Staying Safe on the Internet

Computer thief

The internet is a fantastic resource but it's essential to take safety precautions to avoid some of its pitfalls like viruses, scams and theft. This is especially important as we gear up to spend record amounts of money online over the Christmas period, but these tips will serve you well throughout the rest of the year as well.

1. Keep your software up to date

Most modern browsers, operating systems and anti-virus software will automatically update themselves without you needing to do anything, but if you're running an older version such as Internet Explorer 9 or Windows XP you should install newer versions to give you the best protection while browsing the internet. Older versions of browsers and operating systems may have unfixed security issues that can be used to install viruses or gain access to your documents while anti-virus software must continually update its register of known viruses as they are discovered.

2. Keep a backup of your important files

If you only have your work documents, family photos and financial records stored on your computer (or phone or tablet), then they are vulnerable not only to viruses but also to computer failures, breakages, theft, fires and floods. It's best to follow a "rule of three" approach with three backups made of your most important files and at least one backup kept offsite (on an external hard drive, for example).

Recently, a type of virus called ransomware has been popular with unscrupulous types. This virus locks your files and demands payment before they will send you a key to unlock them, even locking files on your network. If these files aren't backed up they may be permanently unlockable, but if all of your important files are saved elsewhere you won't be vulnerable to the extortion (removing the virus will still be painful, though!).

3. Beware of suspicious emails

Emails are a favourite tool of criminals because they are so versatile. They can be used to send viruses in attachment files, "phishing" emails that prompt you to enter your credit card details into a bogus bank website and scams that prey on compassion (requesting money to help someone with a sickness), loneliness (forming and exploiting a romantic relationship) and greed (offering a share in ill-gotten gains after some money is paid upfront).

How can you tell whether an email is suspicious? Here are some signs:

  • The email has misspelled words or poor grammar.
  • The links in the email point to websites that aren't the official bank or company website (although they may look similar). You can tell what website a link will take you to by hovering over it in most email programs.
  • The email includes threats or warnings that your account will be suspended. Most companies (and especially banks) will try to contact you by phone if there is actually a problem.
  • The email asks you to provide sensitive information such as your name, phone number, social security number or credit card details. No reputable companies will try to obtain this information from you via email and most companies that need this information will already have it no file.
  • The email appears to be from a large, reputable company but is unexpected. Some examples of this include emails from your bank requesting information, from a delivery company such as FedEx telling you of a delivery that couldn't be made when you're not expecting one, and from online subscriptions (such as Adobe or cloud accounting products) prompting you for a password reset.

If you receive an email that looks suspicious, don't open it. If you're not sure whether it's actually a legitimate email the best thing to do is phone the company on a number you know is correct and ask whether they sent it.

5. Only buy from secure websites

Secure shopping sites will have a website starting with https:// (note the s on the end of http) and some sort of lock icon or other indication that the site is secure depending on your browser. Always check for this level of security before entering sensitive information such as credit card details.

4. Only download software from reputable websites

Only download Microsoft software from Microsoft, Apple software from Apple, and Chrome and Firefox browsers from their official sites. Beware of sites offering free versions of expensive software for download as well as sites offering streaming video or music that haven't licensed this material legally.

6. Be careful what information you share

Information shared online is a goldmine for identity theft and answers to account security questions (such as "what is the name of your pet" or "what city were you born in"). Check the privacy settings on your social media accounts to make sure you are only sharing sensitive information with your friends and be wary about accepting friend requests from strangers.

7. Use a password manager

Passwords are an inescapable part of using computers and the internet. It's recommended that you avoid common words (such as "password" and your name), make passwords as long as possible, don't re-use passwords across sites and don't write down your passwords. All of this is impossible for a regular person to do effectively (the human brain isn't built to memorise 64 random characters in a row!) which is why we recommend installing a password manager such as 1Password or LastPass.

Why shouldn't you pick a strong password and use it everywhere? Well, the past few years have seen a high number of hacks with even the largest companies losing their customers' data. Adobe lost a massive amount of user names and passwords at the end of 2013, Sony lost all of its employee's emails and data at the end of 2014 and the details of the users of Ashley Madison, a "married dating" site, were stolen in the middle of this year. If even these companies were hacked, it's best to assume that one of the companies you deal with will be hacked at some point. If the password you lose is only used on that site, then all you have to deal with is resetting your password there. If, however, the password that is stolen from your gaming account is the one that you also use for your banking, whoever now has access to that password can do a lot more damage.

8. Set up two-factor authentication

If you absolutely want to make sure that your passwords can't be broken, many sites now offer something called two-factor authentication. This involves requiring you to enter a password as well as something relying on a physical item that you own, such as a code sent to your phone. This means that even if someone figures out your password, they won't be able to access your email or bank account without having your phone as well.

9. Be aware of common scams

Scams are cleverly designed to exploit us and endure because they are effective. Anyone is capable of being scammed in the moment, and the best protection against scams is to be aware of what is out there.

Here are some recently popular scams to be aware of, although it's by no means an exhaustive list:

  • Phishing emails that appear to be from a trusted institution like a bank but trick you into entering your details into a website owned by the scammers.
  • The Nigerian prince scam, so-called because in its classic version it claims to be from a Nigerian prince who needs help transferring a huge sum of money out of his country and will pay you a cut of the proceeds after you have paid upfront bank fees. Alternative versions include emails from US soldiers who have found treasure in Iraq, Chinese businessmen seeking to move their fortunes out of the country or European lotteries that require a fee to release your winnings.
  • Calls purporting to be from Microsoft tech support (or a similar company) and telling you that there is something wrong with your computer and you will need to pay to have viruses removed or new software licensed. Reputable companies will never call and sell to you like this. In addition, these callers may ask you to install software that will give them access to your computer.