With social media, smartphones and tablets playing a greater role in our lives, be it work or leisure, with it comes its own dangers. Every day, accounts are hacked into, malicious apps are downloaded, phones are stolen and ultimately personal and private data is compromised. Sometimes it's a case of bad luck, but most of the time it's very preventable. This post will go through all the different ways this can happen on desktop, mobile and social media and shows you the different ways you can combat this. It's not always preventable, but you owe it to yourself to protect your data and make sure it doesn't fall into someone else's hands.
1) Main Security Threats
2) Protecting Your Social Media Accounts
3) Mobile Security
4) Protecting Your Web Browsing
5) Password Tips
6) Password Management Apps
7) Guides & Sources
8) Infographic Sources
Main security Threats
With so much malware and viruses affecting desktops and mobile devices, it's more important than ever to know what you're up against. If you're not careful, you could find yourself in a lot of trouble. While there's a wide number of things you need to protect yourself from, there are two main ones that keep appearing online.
The first and most obvious example are apps. We don't just mean those for Android and iPhone, but also those available for Facebook, Twitter and other social media sites. Malware targets those places which contain valuable data and there's no better place than a social media site. Be very careful when installing apps and make sure that the app in question is verified. All it takes is a quick search to find out whether an app is what it says it is or just another attempt to disguise malware.
Also, for mobile users, don't download apps from a third-party site as there's a far greater chance of malware slipping through here than in the iOS App Store or Google Play.
The second problem are spam links. Twitter and Facebook are the worst offenders when it comes to this. For the most part, Twitter's spam links are very easy to identify - usually they're either a link on its own or a private message from a hacked account saying something like "Someone been spreading bad rumours about you etc."
In a sense, Facebook is worse as while spam doesn't occur as often, they're usually disguised as articles with eye catching headings and text, which will make you tempted to click on it. Again, if it's not from an official source, then don't trust it and if you're tempted, do a quick search about the article online. If it's real, it will appear on a news site and if it's not, chances are someone was affected by it and reported it.
Protecting your social media accounts
It's pretty obvious that your social media profiles are at the centre of your online life. Considering that these sites rely on your data to generate revenue, the thought of your profiles being compromised grows with the more data that you share on these sites. Thankfully there are a number of measures that you can take to protect your privacy and lessen the chances of your privacy being compromised.
Facebook allows you to control what users can post on your profile, limit the amount of information made available on your profile, and how you connect with subscribers. You can find privacy settings up at the top right-hand corner of your Facebook page where you can change the way you connect with friends, subscribers and general users.
Another important note is that you can manage what apps, websites and ads have access to your data. The latter is important if you have an objection to your name being used to advertise certain pages. As well as being able to remove any apps that you no longer use (a more detailed guide can be found here
), you can limit the amount of info these apps have access to and whether your profile appears on search engines.
If your account has been compromised
If you're unable to access your account, the best thing to do is go into Facebook's hacked section (http://www.facebook.com/hacked) and follow the instructions to help reclaim your account. If you're signed in, just follow the instructions to help secure your account. If you're not signed in or can't sign in, you can report that your account has been hacked through the same page. When you regain control, it's best to review any apps or add-ons that you've installed in case one of them is responsible for the breach.
Found in your profile settings, you will find a new option called 'personalization.' Depending on where you're based, this option may or may not be available to you, but what it does is let Twitter suggest accounts to follow based on your recent web activity. If you don't want Twitter to track your web activity, you can disable it here.
Another thing to be wary of is spam links. For the most part, it can be pretty obvious what tweets are spam or not, but if there's a case where you're unsure, you can find out where the link leads to by finding a URL lengthener. One such example is LongURL
which does exactly this.
If your account has been compromised
Reset your password and review what apps you have installed. To do the former, either go into your account settings and access the Passwords tab or go into the log-in screen and request that your password be changed. When this is done, it's best to review or remove those apps which aren't first-party products. Also, delete any spam tweets or messages that were posted onto your account.
