18 Secrets to Steal from People Who Never Get Hacked
Learn the best practices that stop cybercriminals in their tracks.
The rising problem of cybercrime
Cybercrime is a massive problem that doesn't look like it's going to get better anytime soon. Cybersecurity Ventures' latest annual report estimates that cybercrime will cost the world $6 trillion annually by 2021. That staggering figure takes into account a multitude of factors, including stolen money, lost productivity, restoration, and the deletion of hacked data and systems.
And cybercriminals don't only go after big organizations. "The victims of cybercrime involve individuals, organizations, and businesses alike—virtually everyone from all walks of life," explains the experts at SSLStore. In its 2018 Internet Crime Report, the FBI's Internet Crime Center (IC3) says it receives an average of 900 cybercrime complaints per day.
There are ways to protect yourself from cyberattacks, but unfortunately, there isn't one all-powerful tool that does everything. "The right way to think about computer security is to liken it to Swiss cheese. Any slice of Swiss cheese is full of holes, but if you layer another slice on top of the first one, they cover up each other's holes a bit," Roger Thompson, founder of Thompson Cyber Security Labs, tells Reader's Digest. "Two or three more layers and all the holes are covered up."
Here are some of the best practices of people who have successfully avoided becoming victims of cybercrime. And after you've learned what they do to protect themselves, check out these cybersecurity secrets hackers don't want you to know.
They never shop on a website with an "http" URL
"Only transmit personal data on websites that are https. The 's' indicates a higher level of security. Nowadays, all the reputable e-commerce sites are https—including Amazon, Walmart, Target, and Google, plus the major airlines, banks, car rentals, hospitals, social services, and hotel chains. Most scam sites, however, are http (no 's' at the end), because http sites are cheaper than https sites. So, if you receive an email solicitation to use at a website that's http, be extra careful. It could be a fraud attempt." —Monica Eaton-Cardone, COO of Chargebacks911. Even trusted websites can pose problems, though. Check out this list of the most (and least) secure online retailers in the country.
They only use trusted apps
"Cellphone users can risk exposure to viruses, malware, and other online threats in many ways. Always use trusted app providers from trusted sources such as the App Store or Google Play. Jailbreaking your phone is one of the biggest risks to malware and other potentially dangerous viruses." —Braden Perry, a litigation, regulatory, and government investigations attorney with Kennyhertz Perry, LLC. Plus, if these apps are still on your phone, someone may be spying on you.
They use a VPN
"VPN to the rescue! A VPN (Virtual Private Network) encrypts your Internet connection to secure it and protect your privacy. You can select the no-sharing option to further protect info from nefarious hackers. There are heaps of VPNs to choose from. Personally, I use NORD VPN—no affiliation. It's a good value and has excellent features." —Ethan Taub, CEO of Goalry and Loanry. Here's more about how one click can keep your information safe on public Wi-Fi.
They don't use debit cards for online purchases
"If you're the victim of fraud, a debit card offers scant protection. Credit cards protect you far more comprehensively and provide you with an extra layer of security. So use a credit card as a precautionary measure. This way, if you are victimized, your recovery will be faster." —Eaton-Cardone
They use two-step verification
"Use Multi-Factor Authentication (MFA)—aka two-factor (2FA), aka two-step verification—whenever and wherever possible. Both Microsoft and Google have recently stated that MFA will stop 99 percent of all automated attacks." —Dave Hatter, a software engineer and cybersecurity consultant. Don't miss these clear signs you're about to be hacked.
They protect their credit card info
"Don't save credit card information on sites where you purchase something. And open a separate credit card specifically for online transactions." —Hatter. Here are 14 things you should never do when using public Wi-Fi.
They lock out lost devices
"If a mobile device is lost—laptop, USB drive, smartphone, etc.—and it has company data on it, report to your IT department immediately so user accounts can be disabled and/or monitored for suspicious activity and devices can be locked out of the network." —Michael Bisso, Director of IT at Edelstein & Co. By the way, these 15 things make your phone an easy target for hackers.
They protect their passwords
"Protect passwords and change default passwords when applicable. Use password-protected Excel documents to track usernames and passwords. The current version of Excel has strong encryption that's almost impossible to break. Make sure access to the file is protected by a strong password." —Peter Purcell, cofounder of EVAN360 and a cybersecurity expert. Change your settings immediately if you use any of these 25 passwords.
