IT security is a matter of habit. You can train many security measures so that they quickly become flesh and blood. We have six tips to help you keep your digital identity out of the hands of criminals.
Learn something about OPSEC
“People always want to protect themselves against hackers – but it’s much more likely that they’ll leave their smartphone or laptop in a taxi,” says Tom Van de Wiele, Principal Security Consultant at F-Secure. The human brain isn’t very good at risk assessment, says Tom.
We’re obsessed with headline-grabbing risks, but we ignore things that are much more realistic. For example, it is much more likely that a child or an Evil Maid will come to the laptop instead of a hacker in the civil service targeting the system. In order to minimize your own attack surface against real attacks, you should at least become a little familiar with the topic of operational security, OPSEC for short.
This is not difficult and actually only requires you to be aware of your environment. Examples of this are that you should not carry open access cards or make sure that nobody looks over your shoulder while you work.
Rely on smart software
Good security programs work for you – not the other way around. At F-Secure, in addition to endpoint security programs such as smartphones, tablets and notebooks, we have two solutions that work right here: The password manager F-Secure KEY ensures that you only have to remember one password, but use a strong password for each access. The basic version of the software is free of charge.
In addition, we ensure that your communication is also protected in public networks – at least if you use our VPN solution F-Secure FREEDOME. This not only protects you from eavesdroppers in the public WLAN, we also block tracking software automatically.
Assume that others are not protecting your data
If your access data ends up publicly on the net, it’s probably not your fault. In fact, your password and username may have long been known on the web without you noticing. Because through break-ins at companies such as LinkedIn, Yahoo, Adobe, MySpace or Gamigo, millions of access data can be found on the Web. You can check this simply by visiting the HaveIBeenPwned.com service and entering your email address there.
How can you minimize the risk of abuse if a provider loses your information to criminals? You should have a strong, unique password for each service. This prevents multiple use. It also makes sense to use several e-mail accounts or to create e-mail addresses dynamically. Google Mail, for example, allows the use of aliases so that e-mails to firstname.lastname@example.org end up in the same mailbox as email@example.com.
This works similarly with T-Online or GMX. Disposable e-mail addresses are an alternative. These mailboxes only exist for a short time and are then deleted. Spammers or phishers cannot really use this information.
Use a browser exclusively for shopping and online banking
Browsers are essential for Internet access – they are also targets for criminals. It therefore makes sense to divide one’s own browser habits. F-Secure expert Sean Sullivan recommends installing a browser exclusively for online shopping or banking. This way you can ensure that the access data for your bank account, for example, is completely isolated.
Healthy mistrust with e-mails to
E-mails are still one of the easiest ways for criminals to infect the system. A well done phishing mail is enough and your credentials are gone or you have malware on your system. Most attachments in spam messages contain a Trojan, so be careful.
However, you should not rely on filters. If a message slips by mistake, it is up to you to recognize it and not to click on it. A good tip from Sean Sullivan is to turn off HTML and other gimmicks and display e-mails in plain text mode. This will prevent links from being camouflaged or unnecessary trackers from being reloaded.
Set to 2-factor signups
The unwieldy term 2-factor authentication (2FA) stands for a useful protection system for online accounts. Simply put, each time you log in you need not only a password, but also a number that generates an app on your mobile phone. Most people already know such a procedure from online banking – the TAN is a two-factor system.
The sense behind it: Even if criminals get your password, they can’t log on to your account without your smartphone. 2FA accesses are now widespread, you will find a good overview on this page. At the beginning you should perhaps only protect important accounts, e.g. for the e-mail or the password manager. Once you get used to it, you can extend the protection. Important: Print out the backup numbers for each account and keep them in a safe place – if your smartphone breaks down, you will no longer have access to the 2FA numbers.