Calling the Internet “The Web” is an apt metaphor for the excitements and pitfalls that the digital wonderland offers. Imagine an ocean of silky strands spanning the farthest reaches of the sightline, intricately woven and inviting as a warm bed. For the most part, it is safe if you keep your wits about you and know where you are going, but there are sticky spots and spider traps ready to ensnare valuable data if steps aren’t taken to prevent it. An ounce of prevention is worth a pound of cure, so here are some tactics to keep in mind from Cybersecurity Guide.

Do you have the password?

It seems like a password is required for everything these days – maybe one day we will need a seven-digit code to grab a glass of milk from the fridge. It is frustrating, to say the least. Yet, password savvy practices are crucial to protect personal devices and accounts online. One way to improve passwords is to use an added layer of access, such as biometric logins or multi-factor authentication. A biometric login uses a fingerprint, facial recognition or the like to access a device or account, which is convenient and useful in physical controls but is considered less secure on mobile devices, as a manual password can still be given instead in most cases.

Multi-factor authentication or two-factor authentication is thought to be more secure, as it requires at least one extra piece of evidence to confirm, typically by sending a single-use code to a user’s phone. Safest use of this practice is not to share the single-use code with anyone and to use approved authenticator apps like Google Authenticator.

Of course, it is the site owner, not the user, that gives the security options and requirements, so creating and managing effective passwords is key. Conventional and researched opinion changes constantly on what makes for a “good password.” Short but complex passwords have been the accepted standard method for a while now, with many organizations requiring passwords of a specified character length, with at least one lowercase letter, one uppercase letter, one number and a special character like a plus sign.

Unfortunately, the requirement for increased complexity often leads to people using the same passwords in multiple places or writing it down, both inadvisable. Two methods being used to combat this recommended by the National Institute of Standards and Technology is passphrases and reputable password managers. Passphrases are longer but easier to remember for the user – something like “rabbit chain hat pan”. It’s relatively easy to remember, four simple words separated by spaces, yet much less predictable than some methods currently used.

Encrypted password managers or password vaults are also helpful, requiring users to memorize a secure, single-master password in order to access all their passwords across various websites and services. There are free versions available for limited features. Dashlane, Keeper and LastPass are some examples to explore. Lastly, if you would like to check the strength of your selected passwords, try a password testing site such as My1Login that will test for common password security mistakes.

Cyber Threats to Consider

As tech becomes more and more complicated, A.I. and other threats make it all the more urgent to stay alert to scamming tactics. Social engineering, Spam, Adware, Trojans, Phishing and Worms are all common cyber fraud tactics that average internet users can face. What forms do these take, and how can you protect yourself? 

Social Engineering, Spam and Phishing

Social engineering hijacks the social aspect of the internet for nefarious purposes, most often seen in social media apps or online dating sites. The main way to stay safe from social engineering is not to assume someone is who they say they are online. Don’t ever agree to meet in person unless with a trusted friend and in a safe public place. Don’t exchange personal info, such as your full name, address, phone number or similar, to someone you do not know.

Spam is similar, mostly limited to emails and phone calls/texts. It may offer a sweet deal on a favorite pair of sneakers you were wanting or mentions low rates on credit cards, loans, phones or any other number of things. Frequently use email blocking filters and don’t open anything suspicious. Phishing is the most common dangerous type of spam, creating emails designed to look like reputable companies and ask for personal information like credit card numbers and passwords. Phishing scams are commonly targeted to young people, as hackers believe they may not have the experience to ferret them out.

Red flags for phishing scams include:

  • Emails in a style to suggest familiarity, yet the greeting is generic.
  • Large-batch emails. Look to see if there is a long list of recipients.
  • Suspicious links. You can hover over a link, and it may reveal the actual destination, but when in doubt, do not click.
  • Fraudulent email address used. An address may attempt to use an email that looks like one sent from a trusted business, but usually you can look up the standard email conventions of a business and see how they match up to what you received.
  • Request of personal information, especially financial.
  • Sense of urgency, encouragement to act or buy as soon as possible.

Malware no more

Adware, Trojans and Worms are all types of malware, which is malicious software or viruses unknowingly embedded into your devices. Adware displays or downloads advertising material on your devices without your knowledge, often coming from free or shared programs in the form of popups. It’s often more annoying than harmful, though it can lead to data being taken from your computer.

Trojans are disguised as a legitimate software to gain access to a user’s system to take control of the computer or steal passwords. Unknown links or documents are a common way to employ Trojans, so try to stick to trusted sources. Worms are the scariest of the three, because they don’t require a host program to operate. They are stand-alone programs that can self-replicate, just like worms. Their goal is to spread through a network and infect as many machines as possible. Use caution when connecting to unknown networks and when file-sharing. Universities generally employ advanced security software to find and eliminate worms and other malware. That said, if you detect malware on a public system, alert the systems administrator.

For those interested in a career in Computer Information Systems and Technology, learn more about Life University’s B.S. in Computer Information Systems and Technology.