TORONTO – Tuesday is Safer Internet Day, a worldwide campaign generally aimed at discussing issues younger generations are facing online – from cyberbullying, to privacy concerns. But following a year of hacking scandals and security flaws, many Canadians would agree that a “safer” Internet starts with protecting their own information.
READ MORE: How parents can help kids stay safe online
Many tech companies are using Safer Internet Day as a platform to remind users to revisit their security settings.
Google, for example, has a reminder on its homepage encouraging users to go through a two minute security checkup, which walks you through recent account activity and permission settings.
Security experts are also taking the opportunity to encourage all web users to educate themselves about online scams and security issues.
“People should know what personal information they have on the Internet,” said Alexander Rau, national information security strategist at Symantec Canada. “In the world that we live in today, it’s not a matter of if you will be breached but when you will be breached.”
While Rau believes that one day a year to promote security awareness isn’t enough, he agrees it’s a good place to start. To make it easier we’ve put together a beginner’s guide to protecting your data online:
Smarten up your passwords
Despite countless warnings, Rau said the average web user still doesn’t take password security seriously. But, having strong passwords is one of your best defence mechanisms online.
Stay away from easy-to-guess passwords like “123456″ or “Password” and easy to guess identifiers, like your dog’s name.
Numbers included in a password should never be something easy to guess based on the user. That means your age, the current year, or your address are not good choices. Similarly, the longer the password the better.
Here’s a handy tip: Construct a password from a sentence, mix in a few upper case letters and a number – for example, “There is no place like home,” would become “tiNOplh62.”
And remember, try not to use the same password for any two accounts.
Know how to spot a phishing scam from a mile away
“Attackers will always find someone that will fall for their tricks,” Rau said. “As long as they work they will keep using them.”
For the most part, common sense and a careful eye will help you spot a phishing scam. One of the most common ways that fraudsters will try to fool you is by using official company logos or insignias. In some cases, the email address or web address may look close to the company’s name, but is slightly altered or off by a letter.
This tip is especially important: Never click on a link included in a suspicious email. Often attackers will use a legitimate web address in the hyperlinked text of the email, but once you click on the link it takes you to a malicious website.
To check a link, hover your mouse over it – without clicking on it – and a small yellow box will appear, showing the actual web address the link will take you to. If the link doesn’t match the hyperlinked text, it’s likely malicious.
Remember: Your smartphone isn’t any more secure than your computer
“We feel our mobile devices are more secure – but I don’t know why that is,” said Rau. “Treat them like any other computing device. Use them with savviness.”
According to Symantec, only about 50 per cent of mobile users have some sort of malware protection on their mobile devices. But hackers are increasingly hiding malware in mobile apps, or sending it through malicious text messages.
Most of this malware is designed to steal the user’s personal information.
To protect your device from malware, make sure you are downloading apps from legitimate app stores – like Google or Amazon – and make sure your device’s software is up to date. You can also download malware protection for some platforms, like Android.
Stolen data is big business for hackers
If an attacker does get hold of your personal information, experts say they are likely to sell it on an underground market where other criminals pay top dollar for it.
Here is what some of that stolen data might cost on those market places, according to Symantec researchers:
- Email accounts: $0.50 to $1,000 (for a bulk purchase)
- Cloud accounts: $7 to $8
- Credit card information: $0.50 to $20 (depending on the brand, the amount of metadata provided and how recently it was stolen)
- Scans of real passports: $1 to $2
- Gaming accounts: $10 to $15