Tuesday, August 16, 2016

My Ten Commandments of Online Security

My mother always advises me not to carry out monetary transactions online as there are rampant cases of online frauds. I am well aware of her fears but still I carry out the transactions as they are effortless and very easy. Moreover, there is relatively less loss of cognitive energy when compared to the transaction to be carried out in the physical world.

Although the major fear involved in the online transaction is the loss of money there are other things which need protection, like identity theft which constitutes a major portion of online theft. The online thieves are everywhere and are looking for anything which can be used or sold. Therefore, in order to avoid it or minimize it (we can't be foolproof) we need to follow some simple steps which will ensure better safety for us and better surfing experience too.

Before I enlist the rules I follow to be on the safer side I would like to ask what are we protecting online? Is it our content, money, software or any other kind of intellectual property? No. Though we are protecting it we can do it if we can protect our user name and password. Yes, the most important thing is the login credential of an individual. If we are successful in protecting it then everything else will automatically be protected. I think now I am absolutely clear. So let us start with the rules.

Rule 1 - I will proceed with the transaction only with the trusted sites. This is the foremost and the most important point. Sometimes what hackers do is that they spoof the web address of the website and we access the spoof and enter the confidential information which is directed straight towards the hacker. In technical terms, it is known as 'Phishing'. In order to avoid this type of attack always remember to click the padlock icon at the right bottom corner of the browser and check the certificate which is issued to the website by the Certified Authority.

Rule 2 - I will ensure that my identity is passed through HTTPS protocol. Here I would like to talk a bit about encryption. Encryption is a process by which simple text is transformed into unreadable text also known as cipher text. Actually when we send data via HTTP then it is easy for the hackers to capture the text and read it, but, when we are using the HTTPS protocol, the data being send is not possible to comprehend as it is encrypted. Therefore, always look for the HTTPS sites as they are far more secured.

Rule 3 - I will use the public computer cautiously. This is the most dangerous place to carry out any kind of transaction online. Most of these computers are on an un-trusted network and anyone's identity can be easily compromised. What if the public computer has some spyware like Keylogger to record the keystrokes as we type? Therefore, never use a public computer for exchanging sensitive information. Moreover, as an extra step for safety, we can delete the cache and other private files from the browser and history of the computer

Rule 4 - I will use the virtual credit card for online shopping. This is an essential step. Suppose I do a lot of shopping online and have to reveal the credit card credentials every now and then so there is a danger of it being misused. Once it gets into the wrong hands, I will in deep trouble. Therefore, it is better to get virtual cards issued from the bank which carry pre-decided amount and the best part is that these are only for one time use and not for repeated use.

Rule 5 - I will not pay heed to the mails and attachments received from anonymous addresses as they may contain 'Trojans' and will send out the confidential information from my computer to the hacker's den.

Rule 6 - I will keep changing my password and will never write them anywhere. As the saying goes, "Change is the only thing permanent". This means everything is temporary, even your password. Keep updating your password or else you are making your account more and more vulnerable. Also never write them anywhere for your reference. If your reference falls in the wrong hands then your security will be compromised. Also try to use different passwords for all the accounts.

Rule 7 - I will create complex passwords. Not only hackers but anyone close to you can get an idea about your password if you create passwords which are related your name, family, birth date or any other related thing. Even if you are creating these types of passwords then be sure to use some special characters like hyphen, under score, ampersand, exclamation mark etc. Never use password that is related to the account or user name. This is the most common mistake committed by the majority of people.

Rule 8 - I will always use an anti-virus and regularly update it. Anti-virus software is an important tool to fight viruses and worms who are trying to infect our computer. Regularly updating the software is also an important task as every now and then new viruses are being created and in order to terminate them we need to be loaded with the new virus definitions.

Rule 9 - I will keep my browser up to date. No one is perfect not even your browser. There are many security issues involved. Hackers are working everyday to create something new with which they can breach the security, therefore, we need to keep track of such threats. We must always keep our browser updated as it is an interface using which hackers can easily gain access to our computer. We must update our browsers as and when required so as to fix some bugs or install new features.

Rule 10 - I will never forget to logout and then close the browser window. In case of those web sites that use cookies to track sessions, when the user logs out, session-only cookies from that site will usually be deleted from the user's computer. In addition, the server invalidates any associations with the session, making any session-handle in the user's cookie store useless. This feature comes in handy if the user is using a public computer. As a security precaution, one should not rely on implicit means of logging out of a system, especially not on a public computer; instead one should explicitly log out and wait for the confirmation that this request has taken place.

The rules above are quite simple but very important to be followed. One must always stick to these rules thereby ensuring his/her online security and integrity.