Basic Online Security for the Technically Challenged

Most security problems online don’t happen because a really brilliant hacker slaved to break into your bank account, website, or eBay account. Most of them happen because you left the house with the doors unlocked and the windows open, and the burglar walked right in.

See, most of them happen because someone programmed a bot to go looking for obvious easy targets. Just like the burglar who goes looking for unlocked doors or open windows. They aren’t looking for a hard job to show off their brilliance, they are looking for a quick and easy mark.

Unless we understand how online security compromises take place, we won’t understand how to reduce the risks. The good news is, that the vast majority of problems occur from things that are VERY easy to stop. They happened because someone made it easy to take advantage of them, and the bad guys are mostly opportunists. Stopping most just means not giving them easy opportunity. In other words, just lock your doors and close your windows. Cyber criminals aren’t much different as a whole than the average burglar – for the most part, they spend a few seconds on easy possibilities, and then move on to find a sucker if they can’t get in.

Some simple rules:

1. Don’t EVER click a link in an email to go to a secure site. Go there by entering the address into your browser yourself. No matter how convincing the email sounds, DON’T TRUST IT. Any email that tells you that a sensitive account (including email accounts, bank accounts, etc) requires validation or it will be shut down is a LIE, and sent for the purpose of stealing YOUR data.

2. If it sounds too good to be true, it absolutely is. If it is on a one page website with tons of hype and dozens of invitations to click here to buy, there is a 99% chance it is not legit. If they pressure you to buy now, don’t. Listen to that voice of caution in the back of your head, it knows what it is talking about.

3. Change default usernames. If you do an install of some popular software into your website, it has a default admin password – Change it! (Joomla users, that means YOU.) NEVER leave a website username as “admin”, or anything else that was there when you got it. Every scammer in the world knows what the default was on that kind of site, and they’ll go looking for sites that didn’t have it changed. Username and password combinations are easier to break when they only have one of them to guess.

4. Use a more secure password. Don’t use just a single word, or two words. Add a number or two. Use a capital letter or two. Make it easy for you to remember, but hard to guess. Adding numbers and changing a letter or two to a capital does that. Symbols make it even harder to guess, but not all systems allow them. Some sources tell you to use different passwords for every site, but really, you can’t. There are too many! The reality is that most people do use the same password for everything. But it is wise to use a separate higher security password for bank accounts, and do NOT use a password reminder or key program to keep the high security ones.

5. If you have a website that uses software, make sure it is up to date. Periodically, someone will find a way to break into a site structure – like Joomla, WordPress, OSCommerce, or whatever. And when they find that way, they publish it to all the other unsavory sorts. If you keep running an outdated version that has a known security hole, it is only a matter of time before one of those persistent little bots finds it, and walks right in through that open door.

6. Don’t share your passwords. Not ever. Once it gets out of your hands, it can go anywhere, and someone you trust may let someone else know, because THEY don’t value it as much as you do. No one can guard your own security quite as well as you can, you are the most motivated person.

7. Don’t trust web professionals to keep things for you. You have to trust some people with access, but give them as little as possible, and always make sure YOU are the one who can kick them out, not the other way around.

No need to be paranoid – just be sensible. Just like closing all your windows, locking the door and throwing the deadbolt. Unless you are in a high risk online neighborhood that makes you a particular target, there really isn’t any need to put up bars or hire a bodyguard. Just like you do the simple and sensible stuff for home security first, do the same with online security.

Don’t make it easy for someone to rip you off.