Four Steps to Staying Safe Online

As technology gains a more important role in our lives, it also grows in complexity. Given how quickly technology changes, keeping up with security advice can be confusing. It seems like there is always new guidance on what you should or should not be doing. However, while the details of how to stay secure may change over time, there are fundamental things you can always do to protect yourself. Regardless of what technology you are using, or where you are using it, we recommend the following four key steps:

  1. Recognize that you are a target to cyber criminals. And keep in mind that technology alone will never be able to fully protect you. Attackers have learned that the easiest way to bypass even the most advanced security technology is by attacking the individual user. Using social engineering, cyber criminals will try to find a way to get to your password, credit card, or other personal data. For example, they can call you pretending to be Microsoft Tech Support and claim that your computer is infected so that you will give them access to your computer. Or perhaps they will send you an email explaining that your Fedex, UPS, or Amazon package could not be delivered, and ask you to click on a link to confirm your mailing address. In reality, clicking on the link will take you to a malicious website that will cause your computer to be infected with programs that can capture all of your keystrokes and thus record the websites you visit, including the user names and passwords you use. Ultimately, the greatest defense against attackers is you. Be suspicious. By using common sense, you can spot and stop most attacks.

  2. Use strong, unique passwords. The next step to protecting yourself involves using a strong, unique password for each of your devices and online accounts. The key words here are strong and unique. A strong password is one that cannot be easily guessed by hackers or their automated programs. Tired of complex passwords that are hard to remember and difficult to type? Use a passphrase instead. A passphrase is a series of words that are easy to remember such as Where is my coffee? The longer your passphrase is, the stronger it is. Having a unique passwords means using a different password for each device and online account. Unique passwords are important because they provide you with an extra layer of protection against cyber criminals. If one password is compromised, all you other accounts and devices are still safe. If the idea of using a unique password for each account and device is intimidating, consider using a password manager, which is a specialized application for your smartphone or computer that securely stores all of your passwords in an encrypted format.

  3. Update your software. Make sure your devices (both work and personal) are running the latest software versions. Cyber criminals are constantly looking for new vulnerabilities in the software your devices use. When they discover a vulnerability, they use special programs to exploit them and hack into the devices you are using. Meanwhile, the companies that created the software for these devices are hard at work fixing the vulnerabilities by releasing updates. By ensuring your computers and mobile devices automatically install these updates, you make it harder for someone to hack you. To stay current on software updates, enable automatic updates whenever possible. This rule applies to almost any technology connected a network, including internet connected TVs, baby monitors, home routers, gaming consoles, or perhaps even your car. If your operating systems or devices are old and no longer supported with security updates, we recommend you replace them with new ones that are.

  4. Back up your devices. Sometimes – no matter how careful you are – you may get hacked. If that is the case, often your only option to ensure your computer of mobile device is free of malware is to fully wipe it and rebuild it from scratch. The attacker might even prevent you from accessing your personal files, photos, and other information stored on the hacked system. Often the only way to restore all your personal information is from a backup. Make sure you are doing regular backups of any important information and verify that you can restore from them. Most operating systems and mobile devices support automatic backups. In addition, we recommend you store your backups either in the Cloud or offline to protect them against cyber attackers.

Contact the UT System Administration Information Security Program at infosecurity@utsystem.edu if you have questions about any of the above suggestions or read the October OUCH Newsletter for a list of resources.