SAN FRANCISCO – The RSA Conference 2013 on cybersecurity is winding down today at the Moscone Center and while a lot of the focus is on what big businesses and government agencies need to do, I took time with one security expert to talk about what things consumers need to do to stay safe online, either from their home computer or on a mobile device. They’re some things that are simple to follow but are too often overlooked.
I spoke with Limor Sylvie Kessem, a communications specialist with RSA, which is an industry leader in IT security and hosts the annual conference. She explained five steps that consumers should take that, if followed, will significantly improve their online security:
Update. When a pop-up message tells you that an update is available for your computer operating system or a key piece of software, stop what you’re doing and install it. It just takes a minute. Some of the updates are for fixing tiny flaws in how the software operates but many of them are critical security patches. On mobile devices, such as an Apple iPad or iPhone, look for the icon for AppStore. If there’s a tiny number like a “3” appearing on the icon, that means three of your apps offer updates. Click on the icon and select “Update All.” Devices running Android, Windows Phone or BlackBerry probably have similar notifications. Kessem is alarmed that so many people ignore these.
“Sometimes I just look at people’s mobile devices and they have a hundred things that they are not updating. I tell them ‘How could you stand it?’” she said. “A computer that is fully patched and fully updated … is already a huge step ahead in terms of security.”
Beware of Phishing. Phishing is the name for cyber attacks that try to trick you into clicking on a link in an e-mail. You may receive an e-mail from your bank that may even have the company’s logo on it, or an e-mail from a retailer you recognize and trust, inviting you click on a link to win a gift card or other prize. Don’t click on it. Instead, Kessem says, move your cursor over the link and the URL that the link is associated with will appear. If it’s not the actual URL of the bank or retailer, it could be a trick. If you’re unsure, instead of clicking on the link, go directly to the site through your browser; if it’s a site you visit often, you probably have it bookmarked.
Kessem’s advice is to be sensible.
“It’s just like anything else; you don’t walk into a dark alley with your wallet in your hand. You don’t do it on the Internet,” she said.
I’ve received text messages that appeared to me to be phishing attempts; I was rightly suspicious.
Don’t use shared computers. If you want to visit your bank Web site or an e-commerce site – any site at which you enter a username, password or credit card information -- don’t do it on a public computer. You don’t know whether someone has installed a keystroke logger on it that could record your logon information. Shared computers include those in a computer lab, a library, a cybercafé or other situation where you don't want to use a computer that someone else also uses, Kessem says, “because these things are known to be malware hubs.” Malware is a virus that can infect your computer so that a cyber criminal can take it over and/or steal information from it.
Avoid wi-fi. Wi-fi is a convenience that many computer users enjoy and come to expect at home, the office and at public places like coffee shops, restaurants and airports. But there are some things you can do safely on wi-fi and other things you should not do, said Kessem.
“It’s fine to go on wi-fi when you’re not doing anything important,” she said, such as checking news sites, widely available public sites like You Tube or searching for something on Google or Bing. But if you’re doing anything where you have to log in or share personal information, avoid wi-fi.
“Open wi-fi looks benign but it could definitely be sniffed, the communication can be stolen and recorded by somebody from the outside,” Kessem said. Sniffing refers to the practice of someone sitting within range of a wi-fi access point with an electronic device that can listen in on traffic and capture personal information.
A corollary to the no wi-fi warning is this one.
Choose 3/4G over wifi. Today, most smartphones or tablet computers give the user the option to connect wirelessly to the Internet via wi-fi or via their wireless carrier’s 3G or 4G network. Using wi-fi where it’s available is tempting, Kessem says, because it means you’re not using up minutes on the data plan for your 3/4G service. But it’s not worth it; use 3/4G.
“The 3G or 4G gateway is more secure, it’s usually encrypted communication because the carriers take care of that because it’s a paid service and you deserve to have it secure,” Kessem said, adding that the carrier doesn’t have security control over the wi-fi connection.
Overall, Kessem says, the key to securing your online communications, whether on wired or wireless networks, is to be aware of the risks and of how taking just a few sensible precautions can protect you.
“We’re very used to transacting [safely] in real world transactions, but it appears that consumers could use a little more awareness of what they are doing online,” she said.