Thursday, November 23

Tips for Staying Safe Online

In recent weeks, the Heartbleed security bug has headlined hundreds of news stories. Not only were user names, passwords, and other personal information potentially exposed, but there was little consumers could do because the vulnerability was in the security software that many Website servers used. Needless to say, once the bug was identified the majority of endangered websites rushed to patch the problem. Two weeks after the public announcement, only an estimated 2% of vulnerable websites had not fixed the problem. Now that most exposed websites are patched, consumer can and should change their passwords.

The alarm bells sounded by the Heartbleed bug may be dying down now, but they can teach everyone who goes online an important lesson: Providing online security for your digital devices—computers, tablets, smartphones—is not a one-and-done task; instead, it is an ongoing process. Now is the time to review these important tips to ensure that you are keeping all your Internet-enabled devices as secure as possible to protect your personal and financial information.

First, What Is the Current Status of the Heartbleed Bug?

The Heartbleed bug is a flaw in specific versions of the security encryption software—OpenSSL—used by the webservers for many websites. This flaw theoretically could give access to personal information such as usernames, passwords, credit card numbers and the like to hackers, but the hacks, if any, left no "footprints" that could be traced. The bug was inadvertently introduced to OpenSSL code about two years ago and just discovered recently. While most big financial institutions including banks and credit unions were never vulnerable, other popular websites discovered they were vulnerable. The vast majority quickly made patches. Some websites alerted member users to the fix and others posted the status on their home pages. Others remain silent.

So what can you do? Experts recommend that you now change the password on all your web accounts. It's also a good opportunity to make your passwords more secure. Our "How to Build Strong Passwords" article shows you a good way to create longer, more secure, but easy-to-remember passwords for every website.

What Can You Do to Stay Safe Online

  • Install security software on your computer and mobile devices
  • Secure your home wireless network
  • Use strong passwords and change them regularly
  • Log on and log off every time you use a site
  • Avoid phishing scams
  • Don't use public Wi-Fi for privacy business

Now, What Can You Do Going Forward to Stay Safe Online?

Here are some action steps you can take now. But remember you have to make these actions an ongoing habit and you have to keep any software involved updated.

  • Install Security Software on Your Computer and Mobile Devices
    Security software should include a firewall, antivirus, and antispyware/adware functions. Some also offer antispam and antiphishing functions. Keep these programs updated; you can typically schedule automatic updates. Enable regular scans.

  • Make Sure Your Home Wireless Network is Secured
    I am amazed at how many people use security software on their wireless devices but then don't secure the wireless network. Doing so is not hard. You'll find the steps in the instructions that came with your wireless router.

  • Use Strong Passwords and Change Them Regularly
    A strong password will not be any fact easily associated with you (such as birthdate, birthplace, parental names, pet names, former schools, and the like), a word found in any dictionary, or a logical string of letters or numbers. Instead, it should be more than 8 characters long, contain numbers, letters and symbols, contain uppercase and lowercase letters. Each website should have a different password. Experts recommend changing your passwords regularly. As mentioned earlier, our article "How to Build Strong Passwords" shows you how.

    If you need to keep a list of passwords, keep them securely at home. Don't store them on the device (or put them on sticky notes) or in your desk at work or in your wallet.

  • Log On and Log Off Each Time You Use a Site—Don't Stay Connected
    We emphasize this rule for websites on which you conduct financial transactions such your financial institutes, credit card accounts, utilities accounts, retail accounts, entertainment streaming accounts and the like. When you establish an account or log on and the site asks "remember me on this site" always choose "No". Staying logged on to social media sites may also make your information vulnerable, but more important, most social media sites track your activities online. We recommend that you log on and off of social media rather than leave it up.

  • Avoid Email Phishing Scams
    You know the drill on these: Don't open email from someone you don't know. Don't click on links in unsolicited emails. If the email and link appear to come from an entity you do business with, contact the person or company using contact information you got independently. Don't download unknown or suspicious attachments.

  • Don't Conduct Private Business on Public WIFI
    Checking your savings account balance or paying your bills using the free WIFI at your favorite coffee shop or sandwich bar is asking for trouble. Even using a Virtual Private Network may not be safe in all cases. The safest policy is to perform these tasks only on hardwired devices or secured private networks.

  • Keep Your Business Computer and Mobile Devices Strictly Business
    Because you don't control the environment for business devices (or even access to all of them), don't store your personal and financial information on a business device and don't conduct personal business on them.

  • Use One Credit Card for Internet Purchases
    One of the great conveniences of the Internet is that you can purchase all kinds of goods and services with the click of a mouse or the wave of a smartphone. The safest way to pay for these purchases is still by credit card, not debit card. Also, experts recommend that if you have more than one credit card, you identify one to use for online purchases. On retail sites that must store a card, use that one card. If you aren't required to store a card, entering the card number for each buying occasion may be safer.

Paying Attention Can Protect You

It's not hard to follow these steps. As you can see, some take a little effort when you set up your devices and others just take a little more effort to conduct personal business in safe environments. The plus can be much greater security and privacy for you.


Originally published May 2014.

FoolProof Education

FoolProof Education is a highly interactive, self-grading group of online lessons called "Modules." The Modules teach consumers of all ages about money, financial responsibility and the realities of the free enterprise system.

High School, College & Home School Curriculum

Closely aligned to the Common Core standards and state personal financial literacy requirements.

Educate Yourself, a Friend or Family Member

Choose from a wide variety of topics. Start and stop and continue at anytime.