 |
Tips For Staying Safe Online
Email- Details
- Published: Friday, 27 November 2015 14:00
Internet 101
The Internet was originally invented to share information between military establishments in the 1950’s, and later to share information between universities in the 1980’s. However, throughout the past two decades, the Internet has changed immeasurably and adapted to the devices and people that use it. It has also been transformed by the ‘mobile Internet’ and by the minds of inventors who continually think of new and exciting ways to use it.
It’s clear that the Internet is great and is changing the way we communicate. However, as with everything new or developing, there are always bad people lurking around who are constantly thinking of new, more covert, intentionally deceptive, and sometimes 'ingenious' ways of exploiting people online. So even though the game is constantly changing, there are still some basic rules for staying safe when using the Internet to browse websites and use online services.
Being Safe Online
Some general ‘safe practice’ tips for children are below. After that, the rest of this article contains advice on the general habits anyone can adopt to keep themselves and their personal information safe. Continue reading and you’ll discover just how hackers manage to get into the lives of famous people! Then you can follow our tips to ensure the same doesn’t happen to you or your children in the future.
GENERAL SAFETY ADVICE FOR CHILDREN
- Never post personal information online like your home address, phone number, age or e-mail address.
- Think carefully before posting pictures or videos of yourself. Once you’ve posted a picture of yourself online, you can never be sure who can and cannot see it, and you can’t stop people from showing it to other people. Once you post something on the Internet, it's not yours any more.
- If you are using social media, keep your privacy and sharing settings as high as possible. Set every post to 'Friends Only'.
- When choosing a password, make it difficult to guess and never tell anyone what it is. See the section below on Strong Passwords. Also, try to use a different password for different websites.
- Remember that not everyone online is who they say they are. It is very easy to create fake user accounts on most websites. So never speak to people online who you don’t know in real life. If somebody comments on something you have written and you don’t know who they are, just ignore them.
- If you have spoken to someone online that you do not know in the real world and they suggest meeting with you in real life, do not meet up with them under any circumstances. Speak to your parent about anyone who suggests meeting up with you in real life.
- If you see something online that makes you feel uncomfortable, unsafe or worried, leave the website, turn off your device and don’t feel embarrassed to tell a trusted adult.
- Think carefully about what you say before you post something. Once you’ve said it, the post can never really be deleted or forgotten, and you may get into trouble for what you have said.
- Respect other people’s views and comments. Even if you don’t agree with someone else’s view, it doesn’t mean you can be rude or offensive.
- Never open attachments or click on links in e-mails from people you don’t know. Doing this could damage your device or let someone take control of it.
UPDATES
How often have you ignored that little red badge on the App Store icon or the Settings icon, telling you there are updates available for your apps or your iOS? Updates are not always about giving you new functionality or improving apps – they are also about fixing bugs, securing vulnerabilities and keeping you safe.
As a software developer, no matter how much testing you do with your app before launching it, there will always be ‘something’ you or your test team did not find. And that something might be a BIG security flaw in your app. The reason the test team didn’t find it is all about numbers…
If you have a team of fifty people and you ask them each to choose a set of lottery numbers each week, the chances are the team are never going to win the lottery. However, if you ask a whole nation (or even the world) to all choose lottery numbers, you will nearly always have a winner each week. The same is true of software testing – a million people using your app will find some way of using it that you or your team never thought of.
For you as the user/consumer, it is frustrating when a new app has a fault with a certain feature, or that you have to download an update for an app less than a week after you have installed it for the first time. Anyone would much rather be chatting to friends online, shopping for Christmas presents, or watching the latest viral video rather than downloading updates. Nevertheless, you should take updates seriously because they fix problems and keep you safe. And they sometimes deliver cool new features too!
TIP: Make a habit of installing updates just as you plug your device in to charge before going to bed. Plug your device in, open the App Store, go to Updates and touch Update All. Then lock your device and turn off the light… Your device will merrily download all available updates whilst you sleep, keeping you and your data safe.
USE STRONG PASSWORDS
 Microsoft's Password Strength Checker |
Using strong passwords makes them difficult to guess by humans and harder to guess by ‘password cracker programs’. But what are 'Strong Passwords'?
