Ten Tips For Improving Your Online Security: Part Two
After recently completing a highly technical cybersecurity bootcamp, I wanted to offer security tips that are accessible and achievable for anyone, not just those with a technical background. The first installment of this series can be found here. And below are ten more straightforward ways to keep yourself and your life — both virtual and in-person — more secure.
Updating Software Updates
It’s easy to ignore notifications about software or operating system updates. After all, it seems like we see them just about every week across our devices. However, it is important to update your phone, tablet, watch, computer, etc., as well as your device’s software as updates become available. The reason being, in addition to rolling out new features, updates often patch recently discovered security vulnerabilities.
So next time you see a prompt urging you to update your operating system, software, browser, etc., take ten seconds and do so. You’re almost certainly improving your digital security in the process.
Logging Out Of Public Terminals
This one’s pretty straightforward, but important to remember and practice nonetheless. In a perfect world, we’d never have to utilize a public computer to check our email or log into our social media. But sometimes you’ve just gotta go to Kinko’s to print a document that’s saved in your Google Drive.
At the bare minimum, triple check that you’re logged out of your email client, social accounts, or any other site where you had to enter a username and password. But an even better practice is clearing the browser history and cookies of the browser you’re using on that public computer. Make sure to clear the history for all time, just to be safe. The last thing you want to do is leave your Facebook logged in or your email username and password saved in the browser’s autofill for the next user to find.
Not Plugging In To Public Charging Stations
And speaking of public spaces, it’s a good idea to avoid using a public charging station to charge your phone. Especially if said station provides a USB cable to connect to your device. The reason? A public phone charging station can distribute malware to your smartphone or tablet.
The practice is called Juice Jacking, and the LA District Attorney’s office has a video that details this specific type of attack. The short version is, USB cables provided at public phone charging stations can contain malware that infects your smartphone, thus making the contents of your phone, including passwords, messages, photos, etc., available to an unseen attacker. It’s recommended that you use an AC power outlet with your own USB cable and plug, or your own portable charging device, to charge your phone at a public setting like an airport, coffee shop, etc.
Not Connecting Your Phone To A Rental Car’s Smart Dashboard
This tip goes along with the above smartphone protection. With travel set to return this summer, you may be planning to rent a car to get around. And while it might seem harmless to sync your phone with your rental car via Bluetooth or USB, you may want to think twice.
A Federal Trade Commission report details the dangers of syncing your phone with a rental car’s smart dashboard, including the car — and, by extension, the rental company and potentially the next person to rent that vehicle — gaining access to your location, contacts, or even your messages. Instead, the report suggests not connecting your device via Bluetooth or USB, and instead using a cigarette lighter for charging. Or if you do connect your phone to the rental’s dashboard, check your phone’s permissions and delete any data before returning the vehicle.
Unplugging Smart Speakers When Not In Use
Smart speakers such as the Amazon Echo and the Google Nest can be great for getting updates about the weather or listening to music. But they can also pose a security risk in your home. After all, it’s worth remembering these devices are connected to the Internet when plugged in. Additionally, smart speakers often utilize Bluetooth when connecting to your other devices. (Part one in this series covered Bluetooth vulnerabilities like Bluejacking and Bluesnarfing.)
A 2019 article from Yahoo Finance UK reported on Amazon and Google providing workers with audio recorded by their smart speakers. And a Threatpost article detailed how attackers can hack a smart speaker using just a laser from a distance of 360 feet!
As such, it’s in your best interest to make sure you delete recordings from your smart speaker’s account and limit the devices you connect to your speaker. Even better, unplug your speaker when you’re not using it. The last thing you want is to leave your smart speaker plugged in while you’re making a sensitive call to your bank or a medical provider, or while having a sensitive conversation in-person within range of the speaker.
Not Opening Links Sent Via Text Messages
In part one of this series, I covered basic email security etiquette. The short version being, double check that you know who a message is from, and avoid opening email links if possible, instead opting to visit a website directly from your browser. A similar sentiment applies to text messages.
