We all know that we don’t keep our online identity as hidden or as protected as we should. We keep the same password for every single account, we happily give away our personal information online, and we are blissfully ignorant as to just how easy it can be for hackers to find their way into our private accounts.
At The Independent Pharmacy, we work extremely hard to protect the personal and medical data that you entrust us with. Unfortunately, however hard we try to protect your data, we can only secure the areas that we have control over. For complete data security, we also need your help.
We have compiled a list of some easy-to-follow tips that can help secure all of your online accounts and help put your mind at ease when using the Internet.
Check for websites using https://
Before inputting your sensitive data into a website, especially credit card information, you need to check whether the site itself is encrypted. In order to do this you must look for two things:
Make sure you can see the trusted “security lock” (to the left of the URL on the address bar).
Check that there is an extra “s” after the “http” part of the URL itself. Some websites may change from “http” to “https” when asking for credit card information.
If you can see either the secure lock symbol or https:// then you can be sure that the website is encrypted, making it much more secure to enter any sensitive details.
According to Mozilla, the company behind the Firefox browser, the majority of traffic on the internet is now encrypted. This means that, in general, you are more likely to be on a secure website than not. It is important to note that “https” doesn’t hide the fact that you are visiting the site, it simply encrypts any data you enter so it can be sent securely.
“Https” encryption also makes sure that you are accessing the website’s content exactly as the owner intended. Without this encryption, it would be possible for despotic governments or malevolent hackers to replace the content you are accessing with their own content, or trick you into downloading malicious software.
At The Independent Pharmacy, we use 256-bit SSL encryption – the same that is used in online banking. This ensures that any information you enter on our website is securely sent to us and cannot be intercepted in transfer.
To read more about SSL encryption and see examples of how to check a website is SSL-secure, you can read the DigiCert SSL page.
Examples of secure websites by browser (note the secure lock in each example):
Use strong passwords
Having strong passwords for all of your accounts is the single best thing you can do to protect your identity online. This is particularly true when dealing with sensitive data such as banking and credit card information. That being said, we are generally pretty terrible when it comes to choosing our passwords.
Of course, your password is not an impenetrable fortress. Any hacker with enough time and energy will eventually find a way in, just like a conventional burglar trying to get past a locked door. Unfortunately, many people do the online equivalent of leaving the key under the mat for the burglar to find and gain access to your home.
It seems crazy, but many people keep using the easiest of passwords such as “123456789” and “password”, despite the warnings against using such simple passwords being available for years. But even if your passwords aren’t this simple, it is likely that they aren’t as safe as you think. Passwords that include personal data like dates, places, and names, do not cut the mustard, even if you add a “1234” to the end of them.
The most secure passwords include all of the following:
More than twelve characters
At least one upper-case letter
At least one number
At least one symbol (punctuation)
Not contain any personal information
Never share your passwords with anyone, and if you want to be extra safe, change up your passwords at least a couple of times each year.
At The Independent Pharmacy, we set a minimum password strength for all our customers to help them secure their accounts. Whilst this may seem like an annoyance, a strong password is the single biggest asset you have in securing your online details.
Norton (known for their anti-virus software) have a secure password generator that can be used to make a strong, unique password.
An example of bad password practice!
Use a different password for each website/account
Many people fall into the laziness trap when it comes to passwords and will use the same password for every single one of their online accounts. It may sound obvious, but doing this massively increases your vulnerability, and will allow one compromised account to bring down the others. The more accounts you have out there with the same password the more you open yourself up to potential hackers gaining access to all of your information.
Think of it like being in the real world. Having a master key that unlocks your house, your garage, your parent’s house, and your car would be incredibly convenient, but it is easy to see why this would be a terrible idea in practice – you’re giving a burglar access to everything you have access to with just one key. The moment that solitary key becomes compromised or lost you instantly have multiple situations to deal with.
It is the same idea as having the same password for your email, bank accounts, PayPal, and credit cards. Once a hacker obtains your password, say from that forum you post on occasion, they will try using it to get into your other accounts, immediately compromising your entire online identity. When you share your passwords across all of your accounts, your overall security is only as strong as the weakest account using the same information.
Do not save passwords, where possible
So you’ve decided to use a unique, twelve-character, secure password for each one of your online accounts. “Easy”, you might think. “I’ll just let my browser save all of the passwords so I don’t have to remember them.” Now you never have to enter another password again, your life becomes instantly more secure and easier in one fell swoop.
But not so fast. While this method will protect your passwords from keyloggers (malware that tracks your keystrokes), as you won’t actually be typing in your passwords, it might leave you vulnerable to other attacks. The key point is that when you save your passwords in your browser, your browser is, obviously, saving them somewhere. You can go into your browser right now (for Chrome, type in chrome://settings/passwords) and find a nice list of your passwords just waiting to be copied down by someone who can gain access to your computer.
Passwords that are saved in your browser are, essentially, on your computer. They may be encrypted and hidden, but a hacker with enough knowledge will be able to access them. A simple piece of malware could uncover all of them. Your hardware itself now becomes the risk, and anyone who steals your laptop or phone could potentially gain access to all of your online accounts as well.
