Digital self defense: 10 ways to help protect your online treasures from malicious eyes

photo With such big names as The New York Times and Yahoo getting their computers hacked, how do you protect your online treasures at home?

According to the Chinese zodiac, 2012 was the Year of the Dragon, but after a slew of high-profile digital incursions in the last 12 months, a more apt title might be Year of the Hacker.

The Chinese had a hand in at least a few recent digital strikes, including those against several news organizations, most recently the New York Times and the Washington Post, who reported their newsrooms being hacked in late January.

Other targets of cyber attacks last year include Yahoo!, Barnes & Noble, eHarmony, the state government of South Carolina, the FBI and -- ironically -- anti-virus software developer Symantec.

According to Symantec's 2012 Norton Cybercrime Report, worldwide incidents of cybercrime cost an estimated $110 billion annually at a per-victim cost of about $200.

With even presumably well-defended networks at risk, the average PC user might wonder about the security of his or her personal information online. By following a few simple rules, however, technology consultants say users can minimize the chinks in their digital armor.

"The biggest part of securing your personal information online is education, teaching yourself what to look out for, as far as how people try and take advantage of you," says local digital consultant Strat Parrott. "People don't need to be paranoid, but they need to be concerned and aware."

Among the sources interviewed for this story are: Strat Parrott, founder of Internet and marketing strategy firm Juncture; Jon F. Moss, digital communication and social media consultant; and Donald Sayers, founder of technical support company iFixie Computer Repair.

1. Remember, email is a two-way street.

* Problem: When a message is sent, copies exist on the sender's and the receiver's accounts. Even if you are sure of the security on your end, the information could be compromised at the destination account or mid-transit without either party's' knowledge.

* Solution: Only communicate sensitive information by phone or in person. "I usually do not send date of birth or social security number via electronic means," Moss says. "Consider the source. Who are you sending this information to? Are they vulnerable to being hacked as well?"

2. Your inbox can be the gateway to bigger problems.

* Problem: Many online services use an email address as a point of contact if the user forgets their password and needs to reset it. If an email account is compromised, Sayers says, the attacker has "the keys to the castle on everything."

* Solution: Never remain logged into your email when away from your computer, and change the password to all accounts -- including your email -- on a monthly basis.

3. Open sesame ... and oregano and parsley.

* Problem: Being online often means managing accounts to multiple services, from Netflix and Amazon to online banking. To prevent strain on their memory, users often will use the same password across these accounts, but if that password is compromised, the damage can be even more widespread.

* Solution: Maintain different passwords for each account. Sayers recommends downloading the free program LastPass (lastpass.com), a password vault that securely stores log-in info for accounts. And never write down a password. "Sticky notes are the bane of my existence," Sayers says. "I'll walk in [an office] and just go from monitor to monitor and take off notes with passwords."

4. Use the right tools.

* Problem: Malicious software and viruses download to computers by various means, usually without detection and, once there, they mine the system for information. Last year, academics recruited by the U.K. Ministry of Defense wrote a paper calculating the cost of global Internet-based crime. They estimated that up to $10 billion was spent to repair damage caused by malicious software on computers without effective antivirus programming or whose antivirus protections failed.

* Solution: There are many scanning programs that find and address or proactively prevent these threats. Parrot recommends regularly scanning your computer with free versions of MalwareBytes (MalwareBytes.com), Anti-Virus Guard (AVG.com) and Nod32 (Eset.com), which self-update with new filters as their developers find and address new breaches.

5. Beware public Wi-Fi

* Problem: Public Wi-Fi hotspots offer Internet access that is often as insecure as it its unrestricted. According to a 2012 study by Symantec, 24 percent of adults accessed bank accounts and 31 percent shopped online over open, unprotected Wi-Fi, even though data exchanged over public networks often is easily intercepted.

* Solution: Be aware of the kind of network your system is connected to. Don't engage in sensitive activities such as emailing, banking or shopping unless you're at home or connected to a trusted network.

6. Passwords: The more complex, the better.

* Problem: Every year, password-management application developer SplashData releases a list of the 25 most-popular passwords. The top five of 2012? Password, 123456 and 12345678, abc123 and qwerty. Simple passwords such as these are extremely easy to circumvent, leaving users' information wide open to exploitation.

* Solution: Many online sites already require users to create stronger passwords, but experts suggest the most effective ones are 6-14 characters long, combining uppercase and lowercase letters, numbers and symbols. Sayers also recommends combining parts of words or phrases and avoiding number strings that are easily linked to you, such as ZIP codes or birthdays.

7. You are no one's only hope, Obi-Wan Kenobi.

* Problem: Con men have jumped on the online bandwagon, too. The Internet is rife with phishing scams in which malicious users masquerade as a trustworthy person or as a legitimate, trusted source in an attempt to convince users to reveal personal information.

* Solution: Use common sense, experts say. There aren't many Nigerian princesses in distress who would pay millions for the help of a complete stranger, so if a message sounds too good to be true, be the smart fish and don't take the bait. And never click on links in these messages; they often lead to sites that will infect your machine with malicious software. Want to double-check that your bank really needs to verify your account password? Call them directly and ask.

8. Java? Kick the habit.

* Problem: Java is a programming language that has been used for almost two decades to develop applications -- usually web-based -- for a wide range of devices, but it also has a history of dangerous security flaws. In February, Java-based attacks were made on Twitter, Facebook and Apple, about a month after the Department of Homeland Security's Computer Emergency Readiness Team recommended disabling Java in all browsers "unless absolutely necessary."

* Solution: Follow the recommendations of the Computer Emergency Readiness Team, Sayers says, and disable Java unless doing so prevents the use of a critical service such as online banking or a work-related page. Instructions for doing so can be found at Java.com/en/download/help/disable_browser.xml.

9. Have a contingency plan in case of invasion.

* Problem: A malicious user gains access to your social media account and begins name-calling and spreading misinformation, potentially damaging your online reputation. Now what?

* Solution: Moss suggests following the model many businesses have adopted and create a contingency plan for just such an occurrence. "Companies have a playbook so they're not in instant-panic mode," he says. "As individuals, we should have something similar."

After contacting the compromised service, Moss recommends immediately changing passwords to all accounts, admitting the breach and apologizing to friends and followers for any offensive or misleading comments made during the attack.

10. Lock the door behind you.

* Problem: Even a top-notch defensive software suite and the world's most complex password string can be compromised through sheer carelessness. Leave your computer powered on and logged in at a coffee shop when you step away, and someone at a neighboring table has access that might otherwise require a dedicated attack to attain.

* Solution: Even when in a seemingly trustworthy crowd, log out of sensitive accounts and make sure automatic log-in is disabled before leaving. To further slow snoopers, set the operating system to require a password when awakened from a sleep or hibernation state. It won't stop a concerted attack, Sayers admits, but it will probably buy you a couple of minutes to grab a refill or make a trip to the bathroom.

Upcoming Events