There is a lot of different advice on how to choose a ‘strong password’, but some basic rules are: NEVER use names of pets, favourite colours, favourite bands, places you were born/grew-up/went to school, mother’s maiden name, or anything about yourself / your history.
TIPS:
- Use three random words like jumpmatrock
- Try to use a different password for each site. Sounds impossible, bit to make this easier for you, make the three random words something you think about when you visit a site. So jump-mat-rock might be for a climbing website.
- Replace some letters that look like numbers with their number counterpart: jumpm4tr0ck
- Use some capital letters, but not everywhere. So in this example, the first word doesn’t have a capital: jumpM4tR0ck
- Add a character or two that is not a letter or a number: jumpM4t+R0ck=?
There you have it! You could use the same character and capital letter format * you have chosen for other website passwords. So your password for Twitter might be b1rdM4k3+Add=? (bird-make-add, because the Twitter bird makes friends by adding them as followers!)
* Same format of capitals on 2nd and 3rd words, and same + =? characters used:Make up your own formula and it soon becomes easy.
- jumpM4t+R0ck=?
- b1rdM4k3+Add=?
Once you have chosen your password, practice typing it on your own a few times until you can type it smoothly, just like you would practice a signature. Obviously, make sure nobody can see what you are typing.
SECURITY QUESTIONS - The Hacker's 'Back Door'!
Security questions are questions that you usually answer when you create an account with a website for the first time. They are used to gain access to your account in case you forget your password. Now here lies the secret of hacking into someone’s life…
You will no doubt have seen countless articles in the news where celebrities have had their mobile phones hacked into and had photographs stolen. Or maybe a politician who had their social media account hacked and someone posted something slanderous about another person, making it look like it came from the hacked politician.
You may have an image of the hacker as someone who is a mathematical genius, who lives in a world of ones and zeros and, like in the movies, can decrypt 256bit encryption whilst eating a quarter pounder! Well, the answer is… (drum roll…) they used Google!
When the security questions are: “Who was your favourite teacher at school?” “What is your mother’s maiden name?” “What is your favourite food?” “What was the name of your first pet?”… For the poor celebrity who answers these questions honestly, it doesn’t take long for the amateur hacker to find the answers using Google. When they do, they can use the answers to gain access to the celebrity’s e-mail account. Once they have access to the e-mail account, they can probably reset the password to the celebrity's phone/device backup that is stored in ‘the cloud’. They can then use this backup to ‘clone’ the celebrity’s device and get a whole treasure-chest of photos and e-mails! They could also use their access to the e-mail account to reset the passwords for all the celebrity’s social media accounts, passwords for online shopping services, etc, etc. With online shopping services, once they have access to these, they can probably gain access to credit card details as well.
As you can see, this is a nightmare on reality street!
TIP: Never answer security questions truthfully! If the question is “Where were you born?” then answer “Jupiter”! The more ridiculous your answer, the easier you will remember it. If the question is “Who was your favourite teacher at school?” then answer “YouTube”! And if someone you know asks you any of these questions in real life, be very suspicious of their intentions because, unlike the celebrity, they probably can’t find all the answers about you via Google!
LINKS / ATTACHMENTS IN E‑MAILS
NEVER click on links or attachments in an e-mail unless the e-mail is clearly from somebody you personally know and there is some form of conversation from that person to you.
If a spammer gets access to your contacts, or maybe they manage to gain access to the contacts of a friend of yours, they can then see that you and your friend are mutual contacts. Then the spammer can easily ‘spoof’ your friend’s e-mail address to make an e-mail look like it came from your friend. All they have to do then is attach the malicious link or attachment and wait.
TIP: E-mails with nothing more than, “Hey, look at this!” and a link or attachment should get alarm bells ringing, even if they are from a friend. If in doubt, speak to your friend before opening the link or attachment.
TIP: Never, and that is NEVER, click on a link in an e-mail from any bank or financial institution. If you receive an e-mail from a bank or financial institution (or any online payment service like PayPal - click on the image above to enlarge an example) which claims you need to click a link and log-on to do [a,b,c] because of [x,y,z], always open your browser and type the website address of the institution into the address bar before logging on. Then you can be sure you are typing your username and password into the legitimate website for that institution. Also, as covered in the ‘Further Tips’ section below, always check for the ‘s’ in https://
AN E-MAIL ADDRESS IS FOR LIFE, SO CHOOSE CAREFULLY!