This is one of the reasons that most smartphones will allow you to erase all of your data if a certain number of wrong access attempts are made. And it is the same reason that websites for banks do not allow you to save your passwords.
Use two-step verification, if offered
More and more websites, especially ones that make use of sensitive information, have turned to 2-step verification as an added layer of security over your different accounts. 2-step usually involves linking a phone number to your account so that you can be sent a code when logging in. This extra layer means that it takes longer to gain access to your accounts, but it puts up another obstacle in the way of any would-be attacker.
Using two-step verification makes accessing one of your online accounts incredibly hard for a would-be hacker as they will require not only your password but physical access to your mobile phone.
As stories of leaked information and hacking become more mainstream, two-step verification is increasingly becoming a popular option online to secure your accounts.
Don’t over-share on Social Networking sites
In the modern world, we are all too happy to put information about our personal lives on the Internet for all to see. Whether it is Facebook, Twitter, or Instagram, you might be surprised at just how much information you are freely giving up to potential attackers.
You’ve no doubt come across security questions during your time on the Internet. While these questions can provide an extra layer of security if done correctly, a lot of the standard options are fairly easy to figure out. The most common security question “mother’s maiden name” is information that can easily be found on many social media networks.
The simplest way to protect against this is to not put any personal information on the Internet, or at least change your privacy settings so only people in your circle of friends can access your information.
Your physical devices (such as a computer or smartphone) could be the easiest way to get at your private information for many attackers. This is why you should think twice about saving any of your passwords or financial information onto your computer or smartphone. Even if you are the only person using your laptop, make sure it has a secure and unique password or pin number in order to log in – don’t make it easy for an attacker!
If you want to go even further, many newer laptops and smartphones offer biometric security features, allowing you to log in using your unique fingerprint instead of a traditional password. Not only does this provide you with the most unique password possible, it means that you can never forget your password.
In the future, there will only be more biometric security. We have already seen huge advances in retinal scans, facial recognition, and auditory verification. Not only can your physical devices be protected in this way, but many of the big online companies are now considering implementing biometrics into their security systems.
Use a security suite/anti-virus program
Security suites and anti-virus programs are essential when it comes to protecting your computer from dishonest individuals and malicious software. Anti-virus software can protect your computer from all kinds of malicious programs such as spyware, viruses, and phishing scams. Some of the most popular pieces of software are Norton Antivirus, or McAfee. MalwareBytes offer a free home anti-virus program that covers the basics and gives you a good minimum level of protection.
When it comes to identity theft, your anti-virus software can act as acts a bit like your own personal online bodyguard. By protecting your computer from spyware, alerting you to phishing attempts, and letting you know about potentially dangerous websites, your anti-virus software will make sure that you aren’t clicking on anything dangerous.
Educate yourself on phishing scams
Phishing scams are a common way for an attacker to trick unwary people into giving up their personal information. There are a number of different kinds of phishing scams out there, but they can be avoided relatively easily if you arm yourself with some knowledge. The first rule is to never download attachments or click on links from strange email addresses - if you are unsure about an email, always treat it with suspicion.
Some of the most common forms of phishing attempts include pretending to be a service that you use in an attempt to trick you into giving up your personal information, personal emails from people offering or requesting money (including charities – if you want to donate to charity then via random email is not the way to do it), and even job offers and requests.
A dead giveaway is usually the email address itself. While the email can look genuine, the email address never will if it isn’t legitimate. Look carefully at the email address and make sure it matches the domain that it purports to be – an email address from PayPal, for example, will always be from an email address with the domain @paypal.com (look for subtle differences such as @payapl.com).
Ensure your home Wi-Fi is secured (& do not use public Wi-Fi)
Wireless routers in your home or business should always be password protected. If they aren’t password protected (and again, make the password as difficult as possible) then anyone in range will be able to access your Internet. An experienced hacker will be able to get all kinds of personal data just by being connected to your router. It is also a good idea to enable the encryption feature on all of your routers; this will scramble your data and protect it with your wireless password.
Public Wi-Fi networks such as at cafés, hotels, or airports, are usually not encrypted - you know this because there is no password required to log on. When using a public network your traffic is unencrypted and therefore it is possible for other people in range to see what you are doing. A hacker would be able to see any unencrypted sites that you are using and any information that you are typing into unencrypted web forms.
Keep your software up-to-date
Your devices will often give you a pop-up to let you know that one piece of software or another needs to be updated. It is all too easy to hit “cancel” or “remind me later” and never actually get around to updating it. But the few minutes it takes to download each update could save you all sorts of trouble in the long run.
Updating your software won’t just improve the features and functionality of your software; it will oftentimes include important security updates as well. This is especially important with key pieces of software such as your browser, operating system, and banking applications.
Yes, they are usually pretty long and full of weird legal words, but they will tell you exactly how the website plans to use your data, and whether it uses the information for purposes you aren’t okay with, like selling your information to other companies. If you are in doubt then always consider only interacting with websites that protect your data correctly.