Five key steps to protecting yourself online

Version 1

    The number of threats posed by hackers and malware continue to grow at an ever-increasing rate

    Article originally shared on Intel’s Circuit. Permission granted to modify and run series for Teachers Engage Community Story by: Secure Intel


    According to Google*, malware poses an increasing threat to Web surfers. The search giant carried out in-depth research on 4.5 million Web sites and found 1 in 10 Web pages can successfully launch a "drive-by-download"—such as a Trojan—onto a user's computer.


    The downloaded software can potentially allow hackers to access sensitive corporate information and personal data, or install rogue applications. And this malware threat is growing at an alarming rate.


    So what can you do to protect yourself and your privacy? Here are five tips that should have you surfing more securely:

    1. Reconfigure your Internet browser to be more secure.

    To a hacker, the Internet browser is just another avenue of attack—so it’s important you secure it to prevent malware from being installed without your knowledge. Browser attacks are becoming more sophisticated, and there can be severe consequences. An attacker could gain “bot-like” control of your system, which means your computer effectively becomes a drone the hacker controls.


    It is easy to modify your browser’s security settings to make it harder for attackers to breach. For Internet Explorer*, you can increase the security levels of your security zones, specifically “Internet” and “Trusted Sites.” For step-by-step instructions for Internet Explorer and Mozilla Firefox*, please utilize the Securing Your Web Browser guide by the US CERT Coordination Center.



    1. Get the 411 on Cookies.

    The nature of the Internet requires that there must be a mechanism to allow Web applications to store information. “Cookies” are one solution for storing user information. They store up to 4KB per cookie of data on your machine. The browser attaches the cookie data to outgoing Web server requests. Cookies are usually used to store private information (like your IP address) or data about your Internet browsing habits. They are also used to prove authentication during a session. For instance, once you have logged into your bank Web site, a Session I.D. is generated and a cookie is created and stored on your system. If an attacker acquired this cookie, it could then be used to impersonate you. To prevent this, do not surf other Web sites while still being logged into a bank—or any secure Web site for that matter. Be sure to log out of the bank site because this will usually delete the session cookie.


    Changing your browser configurations can help prevent others from monitoring your browser habits. In the browser, you can change the privacy setting to at least a medium level. In addition, you can modify default settings to allow first-party cookies, and to disallow or be promoted for third-party cookies. Directions for changing these settings can be found in the Securing Your Web Browser guide.



    1. Use Strong Passwords!

    Passwords are essential to log into many sites on the Internet, especially secure sites. We have so many passwords to remember and, unfortunately, people often choose weak passwords. Your information is valuable to hackers, and weak passwords are easy to bypass. Using stronger passwords is a simple step toward protecting yourself.


    A strong password must have the following elements:

    ·         must contain at least 8 characters.

    ¨       contains a mix of letters, numbers, and special symbols.

    ¨       must not be a word in the dictionary.

    ¨       should never be any personal information such as a name or address.


    Ideally your password should be strong and easy to remember. Passwords should be changed regularly and never shared. It is important to try and use unique passwords especially for secure Web sites, such as banking sites. This rule also applies to system login passwords. Your system login should not be the same as a secure site login.



    1. Don’t assume a Web site is secure. Verify it.

    If a Web site requires you to enter personal or financial information, you need to ensure that the site is “secure.” Usually, communication between your computer and the Web server is in clear text. This means a hacker could eavesdrop on the traffic and see the exchange. When a site is “secure,” the communication is encrypted using Secure Sockets Layer (SSL). While SSL is a good sign that the site is “secure,” it is not a guarantee of security. It is your responsibility to verify the site is secure before providing sensitive information.


    There are two ways to verify that the page utilizes SSL:


    The first method is to look at the address bar to inspect the URL or Web page address. It should begin with “https” rather than “http.”

    The other method is to look for the lock icon. Depending on your browser, this icon will be located in a different place. In Internet Explorer 6 and 7, the lock is on the bottom right hand corner of the window. In later versions of the browser the lock is by the URL as part of the address bar. By clicking on this icon, you will be able to view the SSL Certificate by a Certificate Authority.


    A Certificate Authority (CA) is an entity like VeriSign or Geotrust that provides digital signatures to a single owner. The certificate will allow you to verify the owner is a trusted entity, like your bank. Some Web sites are created using small frames which make up the larger Web page. Therefore the lock icon will be in the login frame. Usually, this lock is just a picture but the purpose is to ensure your transmissions are encrypted using SSL. The previously discussed methods of looking at the URL and the lock icon in the browser itself are the best ways to determine if a site is securing your transmissions to and from the Web server.


    Malicious attackers want to gather your sensitive information. Therefore, when you encounter a page that requires personal information, please verify the site is using SSL to encrypt your transmission. Another important tip to remember is to log out when you have completed using the site.



    1. Beware of suspicious Web sites, links, downloads and confusing dialog boxes.

    Hackers are smart and know the habits of the average Internet user. Most people will click on a link in an e-mail from a bank or click “OK” on a dialog box to make it go away. The goal of the hacker is to infect your machine with malware. This could be done by luring a victim to a malicious Web page. Malicious code could be executed on your machine once you visit the infected site. The victim may also click a link, button, or image which triggers a script to install spyware, adware, hijackers, dialer Trojans or other types of malware. The only way to prevent these types of phishing attacks is to be more aware—or more suspicious. Read dialog boxes before clicking “OK”. In addition, make sure that your anti-virus and anti-spyware software is up to date and scanned periodically.


    For more information on phishing attacks and how to report them, please visit Report Phishing provided by US-CERT Coordination Center.


    These five easy tips will help ensure your security while browsing the Internet. Being aware of the threats is the first step in learning to protect your security and privacy. It is also important to be less trusting on the Internet. Be suspicious of unfamiliar Web sites, links, and downloads. Use anti-virus programs, keep your computer patched, and make your Internet browser more secure. Ultimately, your security is a reflection of your online behavior.