Most parents reading this will probably already have an e-mail address of their own. However, when it’s time to choose an e-mail address for your child, consider that the e-mail address you choose is probably for life. It’s true! Once you create an e-mail address, nobody else can register to have that address. Obvious, I know, but there is a reason you will probably be stuck with it for life...
Once you start using an e-mail address, people will start copying you in on group e-mails. This means other people will soon have your e-mail address as well. After a while, if you decided you wanted another e-mail address, the chances are that nobody you know would use it. All of your contacts would still keep sending e-mails to your old e-mail address which means you would have to monitor both e-mail addresses, which will soon make you wish you had stuck with the original one!
With all this in mind, 90% of people keep the same personal e-mail address for life. Yes – they have different ones for the companies they work for, but their personal address remains the same. So imagine your child is applying for a job in the future and their e-mail address is funny.badger@somedomain.com. Not very professional is it? They will soon wish they had chosen something more suitable.
TIP: When choosing an e-mail address, try to use your name. However, the chances are it will already be taken with the big, free e-mail companies: Yahoo, Google, Hotmail, Outlook, MSN, etc. So you may need to ‘shop around’. If you are really stuck, try different ways of splitting your name like brian.smith, brian-smith, brian_smith, or brian.s, brian-s, brian_s etc.
TIP: DO NOT use any part of your date of birth in your e-mail address. brian.smith2003@somedomain.com makes it easy for people to learn something about your identity.
Further Tips
TIP: Look for the ‘s’ in https: If you are visiting any website that needs a username and a password to log on, check the web browser address bar reads https://www.somedomain.com and not http://www.somedomain.com. This ensures your connection is secure and encrypted using a certificate.
TIP: Avoid signing-in to any website when using unsecured WiFi, like at a coffee shop. Unsecured WiFi (WiFi that doesn’t need a password to connect) can be monitored by anyone else in the coffee shop. There are various tools (mostly illegal ones) that can be found on the Internet allowing a hacker to capture the data your device is sending to the Internet over the unsecured WiFi. This can enable them to ‘see’ what you are doing online and, in some cases, assume your identity to access the website as you.
TIP: Cover your hand over your device or try to shroud it from view whilst typing any usernames, passwords or PIN numbers in a public place. CCTV is everywhere these days and hidden cameras are used by hackers to film people using devices in public places. Once your password is captured on film, no matter how fast you typed it, the attacker can replay the video to discover it.
TIP: Never give out your address online. Only enter your address online for things like online shopping (so items can be delivered to you), or for official documents to be sent to you (for example, insurance documents).
TIP: Never ‘check-in’ to places like airports or travel destinations on social media. Burglars monitor these types of 'public pages' because they give them a clear window of opportunity to find your address online and break into your home. Also, never post holiday pictures online until you are home. This is for the same reason - ‘Friends of Friends’ will most likely be able to see your holiday pictures once a friend comments on them. Then they will also know your home is un-occupied and you have no idea who these people are.
TIP: Never give out your phone number online. If a website sign-up page makes a phone number field ‘mandatory’, but you do not want them or anyone else to call you, then use a fake number like 01234567890.
TIP: Beware of sites that have pop-ups that look like alerts or buttons. We have all seen the pop-ups telling you that some piece of software is out of date with an 'Update Now' button. NEVER click ANYWHERE on these types of pop-up. Don't even click on the X button in the corner of the pop-up window (or a 'Cancel' button) to close it. Simply close your browser, launch it again and go to a different web page. If you are concerned that a piece of software on a regular Mac/PC may need updating, open that software/app and look for the 'Check For Updates' menu option. If it is a browser plug-in, go to the website for that plugin and install the latest update from there.
NEVER click on 'update required' alerts within a Browser.
Conclusion
This is not an extensive list and we may update this article in the future. For now though, it should give you an idea of where to start.
The world of online security is a multi-million £/$/¥/€ business and it changes hourly! And on the flip-side, online fraud is also a multi-million business for the criminals who operate in that world. With both these facts in mind, it is clear that the issues of being safe online are never going to go away.
Be smart, be safe and be vigilant. Update your software regularly, never use the same password for all websites, never answer security questions honestly, be suspicious of every e-mail you receive and change your passwords often.
