online safety Steps
The FBI recently reported a 400% increase in cyberattack complaints received since the start of the pandemic. If you haven’t given your devices and accounts a security checkup, now’s the time to do it.
Precautions like two-factor authentication and strong passwords are good places to start, but there are subtle tactics hackers can use against you even with these measures in place. Tap or click here to see a scam that targets 2FA codes.
There are so many dangers online that it might feel impossible to cover all your bases. That’s why we put together five new security steps to help you safeguard your accounts and devices.
1. Check if you’re part of a zombie network
Botnets are dangerous malware networks that take control of computers and accounts. If a device becomes part of a botnet, hackers can send spam emails and malware to every contact on file.
Emotet is a botnet that sends more than 250,000 messages each day filled with spam, viruses and ransomware to accounts worldwide. If an account gets compromised or a computer becomes infected, it’s drafted into Emotet’s spam army.
It’s easy to check if your email or domain address has been infected. Visit haveIbeenEMOTET and run a search on yourself. Just enter your email address or domain name into the tool on the homepage and click enter.
The site will run your information against domains and addresses sending spam on behalf of Emotet. If your email address or domain has been used, it will be marked as either “sender fake,” “sender real” or “recipient.”
If your address or domain is marked as “sender real” or “recipient,” it’s been compromised by Emotet. Take these steps:
- Scan your computer for malware. Emotet uses Trojans and other hidden malware to infect its victims. Tap or click here to see our favorite anti-malware scanners.
- If your anti-malware crashes during a scan, an Emotet infection may be interfering with it. You may need to run your computer in safe mode and try the scan again. Tap or click here and scroll down to Step 4 to see how to activate safe mode for Windows 10 and macOS.
- Change the password for your email account. Create a complex password that won’t be easily guessed using a combination of letters, numbers and symbols. Tap or click here to see how to generate stronger passwords.
- Avoid opening unknown emails in the future. If you get emails with links or attachments, do not interact with them. If someone you know sends you an odd email with a link or attachment, confirm that they sent it before opening. They may be part of a botnet, too.
2. Use this extension to make all your favorite sites more secure
When browsing the web, stick to websites that start with “HTTPS://.” This tells you the site transfers data over a secure encrypted connection. You’ll also see an icon shaped like a lock in your browser’s address bar.
What if you want to visit a site that isn’t encrypted? That’s where the HTTPS Everywhere browser extension comes in. It rewrites your web requests as HTTPS, even if the site isn’t set up for it.
3. A physical key that can’t be compromised
Security keys are a physical way to verify your identity online. These small, USB-powered devices act like keys to your online accounts and must be plugged into your computer when you log in.
Just like with 2FA, the devices generate a one-time code that your online accounts recognize when you log in. The code is generated electronically rather than sent to your smartphone, so it can’t be retrieved or intercepted by hackers.
YubiKey and Google Titan are two of the most popular security key brands, and both offer products that work with computers and mobile devices. The keys for smartphones are Bluetooth compatible and give you the same benefits as a USB key.
Right now, only certain websites and accounts support Yubikey and Google Titan. Tap or click here to check if a website you frequent works with these products. Look through the categories or type the web address into the search field to see if your platform of choice is compatible.
YubiKey also works with password managers like LastPass on major browsers like Google Chrome and Firefox. YubiKey is compatible with the LastPass app for iOS and Android, too.
4. A security key for your bank
Some banks offer physical security keys, too, which act as another layer of protection for your account.
Instead of using a code your bank sends you via text, you’ll use a special device that connects with your banking app. For example, HSBC Bank offers a security device that generates codes for you to enter online.
Since your security token comes from a real-world device, you won’t run the risk of hackers cracking it. Not all banks offer physical tokens or keys, so check with your bank to determine what security options are available for your account.
5. Check your firewall and router for exposed ports
Your computer’s firewall is designed to keep intruders from accessing your system and network. Even if a hacker knows your computer’s location and IP address, they won’t be able to get far if your firewall is set up correctly.
Your router uses thousands of ports that let different kinds of information pass between your computer and the web. Port 80, for example, is always used for web traffic. Your firewall protects open ports from being exploited by hackers.
Hackers will sometimes use port-scanning software to check for weaknesses in your firewall. Viruses can also change your port settings without your knowledge.
To check if you’re protected, let’s check out your computer’s firewall first.
- Open Settings > Update & Security.
- Choose Windows Security from the left-side menu.
- Choose Firewall & Network Protection to open the firewall menu.
- Your system will tell you whether your firewall is on or not. If it’s off, you can turn it on or reset the settings to default by clicking on Restore firewalls to default.
- Open System Preferences on your Mac, then click Security and Privacy.
- Click the Lock Icon to make changes and enter your admin username and password.
- Then click Turn on Firewall.
- Click Firewall Options and make sure Automatically allow built-in software to receive incoming connections and Automatically allow downloaded signed software to receive incoming connections are both turned on.
- The settings above allow Apple-authorized programs to pass through your ports while blocking unauthorized software.
To test your ports, then paste your IP address into one of the two utilities linked above. For residential users, there should be zero ports open. If any issues crop up, reset your firewall settings to default using the steps above.