2-Step.
http://twofactorauth.org/ is a good site to reference that lists all current websites/services that support 2-Factor Authentication.
9. Don’t install random programs and make sure to have an antivirus program.
This is sort of a gimme but make sure that you’re downloading Adobe products from adobe.com, Microsoft products from microsoft.com, etc. Make sure that the developer is trusted. Also, don’t just install random plugins when prompted by sites! Pay careful attention to what kind of permissions you are granting them.
New Windows computers these days come with Microsoft Security Essentials already installed. Free Mac OS X options include ClamxAV and avast!
10. Don’t trust things that ask for personal information.
If a stranger came up to you in the middle of the street and asked you for your Social Security number or your password, even if, say, they were wearing a nice professional suit and looked legit, you wouldn’t give it to them, would you?
TRUST NO ONE (without first verifying, of course)!
11. Don’t leave your computer unlocked and unattended.
Make sure to set your screensaver to prompt for a password. But, better yet, when you walk away just lock it. Leaving it open provides an opportunity for someone to jump on, maybe throw in a USB drive that has malicious code on it. You never know!
12. Don’t send money to people you don’t know.
This should be a no-brainer but don’t send money to people you don’t know! If you get an email from someone asking for money and claiming you’ll get yours back tenfold, don’t trust it—this is a very common scam.
Use that money to save up for your retirement instead. Or books. Books are good.
13. Don’t do your banking on public WiFi.
In general, don’t do anything that should be done securely on public WiFi. You have no way of knowing how the network was setup and you never know who could be listening in. Better to save that stuff for home (you do have a password on your home WiFi network, don’t you?)
14. Passwordify your home network!
I wasn’t going to let you get away that easily. Make sure your home router and WiFi is password-protected so sneaky neighbors or sneaky drive-byers can’t just latch onto it. All commercial routers have easy to follow instructions on how to do this that you can find online. Alternatively, you can call most companies on the phone and they can walk you through it (though usually they provide a “free” window when you first purchase it and may charge after 90 days).
15. Ignore random messages on Facebook/Twitter/LinkedIn.
Just like email, scammers use Facebook, Twitter, LinkedIn and other forms of social media to send phishing links and the like. Just because you’re on Facebook doesn’t make you more secure! In fact, it might be a little worse because scammers can glean all sorts of information about you if you’re not careful about your privacy settings.
16. Be on the lookout for different kinds of hacks & question random phone calls.
“Hacks” come in many shapes and forms and can bridge different media. Email, social media, phone, etc. Be vigilant!
If someone calls you and tells you to download and install something, even if it seems like someone you know, or someone in your IT or Help Desk, or EVEN if they say they are from Microsoft, don’t just do it! Maybe even ESPECIALLY if they say they’re Microsoft—they don’t do cold calls for any reason. Question it, especially if they call you up out of the blue. Always contact your IT team to confirm its legitimacy.
17. Speaking of…Get to know your IT Team!!!
Make sure to get to know your IT/Help Desk team at work. Know their names, know their faces, know their voices. Chances are they’ve saved you more than once, and will continue to do so. Use them as your reference and your guide—they are there to help you! Knowing who they are may save you from falling for a scam.
Remember that you’re on the same team!
18. Keep Calm and Check Links!
One of the easiest and silliest ways that scammers fool people is by including a link to a known site but it actually goes to a different link entirely. So it might LOOK in the email like they’re sending you to http://www.legitcoporation.com but the link will terminate in http://www.iwanttostealyourpassword.com. Always make sure to check the URL bar (where you type website addresses in) before you enter in credentials. You can also check the URL before clicking the link from your email, as in the picture.
19. Make your passwords unique & complex.
The BuzzFeed IT Team recommends using a mixture of UPPERCASE letters, lowercase letters, ##NUMBERS##, and @$%SYMBOLS^&*. I know this totally sounds complicated BUT, here’s an easy way to do it. Choose a word at random (maybe something on your desk? Stickers? Rain? Flags?) then add a 4-digit number (2000? 2040? 1997? 1415?) and then tack on a symbol (#? $? Maybe even an exclamation point!!!)
Additionally, use unique answers to security questions that ask for information in the public domain (birth city, mother’s maiden name, etc.) — that’s how Sarah Palin’s hotmail got hacked in 2008!
20. Use a password site.
Keeping track of all the passwords in your life is *A STRUGGLE* but thankfully there are sites out there that can help you! The BuzzFeed IT Team recommends LastPass, or Dashlane which has a handy mobile app. These kinds of sites allow you to create an account (ugh, I know, but stay with me!) and will encrypt your password set. Even better, many will allow you to use your Gmail (or whatever) password to authenticate (which is great because you have 2-Step set up, right?) and then the only thing you need to remember is your encryption key. The BuzzFeed IT team uses these sites to suggest complex, unique passwords and then will just use them when they need to.
21. Change your passwords every couple of months.
What’s worse than having 40 passwords to remember? 40 passwords that you need to change every couple of months! But don’t worry, because by now you’ve set yourself up on a password manager. You will look into the pit of doom and spit, for you no longer cower in the face of passwords. YOU ARE THEIR DESTROYER!
22. Go Forth, You Secure God/dess, You!
For today, you are just that much more armed in the battle for internet security.
Author’s note: This is definitely a good start in keeping yourself safe but the Internet is an evolving landscape and I will update this with new information, tips and tricks as necessary.