‘Tis the season… for security awareness

25 Nov '15

We are approaching some busy shopping seasons over the next couple of months here, this also means there will be an increase in SPAM, Malware, Scams and Hacks etc. So here are a few tips to help you navigate the digital world this season.

Ensure your security software is up to date

This mainly means your virus scan, there are however many additional security software options such as firewalls, ad blockers, malware detectors etc. If you do use those additional security options you will want to ensure they are kept up to date.  For this article, however, we are going to focus on the base protection for most users which would be a virus scan.

To start, make sure you have one! There are several options available for the most common operating systems such as Windows, Mac and Linux. More often than not, you can look at how you use your computer as part of your decision making process on which virus scan to get.

Are you a heavy email user? Then perhaps a virus scan that focuses on scanning email.

Do you browse the web a lot? Then perhaps a virus scan that focuses on website security.

Do you share a lot of files with people? Then perhaps a virus scan that focuses on the core of file scanning.

However, if you are unsure, at least start with one of the basic free options which are generally around the core of file scanning. You can always change to different software later.

Once you have chosen a software, you will want to always make sure it’s up to date. Generally with virus scan software there are two kinds of updates.

  1. Updates to the scanning software itself.
  2. Updates to the virus definitions.

Always make sure you keep both up to date. The updates for the software can contain anything from protection from malicious code, disabling it, tricking it to ignore problems, or simply adding new ways it can scan for problems. The updates for virus definitions is how your virus scan knows what new viruses are out there.

System updates

This is pretty straight forward.  Keep your operating system up to date. There is a lot of debate if you should always update the moment an update comes out as sometimes they can cause more problems. Generally, if there is an issue with an update they fix it within the week. No matter which side of the fence you are on with updating right away or not, the important thing is you are actively keeping your operating system up to date without leaving updates for too long.

Ensure the site you are visiting is legit or secured

Some of the most successful attacks never even need to compromise your system, they simply need to trick the user. A lot of these are fake webpages that are made up to look legitimate. This is why you should always pay attention to where a link tries to take you. Most links from emails for example you can hover your mouse over the link and it will show you where it is trying to take you.

Scams generally look something close to the actual link for example you may get an email that is telling you to click a link to google. The link would show up as www.example.com. However, when you hover your mouse over it you may see it actually wants to take you to www.examplec.om which could be a malicious site.  Pay close attention to the differences!

Secured site is the other half of this, meaning that you will need to look at the address bar of your web browser. You will generally want to check two things.

  1. Ensure the website address shown in your address bar is for the site you are visiting.
  2. If you are on a secured site (Generally a site that you would log into that contains sensitive information) you will often see a lock in the address bar. This lock tells you that the website you are visiting is secured with a certificate. If you click on the lock on your web browser it will give you more information about the certificate. This certificate information should be certified to the website you are visiting.

Secured sites are most online shopping sites, so if you do shop on Amazon, Ebay, Etsy, etc. you should see the lock in your address bar after you login.

Emails, always emails…

Emails are, and always have been, the best ways to lead people to malicious links or trick the users into giving their information over. Here are some general tips to protect yourself.

  1. Always be careful of any links you receive in an email and follow the advice about hovering your mouse over the link as suggested earlier on ensuring the site is legit.
  2. Always be suspicious of emails asking for any financial or login information right away. Generally, if you get in email asking you to login somewhere, it is best to go to the site directly (not using the link in the email) and login from there. That way you are confident you weren’t redirected someplace malicious.
  3. Don’t accept links to files unless you are expecting a file from the sender, if you are unsure always ask the sender if they intended to send the file.
  4. If you had a file directly sent to you ensure it doesn’t end with anything out of place. An example, someone sends you a word document but it ends in .exe. The .exe is an executable file generally associated as a program file. This would have nothing to do with a word document file.
  5. Always be careful of .zip files as they are usually used to hide other files such as a fake document file that would be document.exe (as mentioned earlier documents should end in .exe)
  6. Remember that just because you received an email from someone you know, doesn’t mean they sent the email. This is why it is important to ask the sender if they intended to send you the email if it seems suspicious.

Other forms of communication

All forms of communication have been used to trick people such as mail scams or telephone scams etc. This still holds true today, however a lot of it has been moved into text messaging scams or social media scams etc. So be sure to always verify who you are talking to especially if it seems suspicious or they are asking things from you out of the ordinary. And remember to use the tips mentioned earlier on following links.

Best practices

It is always good to be extra cautious with security around any busy shopping or tax season. Also remember that the internet is a global place so not every place has the same busy shopping seasons as where you are located.

Also be sure to regularly change your passwords and not to use the same password over and over again. No matter how complex your password may be, you still want to regularly go through the process of changing it.