6 ways to avoid becoming a victim of data theft
As Shant Chakmakian describes it, cyberspace can be a hostile environment.
The founder of SC Systems, an Edmonton-based IT management company, isn't trying to drum up business through fearmongering. But he's seen firsthand how rogue computers probe systems for unguarded entry points that can lead to our sensitive information or provide opportunities to install ransomware and other damaging programs.
The Spectre and Meltdown attacks of late 2017 are a bracing reminder of what's at stake. By exploiting a long-overlooked flaw in processor chips, the attacks showed how a perpetrator can strike at a computer's "kernel," a supposed strongbox for passwords and private files. It's a problem said to affect nearly all PCs, tablets and smartphones made during the last two decades.
What that means to users, says Chakmakian, is that "We all need to take IT security seriously.” Here's how.
Stay up to date
“Update your computer regularly,” says Chakmakian. It's the quickest, easiest way to fix security problems. It may seem obvious advice but it tends to be largely ignored. A 2015 study found that only 39% of users (excluding IT experts) immediately installed updates upon notification.
Keeping current may also mean moving to newer, supported operating systems, Chakmakian adds. Sure, you loved Windows XP, but developers no longer update it. For safety's sake, let go and move on.
Make them good. According to a 2017 study by Google, the likes of 123456, password and abc123 are alarmingly common – and easily guessed. Also common, says Chakmakian, is the use of a single password for multiple accounts, which means one cracked code becomes a master key. Change them every six to 12 months.
Cloud-based password manager apps that gather numerous passwords under just one make Chakmakian a bit nervous. To feel more assured, he looks for one that offers two-factor authentication: "Something you have and something you know." That is, in addition to requiring your password, the manager asks for something only you will have, such as a code it sends to your phone as a text message.
Better still, Chakmakian prefers a system such as KeePass, which stores passwords on your system rather than in the cloud. Try a portable version of the manager that relies on offline storage, he suggests, such as a USB drive, to further increase security.
Your firewall is designed to keep out unwanted visitors. Sometimes, however, you may need to admit other users by opening "ports" in the firewall through which they can access your system.
Beware, says Chamakian. For example, in cases where security companies need access to your system, “There are a lot of attacks where security cameras get hacked and act as an entry point into your network.”
To keep guests from compromising your system make sure they've taken proper precautions with their own and are admitted through two-factor identification.
Suspicious links and downloads
If a link in an email looks fishy, it may be "phishy": a scam to convince you to share passwords or other sensitive information. "Put your mouse pointer over the link but do not click on it," says Chakmakian. This will reveal the true destination.
Downloads can also put you at risk. Install programs only from reputable sites, such as cnet.com, says Chakmakian.
Back it up
The cloud is a convenient backup but it relies on the same chips that have been shown to be vulnerable to attacks. Treat it with caution as well, says Chakmakian. To protect a sensitive document, he recommends keeping an offline copy in addition to online copies.
“Copy it to an external hard drive and then turn that off, unplug it – no one can access that data." Plug the drive back in periodically for updates.
“Everyone needs to understand some of the basic tenets behind IT security,” says Chakmakian. When things get too technical, “work with a good IT provider.”
He also hopes to see a freer exchange of information within the industry. After all, the companies responsible for the vulnerabilities revealed by Meltdown and Spectre knew about the flaws well before news about them broke.
"The hope is for us to come together as a community and start having conversations and setting standards about what an accessible level of IT security is.”