Similar to Facebook, you can limit the amount of info users can see by accessing 'settings,' located at the top right-hand corner. There are two sections which relate to privacy and security controls. The first is found under 'Profile.' Here you can adjust the majority of features such as whether users can see when you've viewed their profile or not, activity broadcasts and visibility.
The second group of settings is found under 'Groups, Companies and Applications.' Here you can turn off any data sharing with third-party apps as well as managing settings for any LinkedIn plug-ins on third-party sites.
If your account has been compromised
Like the previous examples, best thing to do is change your password immediately. Because of the hacking problems LinkedIn had back in June, sites like LastPass allow you to check your password strength. Security company LastPass came up with a handy way of checking if your account was hacked so you can use that if you think it has been compromised.
Considering the number of products Google has at its disposal, it's probably no surprise that it tracks every Google site that you visit and archives them in a massive dashboard interface. Be it YouTube, Google+, Android, Chrome or Maps, all this info can be found here. While going through each feature individually would take a while (there are 27 different products on display here), to keep things simple, we'll only focus on Web history.
Basically when you type in a search term, Google will save all of your search queries on its accounts dashboard. By clicking on 'Remove items or clear Web history,' you can delete part or all of your records. Also, you can pause Web History so that none of your entries are recorded in the future. Provided you're signed into a Google account, you can access your Google dashboard here.
If your account has been compromised
Help is pretty limited in this case. If you're having problems, go into the sign-in page and click on "Can't access your account?" You can report that you can't remember your password, or username. If that isn't the case, go into help at the bottom of the page and report the issue that's affecting you.
If your YouTube account is hacked too, simply go to YouTube's sign-in trouble page and report your problem.
Also found on Google's Dashboard, here you can adjust your profile visibility and even disable, or delete your entire Google+ profile.
If your account has been compromised
Since this is a Google product, the same advice as before applies. Go to "help" at the bottom of the page and fill out the instructions.
The biggest mistake that most people make is that they don't think of protecting their smartphones the same way as their desktops. Mobile phones are generally seen by the general public as risk free, but the truth is they are connected to the internet and can be targeted by a wide range of viruses and malware. We are going to focus on the two main platforms for this post. Apple is generally seen as the safer option because of its closed platform and app approval process whereas Android with their more open philosophy can attract more malware. Here are some general tips that will help you.
Download Apps From Trusted Sources
You should only really download apps from companies that you trust. Have a dig around and see what other sorts of apps they have published and what their track record is like. You should also have a look and see what sorts of permissions the app is asking for. Does a weather app really need access to your address book or your personal data?
This might seem like an obvious one and there is no doubt that reviews can be gamed, but generally speaking, the ratings and reviews of an app give a pretty good indication about the quality of the app and whether others have had issues before. If you think something is slightly dodgy, have a quick read through the reviews.
Install A Security App
Many of the big players that you will recognize from desktop programs now have mobile offerings with most including a free version. Symantec, McAfee, Norton, and Juniper all have scanning apps that will help you look closer at what's happening on your phone and what bad apps might be installed.
These tools will also help you have a closer look at what permissions the various apps that you do have installed have been granted and what information you are currently sharing with the apps.
Find Your Phone
In the old days, when you lost or had a phone stolen, it was as good as gone. Now, thanks to a bunch of new apps and built-in technology, you can track your phone in a whole host of ways as well as wiping your data and locking it remotely. The main thing to do here is to install these apps *before* you have your phone stolen!
You take your iPhone with you everywhere you go so the chances are that you might misplace it at some stage. The 'Find My Phone' app from Apple lets you track your phone remotely, wipe the data from the phone as soon as you lose it and track its movements on a map.
The big trick is that you will have to set this up before you actually lose your phone. Once you install the app and give it the required permissions, you never have to worry about a lost phone again and many people have used this to track down stolen phones and stop people from stealing their precious data, or seeing their personal content.
