Life moves fast, and it seems like hackers move even faster. Before you roll your eyes at the thought of another cybersecurity article, just wait. This article contains important information, not only on steps you should take, but how hackers are able to get your passwords and sensitive data. We have shared the steps they actually take in the hope that when you see how easy it is, you will take the necessary measures to protect yourself.
Tip 1: Encrypt your web-based e-mail with Mailvelope (www.mailvelope.com). You can encrypt every e-mail you send fairly easily, but encryption is especially important if you use that e-mail to communicate sensitive data. Mailvelope is a PGP encryption provider for webmail that works with Gmail, Yahoo, Outlook.com, and more. It is an extension, or “add-on,” to your browser that expands its functionality. It works with Firefox and Chrome web browsers.
Tip 2: Do the two-step. No, we are not talking about the Texas two-step, but rather the two-step verification process. If the website or application you are using offers it, then use it. Two-step authentication (sometimes referred to as two-factor authentication) is a security process in which the user provides two different authentication factors. The first is generally your username and password. The second is usually entering a code that is sent to your phone or e-mail when you request access and that must be entered within a certain time frame in order to gain access.
Bonus tip: It often happens that two-step verification will send you a code either via text, e-mail, or by phone call. In our experience, text and phone call have been significantly faster than e-mail and do not run the risk of being caught by a spam filter. Save yourself some time when logging in by choosing to receive your code via text or telephone.
Tip 3: Whenever you are on a shared computer, work in the “private” or “incognito” Internet window. Working in a private browser, or incognito window, allows you to browse the web, and access your accounts, without leaving a trail. It is important to realize that browsing in private mode will not prevent your Internet provider or your work from knowing what websites you are on, so don’t go anywhere inappropriate and expect to be protected. What it does is prevent the browser from recording where you are going, so you won’t find a trail in the “history” folder. Also, the browser will not store your username and password in this mode, so you do not need to remember to clear the history folder when you are finished. This is useful on public computers, if you are checking something in the business center of a hotel and such.
Tip 4. Avoid storing passwords and usernames in your web browser. It can be very tempting to keep your username and password stored in your web browser. Every time you log in, the browser pops up a window asking if you would like it to keep your username and password stored for faster log-in. Sure, you think to yourself. Time is money, and letting my browser fill in my username and password is rather convenient. However, if your computer is ever compromised and accessed remotely over the Internet, an unauthorized user will have immediate and complete access to your online accounts. Sometimes, there are unauthorized users roaming around your office. In this instance storing your passwords can lead to unauthorized access anytime you walk away from your computer. To see how easily hackers can access someone’s password when it is stored in their browser, check out this article from Credera, here.
If you are hesitant to turn off storing passwords because you are worried that you will forget and be unable to access your accounts, you can export all your currently stored passwords to an Excel spreadsheet, enter them into a password-storing app or web service, or keep it in a secure drive, so you only need to remember one password. If you are a Chrome browser user, you can export your username and passwords by going to Settings > Passwords, from here you will click the three stacked dots above your saved passwords list:
Clicking the three dots pulls up a menu option to Export Passwords. For security, your web browser will ask that you enter your computer access password before it will export the data. It will also warn you that anyone who can see the file will have access to your passwords, so make sure you keep the file in a secure location. Enter the passwords into a secure app or database, then destroy the file when you are done.
Tip 5: Trust, but verify. Hackers have engineered ways to e-mail you compromised files wearing a mask of a name in your contacts list. Attacks like this are commonly referred to as “social engineering.” This works particularly well when the hackers use the name of a firm partner, client, or senior colleague. Usually the e-mail contains a file, with little or no text explaining the nature of it. You may get a short message such as “check this out” or “review please.” Then, when you click the link to download the document, entering a username and password, the hacker has what he or she was after. You have either downloaded malicious software or backdoor access to your system, or they have your commonly used username and password to try and gain access to your accounts.
You can protect yourself by sending a quick e-mail to the sender, confirming he or she has sent you a file to review. It is okay to decline a request in order to keep your data, and your clients’ data, secure. This quick maneuver can save you a lot of headaches.