While cybercrime is constantly evolving, the good news is there are a few simple security measures anyone can take to increase their online security, whether they have a doctorate in computer science or a hard time printing attachments from their Hotmail account.
First and foremost, experts agree using strong, unique passwords is the easiest way for an internet user to protect their personal and financial information online. A strong password is typically at least 15 characters long and includes letters, numbers, and special characters.
Another pro-tip is never to reuse passwords. This is because one of the easiest ways hackers gain access to a user’s confidential information is by getting their usernames and password combinations from one source, say an email provider, and trying those same combinations elsewhere, for example on major banking websites.
To make things easier, Microsoft, Apple and many other third-party developers offer password manager software that can help keep track of hard to remember passwords. Several free password managers can be downloaded.
The last thing to keep in mind regarding log-in information is to make sure and set up multifactor authentication (MFA) for email, banking, and basically any other online account that offers it.
MFA is a security measure that requires multiple types of credentials to access an account. It is so effective (Microsoft reported that MFA can prevent over 99.9% of account compromise attacks) because it requires information to log in that hackers are not likely to have. For example, a hacker may be able to steal a username and password, but it’s not very likely that they’ll have access to that person’s phone, and nearly impossible for them to obtain the person’s fingerprint or face scan.
Another way to stay safe online is by installing antivirus software and keeping it up to date. Antivirus software not only fights off computer viruses but also protects against ransomware attacks that encrypt a user’s files, trojan horse programs that steal private information, and many other nefarious kinds of online attacks.
A couple of other pieces of advice from the experts are remember to regularly clear browsing data and turn off an internet browser’s save password feature. While unlikely, saved searches, history, and login information can potentially be compromised.
Finally, it is probably a good call to use a virtual private network or VPN whenever connecting to the internet from a public wi-fi network such as at a coffee shop or in a library. A VPN encrypts internet traffic, routing it though a private server, which makes it difficult even for an owner of a free Wi-Fi network to access a user’s data.
For a better understanding of cybercrime, below are some commonly used terms:
Cloud – A technology that allows access to files and/or services through the internet from anywhere in the world.
Domain – A group of computers, printers, and devices that are interconnected and governed as a whole. For example, your computer is usually part of a domain at your workplace.
Virtual Private Network (VPN) – A tool that allows the user to remain anonymous while using the internet by masking the location and encrypting traffic.
IP address – An internet version of a home address for a computer, which is identified when it communicates over a network.
Breach – The moment a hacker successfully exploits a vulnerability in a computer or device, and gains access to its files and network.
Firewall – A defensive technology designed to keep the bad guys out. Firewalls can be hardware or software-based.
Malware – short for “malicious software,” refers to any intrusive software developed by cybercriminals.
Virus – a type of malicious code or program written to alter the way a computer operates and is designed to spread from one computer to another.
Ransomware – a type of malware that threatens to publish or blocks access to data or a computer system, usually by encrypting it, until the victim pays a ransom fee to the attacker.
Phishing attempt – Often disguised as a trusted organization, the attacker delivers a message to a list of phone numbers or email addresses, usually with a call to action which requires login information and a fake website where the user is expected to provide that information.
Spear phishing – Similar to phishing, but it is targeted at a specific group of people using personalized messages. Hackers may glean information from social media accounts or other sources to personalize these messages and make them appear more trustworthy.
Trojan horse – A piece of malware that often allows a hacker to gain remote access to a computer through a “back door.”
Keystroke logging – The attacker installs a program (usually a virus) that captures keystrokes from the user’s computer, including passwords, sites visited, and usernames.
Brute force and counter brute force attacks – The attacker uses software to rapidly test a variety of common credentials (e.g., Password123) in an attempt to gain access to sites and applications.
Spyware – A type of malware that functions by spying on user activity without their knowledge.
Read about cybersecurity practices, education, and research at WSU.
Other resources
Keep it secret, keep it safe: A beginner’s guide to web safety (Ars Technica)
Important privacy settings (Washington Post)