There are several different options that you can use on Android and a simple search in Google Play will help you find one that is most relevant to you and your phone. Here is one that costs just $0.99 and that has a bunch of useful features.
There are generally a bunch of different services that do the same thing for every different platform and some that work across all devices. Have a quick search online for something relevant to your own phone, but as you can see from this video it can be as easy as sending a text message as soon as you notice that your phone is lost or stolen.
Protecting Your Web Browsing
Chrome's in-built security measure are reassuringly good as well as astute; the Google browser will redirect you to a warning message before it would allow you onto sites suspected of containing malware or phishing.
These settings are default ,but can be disabled on the wrench menu, and they are further supplemented by 'sandboxing' and Google's regular auto-updates. With the ability to force the SSL, users can only view websites with the https:// prefix if they choose to further increase their phishing protection, which is especially important on sites where personal and banking details are exchanged.
Incognito represents Google's stealth browser, if you want to keep your history and downloads from being recorded, or are just wary of public Wi-Fi connections, there is a helpful clear data feature for when you want to rid yourself of cookies and any information that Chrome may have collected.
Unlike other major browsers mentioned blow, however, one cannot set Chrome to 'Do Not Track' and prevent advertisers from gathering data for targeted ads, although Google want to incorporate such a feature by the end of this year.
Google has separated the browser into components - the browser, renderer and plug-ins - to ensure that Chrome crashes as little as possible and that one of the three crashing will not crash Chrome altogether, and is the pre-eminent web browser with regard to security. Google will continue to bolster Chrome's security, but its excellence and structural innovation practically negates the need for any additional security plugins.
Mozilla Firefox is trusted for its reliability and ease of use, but it is not secure as its main competitor, Chrome. However, Mozilla offer several add-ons to embolden Firefox's security features. With over 13 million downloads, Adblock plus and Adblock Plus Pop-up Add-on make up Firefox's first line of defence against pop-up advertising and ad windows. No Script is also renowned for its effectiveness; it will only allow plugins such as Java and Flash to run if hosted on a trusted site for fear of click-jacking attacks.
Better Privacy, meanwhile, will protect Firefox from super-cookies, i.e. cookies that cannot be deleted, though it does not work retroactively, of course. Web of Trust accomplishes much the same thing and will warn you before entering any untrustworthy site intent on scamming you or using your details for ill, while Stealther is the Incognito of stealth add-ons and will disable browser history, history, cookies, disc catche, auto-fill forms among many other things.
It is vigilant (perhaps overly so) in maintaining your web browser security while using Firefox. All of these add-ons are easily available through Firefox's own add-on page and are heartily recommended by Mozilla anyway. Ultimately, Firefox isn't as security-focused as Chrome, but it is intent on offering users the best supplementary security products available to them even though they cannot build them in like Google have and are produced by independent engineers.
Internet Explorer (IE) is hamstrung by its dependence on ActiveX technology, which is becoming increasing outdated and obsolete, much like IE itself. You can turn ActiveX, though this will prevent you from using sites that rely on ActiveX, of which there are surely some.
Recent editions of IE have allowed users to decide if they want such apps to be enacted at all times or only for certain sites via the SiteLock ATL app, so you can toggle ActiveX on and off as and when it is needed.
IE 9's SmartScreen Filter is the primary built-in defence against phishing and malware and the introduction of the Tracking List to IE's latest edition sees that Microsoft has a renewed focus on protecting users from malicious third parties. IE is still the only browser to offer help via email and telephone, but its widespread use makes it more susceptible to security threats and malware.
As IE is still the default browser for company networks, IE Controller is the most useful security app available. Controller allows you to prevent ads, monitor access and log traffic data as well as control ActiveX controls, the execution of scripts and programmes, and requests to restrict and control files. Just to be awkward, however, it is only downloadable as a .zip file.
For a youth-orientated browser, Safari's security apps naturally have a social media focus. Apple offer disconnects for Facebook, Twitter and Google+, allowing you to browse the internet without fear of details exchanged with social networking titans being taken by third parties.
