33% of people use the same password for every web site they access. 62% do not use complex passwords or change their password frequently. Of the nearly 75 million scam emails sent every day, 2000 claim a victim. 73% of Americans were the victim of some form of cybercrime. 25% of all cybercrime remains unsolved. The total number of incidents recorded in 2010 involving online attacks and computer infections exceeded 1.9 billion.
These are just a few of the interesting facts compiled using various Internet and computer crime statistics from the past two years. Spend just a little time researching the topic and you will find that in many cases of computer attack, unauthorized access, and financial loss resulting from computer crime, the actions of the victim were an enabling factor in the success of the crime. Are you potentially at fault for your online risk and exposure? Here are some questions to consider:
When is the last time you changed your password? If you are in the majority, you have probably not changed your password in a very long time, or possibly not at all. This single issue alone–retaining the same password for long periods of time–exposes your account and personal information to the greatest level of risk.
It is an established technical fact that the length and complexity of a password directly correlations to the amount of time it takes to crack the password. It is important to understand that using a password of at least 8 characters, and a combination of letters, numbers, and special characters, changes the level of difficulty and time for a password to be broken. Simple passwords can take less than a minute to crack, while complex passwords of eight or more characters can take months, if not years. The longer you retain a password the more time you are providing for the password to be cracked. Changing your password often–at least every 90 days–should be considered a requirement on every account you own.
On how many sites do you reuse the same password? Using the same password across multiple accounts makes things much easier for those of us that are very active online. It is so much easier to log into our email, social networking, banking and even our work accounts when we only need to remember one password. It also makes it very easy for the cyber attacker to access each of these coveted accounts, needing only to find the password for one to gain access to all.
Password re-use is a common issue and one that cyber criminals rely on when targeting an individual. It is critically important to your online security that you maintain separate and unique passwords for your accounts. While it is a security best-practice to not reuse a password anywhere there are instances where having a large number of accounts makes it impractical to maintain a separate password for each. At the very least, make it a practice to not use the same passwords on banking, mortgage, employer, or similar accounts that you use anywhere else on the Internet. If you must reuse the same passwords on your social networking accounts, for example, make sure this is not the same password you use for your email or online banking account.
Do you use the same login name for social networking sites as you do for your email or bank accounts? It seems like an easy way to save time, right? Just use the same user ID on all of the various accounts you have to save the hassle of remembering them all. The identity thieves think it’s easier, too. After all, using the same user name everywhere makes it easy for them to figure out what your banking account credentials are based on your Facebook login name or email address.
Following the same logic used in maintaining your passwords, never use the same user name across all of your accounts. At the very least ensure that your important accounts, such as banking, mortgage, etc., use a different user name as those of your email, social networking, and the like.
Do you use a Personal Firewall? Often taken for granted, personal firewalls are essential to remaining secure online. The purpose of a personal firewall is to limit the types of inbound and outbound access to and from a PC or laptop. The issue with using a personal firewall is that once installed and enabled we often forget about or ignore them. Seldom do we view the firewall logs to understand what is being permitted or blocked, or check for updates to ensure the personal firewall is patched and updated to counter current threats.
How often do you use or update your anti-virus/anti-malware software? Anti-virus and anti-malware software is susceptible to the same risks as personal firewalls: lack of attention and maintenance once installed. While most of the leading software packages perform automatic updates, often times we do not review the log files to ensure those updates are working properly. Along those lines, how often do you run a full scan of your system using your anti-virus/anti-malware software? If it is a manual process, it’s probably been a while.
When is the last time you backed up your PC or laptop? If the statistics are accurate, over 60% of those reading this article have not backup up their data in the past 3 months, if at all. Many have no idea how to perform a system backup, even though on Microsoft Windows–arguably the broadest install base for an operating system that this article applies to–the backup utility is included with the OS. The lack of solid backups ensures that in the event your data is lost or stolen you will not be able to recover your personal information.
At the very least you should be making simple backups of all important documents and files by copying to CD, thumb drive, or using an online backup service. Even archiving data using encrypted tar or zip archival formats and emailing those files to your personal email account offers a level of protection, although as a caveat keep in mind that all data stored online should be encrypted and password protected to ensure the data can only be accessed by the intended party.
Is your home wireless router secured with WEP? Many home broadband routers come with integrated wireless capabilities. While the instructions are relatively easy to follow to install and configure these devices quite often we find unsecured wireless access points in use in residential areas. This is a wide-spread security issue that enables war driving, where an individual drives around an area in search of unsecured wireless access.
When configuring your wireless access point device, use encryption to scramble communications over the network. If you have a choice, Wi-Fi Protected Access (WPA) or the more preferable WPA2, is stronger than Wired Equivalent Privacy (WEP). If WEP is your only option, however, create a complex WEP key and try to change that key every few months if possible. Also change the router’s manufacturer preset administrator password to something only you know. Remember: the longer and more complex the password, the tougher it is to crack.
Do you keep personal information or financial data on your Internet-connected PC or laptop? Without a doubt this is the greatest personal risk to having your home computer or PC connected to the Internet. Just a few short years ago the main purpose of virus and malware software was to cause harm to data stored on a PC. Today a new goal is becoming more prevalent: to access and obtain that data for financial gain. No longer are virus and malware authors creating this software just to wreak havoc on unsuspecting computer users, but instead they are crafting the code to find and collect as much personal information as possible and to return that information to the author.
Today we are dealing not with individual virus infections but legions of remotely-controlled botnets–a network of compromised computers infected with malicious software and controlled as a group without the owners’ knowledge. With such coordination taking place the collection of large amounts of personally identifiable information for financial gain has become a prime focus of malware today. As a result it has become a necessity to maintain our private information in off-line locations, such as CD, DVD, and password-protected thumb drives, so that unauthorized access to the computer is not necessarily unauthorized access to confidential data.
When we are faced with the unauthorized access of our online accounts and the potential loss of our private information, we are often quick to point at the perpetrator as the only guilty party. Seldom, if ever, do we take the time to ask ourselves if our actions–or inaction–made us an easy target. Failure today to take reasonable precautions to secure our online identities makes it more likely that we are the victim tomorrow.