A link sent via text may seem legitimate (a reminder about a doctor’s appointment, or a restaurant reservation), but it could be an attacker attempting to gain access to or control of your smartphone or tablet. A 2019 WIRED article even detailed vulnerabilities in the iOS iMessage client on Apple’s iPhones that would allow an attacker access to your smartphone just by sending a text, without you even having to click on a link. (The vulnerabilities have since been patched.)
The FTC details how to recognize spam text messages and how to avoid falling prey to a Smishing attack. As with email security, a safer option when receiving a text about a web or mobile service is to log in directly via the site or app itself to check the status of your account, versus clicking on the link in the questionable text.
Covering Your Computer’s Webcam
This is a simple one. Buy a webcam cover on Amazon. Or just get some heavy tape. This is an effortless (and incredibly cost efficient) way to block a commonly used vulnerability. This article from antivirus service Norton details additional steps to secure your webcam, including keeping up with operating system updates on your device, utilizing VPNs and firewalls, and more.
And just like with the smart speaker scenario, consider closing your laptop if you’re calling your bank or otherwise discussing personal information, to reduce the risk that an attacker remotely accesses your computer’s built-in microphone.
Checking The App Permissions On Your Mobile And Tablet Apps
It’s worth taking a few minutes to go through the permissions granted to the apps on your smartphone and tablet. It’s very likely many of them don’t need constant access to your camera, microphone, and/or location. Similarly, it’s a good idea to limit the access your device has to your photo library. If possible, choose an option that gives certain apps access to photos you choose. This is a quick and easy way to keep your phone’s personal information (texts, photos, notes, etc.) more secure from app developers and attackers alike.
Checking Your Log-Ins And Locations For Your Social And Email Accounts
And while we’re talking about checking in on your digital activity, it’s worth taking a few minutes to make sure you’re the only one logging into your email client and social media accounts. Below are quick guides on how to check the login history of your Gmail, Facebook, and Twitter accounts.
In Gmail, scroll to the bottom of your inbox. In the bottom right corner of the screen, it will read “Last account activity: (X) minutes ago. Details.” Click on “Details” to see your account’s recent login activity. Especially if you suspect any unauthorized accessing of your account.
Facebook makes you work a bit more to find your recent login activity. As of this writing (April 2021), the process on the desktop version of Facebook is as follows. Start by clicking on the upside down triangle symbol in the button in the top right of your screen. That opens a drop down menu. From there, click on Settings & Privacy. From that menu, click on Activity Log. That will take you to a new page. From there, click on Logged Actions and Other Activity on the left side of the screen, and scroll down to Logins and logouts. There, you’ll finally see the dates and times of (you guessed it) your recent logins and logouts.
For Twitter on the desktop, start by clicking on the More button on the left side of the screen, above the highlighted Tweet button. Next, click Settings and privacy. You’ll then see two rows of options. Settings and Your Account. Under Settings, click on Security and account access. Then, under Security and account access, click on Apps and sessions. From there, you can click on Account access history to see all of your recent logins. You can also click Logged-in devices and apps to see what hardware or services have access to your account.
It’s worth checking on any other apps or websites you use frequently, especially those containing sensitive information (emails, messages, finances (more on that below), and/or health information), to make sure you’re the only one logging into your accounts.
Tracking Your Finance History (Banks, Credit, Finance Apps)
One more note about keeping tabs on your digital information. This is a simple but essential strategy for protecting your identity and finances. Check the accounts for your bank and any credit or financial accounts and apps at least once a week. Identity thieves are counting on victims not keeping up with their accounts, which allows bad actors who may have gained access to your accounts to use your finances for their own purchases.
Checking accounts at least once a week means you’re more likely to spot a purchase on your account that you didn’t make, thus allowing you to contact your financial institution or the app in question as soon as possible, versus missing fraudulent charges until weeks or months later.
Keep watching this site for more everyday security tips in the coming weeks!