The Facebook app is far more comprehensive and offers protection on over a million sites, while the Twitter and Google+ editions will give you a warning before stepping into dodgy territory. Twitter Disconnect only protects on 20% of sites carrying the Twitter widget and the Google app covers a mere 25%. While disconnects aim to protect the user, Ghostery provides the user with intelligence, helping them detect third-party activity and control their interactions with large companies, with regard to scripts and images.
TrafficLight aims to slow you down as little as possible while still extensively bolstering your browser security by partly functioning as part of a cloud network. It will perform a number of checks on various pages and ensures your anti-malware protection is up to scratch.
CookieStumbler is Safari's main cookie defence and works easily enough. Once downloaded, it will ensure you are not susceptible to cookies; it is unobtrusive and exceedingly simple to use. Much like with Firefox, all of these apps are available on the Safari App store and easy to download right away.
Considering it's the most basic part of online security, you should put a little bit of thought into using different passwords. Considering the number of different passwords we use, it can be difficult, but while there are password managers apps out there to help you out (found further below), some of you may only need passwords for two or three sites. If that's the case, keep these rules in mind when you're thinking up some new passwords.
An obvious suggestion, but whatever you do, don't use the same password for every site you're signed up to. If someone does manage to hack your account, you can be pretty sure that the rest of them will fall like a house of cards. Make sure they're different enough to
Mix it up
When creating your passwords, make sure you're placing different symbols into it so that they're harder to crack. Looking at the chart below, you can see how much symbols, numbers and even uppercase letters can improve your password security.
Change it regularly
It's normally good practise to change your settings so that you don't fall victim to any hacking attempts. A good rule is to change your password every two to three months to keep protection up.
Add complex passwords for your smartphone
For iOS, you can give your phone a complex password (one that isn't four numbers) and use that to strengthen your phone security. Just go into settings, general and then password lock. You will see simple passcode in the centre so disable that to enter a more comprehensive password.
Android phones also have a nine point unlock system which lets you create 389,112 possible combinations so you should be relatively safe through that.
Another obvious one, but if you leave yourself logged into your profiles and someone else gains access to your computer, then you've only yourself to blame. Always log out when you're finished to ensure this doesn't happen.
Password Management Apps
Sometimes just having the basics isn't enough. More often than not, you will need something that will help you keep on top of all the different passwords and accounts that you have active. Here are a quick selection to choose from.
Cost: Free(30 days); $49.99
Platform: Mac, Windows, iPhone/iPad, Android
One of the more popular password apps out there, 1Password helps create strong, unique passwords for you, helps you remember them and then stores them in your Web browser, ensuring secure protection as all you need to remember is your own master password. It also uses the cloud to keep 1Password in sync with all your computers and mobile devices. Handy to say the least.
Cost: Free (Limited Features) $12 a year
Platform: All desktop and mobile platforms
Another popular password management app. Lasspass is similar to 1Password in that it saves and syncs all your passwords with different devices and browsers. Packed with a whole range of features and the Freeware version means that it's well worth a try if you're looking for an alternative
Platform: All desktop browsers
KeePass is an open-source program which for a free app, offers a lot of features. Offering multiple user keys, password groups and database transfer among other things, it certainly punches well above its weight.
Platform: All desktop browsers
Another free app, except this time Clipperz lets you download a read-only copy of the application and your password data. Storing it as an encrypted HTML document, you can access your account online and access your passwords through your master password.
Guides & Sources
- Jeremiah Grossman of WhiteHat Security offers plenty of tips about how you can make sure you don't get hacked on the Web.
- Salon gives advice as to what you should do when your Twitter account is hacked.
- When LinkedIn was going through its hacking problem earlier this year, CNET provided a guide to updating your online security.
- Computer World gives advice as to how you can keep your Android smartphone safe and five apps designed to do this.
- PC World compile a handy list of security apps worth getting for Android and iPhone.