They use password managers
"A password manager is the most amazing thing in our password-cursed world. We have passwords for everything. Most folks fall back to using the same password everywhere. This makes hackers' lives very easy. They can compromise a website account set over here, and use those credentials at multiple other sites. It's like carrying the key to a locked door. Password managers will help manage your passwords. They will create complex passwords, they will enter them at the various websites for you, and they will securely store them between use. Win, win, win! You have no excuse not to be using one." —Nathan Maxwell, a cybersecurity expert at CCI
They don't click unknown links
"Never click on links in emails. Phishing emails are incredibly successful at impersonating sites you trust, and they appear much more legitimate than in the past. Visit the source website of the email before proceeding with the requested action." —Purcell. This is what happens when you respond to spam emails.
They avoid connecting to public Wi-Fi
"Hackers are able to exploit users of public Wi-Fi through intercepting the traffic as it passes over the network, or hackers will set up fake 'honeypot' Wi-Fi access points in order to trick users into connecting. The goal of the attacker is to be able to obtain authentication credentials for things such as social networks or bank accounts, among other nefarious motives." —Alex Heid, Chief R&D Officer at SecurityScorecard. For a better option, learn how to turn your smartphone into a mobile hotspot.
They take precautions when using connected devices
"Think of IoT (connected) devices just like any computer—they have an IP address. But when people deploy smart TVs, baby cameras, and devices like that in their homes, they, unfortunately, don't usually take the same safety precautions as they do when setting up a computer. My advice to consumers is the following:
- Read the manual: This is crucial to know what it takes to secure the IoT device.
- Make sure you have a firewall on your router. It will protect your devices in many cases.
- Create new and secure passwords for each of your devices.
- Always install updates. A 'smart' device can easily fall out of date, leaving the device vulnerable to hackers." —Aleksandr Yampolskiy, CEO and cofounder of SecurityScorecard
They are aware of data breaches
"A lot of folks will check sites like www.haveibeenpwned.com to see if any of their accounts have been compromised via a data breach. By simply entering their email address, people will be provided with a list of all breached accounts associated with that email account. It's a great way to stay up to date and manage risk." —Adam Dodge, founder of EndTAB. Make sure you know these 23 tips to prevent identity theft and other cyber scams.
They are wary of random outreach
"I would advise you to be especially vigilant during events that may arouse our emotions. These may be sports tournaments or shopping opportunities, but also changes in law or taxes. Such events can be used by hackers to conduct phishing attacks. Criminals can manipulate our emotions or information and rely on an ignorance of the issue and their negative emotions, such as stress, time pressure, or fear of financial losses. What should we watch out for? Contests and promotions that offer tickets for matches, impersonating a tax office or bank and sending infected 'instructions,' or urging you to pay for items that are essentially free." —Ole Brockhuus, CEO of SpotTheSpy. Don't get fooled by this gift card scam.
They don't use public chargers
"In our busy, on-the-go lives, sometimes there is no option for charging a phone other than a USB plug at a nearby public charging station, but unsuspecting users may find their data and device at risk. Hackers can modify these stations to download information without user consent or install malware onto a phone. In such cases, the best thing to do is to bring along a portable charger or connect a charging wire to a trusted personal computer that will refresh the device's battery but not endanger the smartphone or its data. For example, Apple has recently added a feature that asks the user to either grant or deny trust to the computer when charging with a USB. If the user denies trust to the charging computer, the USB will only allow for the battery of the smartphone to be charged and not for any data to be transferred." —Hagay Katz, VP of Cyber Security at Allot.
They update their security software regularly
"You should have antivirus software on your phone, laptop, and other devices to keep them safe. However, these programs can only protect you from the threats they know about. Companies will add new protections to their software as emerging cyber threats are identified. If you don't keep your software up-to-date, you won't be protected from the latest threats." —Colton Devos, a marketing and communications specialist at Resolute Technology Solutions
They come up with creative answers to security questions
"Set up difficult security questions to avoid having someone find the answers online. Get a little more creative with the answers, and never share this data with anyone." —Rachel Wilson, Investigative Coordinator, Client Relations, at The Smith Investigation Agency and The Smith Training Centre. Here are some tips on how to make your password recovery questions harder to hack.
They keep things manual
"Turn off any sharing or auto-downloads activated on your mobile device to limit access to Cloud-based applications or stored information on your device." —Heather Paunet, VP of product management at Untangle. Next, check out these 17 everyday things you didn't know could be hacked.