How to keep your online accounts safe
Online security has never been more important. As consumers we’re doing more and more things online now than we have in previous years. Most people shop and bank online these days, meaning the security of your accounts is of vital importance. In a lot of cases, the password you enter at sign in is the only level of security protecting your online account.
Security is not a single line of defence; it must consist of a layer of good habits and technical measures – such as keeping strong, unique passwords and running regular anti-virus scans.
Below are a few tips to keeping your online accounts secure:*
Password Security Password Security
Do not reuse passwords between websites
It’s very tempting to use the same password you use for one online account with another website, but it is absolutely critical in this day and age that you do not fall into this habit.
Hackers know that a great deal of people use the same (or similar) passwords for most of the accounts they use online, so when they get hold of a password for one account, they will often use an automated process to try and login to as many online services as they can with that password.
In that scenario, if your email account is compromised and you use the same password for an online shopping website, as well as your social network profile and your online bank – the hacker will be able to login to all of those services.
The problem with ensuring that you do not reuse passwords across different websites is of course that you may find it difficult to remember all your passwords. We recommend using a secure reputable password manager to hold your passwords for you – see 'Use a password manager' below to learn more.
Use strong passwords
Strong passwords use a combination of uppercase and lowercase letters, numbers and if possible special characters. This makes it very difficult for automated programs and hackers to guess your password. Check out the 'Understand how accounts become compromised' section to understand how account passwords are often guessed.
Do not use real words in your password. Hackers will often use an automated system to attempt to use dictionary words as your password, so if your password consists of a dictionary word – there’s a good chance they’d be able to login and compromise your account.
A good way of securing your password is to substitute some of the letters in your password for numbers. For example, instead of writing the letter 'S', you could use the number 5, which looks very similar. The same applies for other letter and number combinations.
Never share your passwords with anyone
It may sound like a basic point, but it’s one of the most important. Never share your password with anyone. You may inherently trust that person, but you have no guarantee that they follow adequate security precautions and you can therefore not be certain of the security of the password that you have shared.
For example, if you provide your password to someone who enters it into a computer that is infected with malware, or they write it into a book of passwords that they keep – your defences to online fraud are instantly weakened.
This includes speaking to professionals like Technical Support Agents, or your computer engineer.
Change your passwords regularly
It is good practice to regularly change the passwords you use online, even if you use strong, unique passwords and don’t have any reason to believe your account is compromised.
Online accounts can be compromised (sometimes through no fault of your own) and hackers may just monitor your online accounts – such as your email address, waiting for something valuable to appear, such as a password reset email for your online bank.
There may be no visible symptoms that your account has been compromised, so changing your password regularly is a good way of minimising the risk of this happening.
It’s up to you how often you change your passwords, but it's generally a good idea to change them every few months.
Use a password manager
Password managers are software applications that store your login information for all the websites you use and help you log into them automatically. They encrypt your password database with a master password – the master password is the only one you have to remember.
This allows you to have strong, unique passwords for all your online accounts – meaning you don’t have to remember them.
When using a password manager, it is vital that you use a completely unique and very complex master password, and use two-factor authentication where possible. If your password manager’s master password is obtained by a third party, they could then gain access to all of your online accounts from there.
Be sure to use a reputable password manager by researching and reading user reviews before downloading/installing.
Review your password recovery questions
Most online services have password recovery options that can be used to regain access to your account if you forget the password for it. These questions normally ask for things like your favourite football team or your mother’s maiden name.
Ensure that you make these questions and answers as hard as possible to guess and if possible, select questions that only you will be able to answer.
Run anti-virus scans across all of your devices Run anti-virus scans across all of your devices
Ensure that you have anti-virus software installed on all the devices that you use. Computers, tablets and mobile phones can all be infected with malware.
Mobile devices and computers running Apple Mac OS and Linux are less likely to be infected than a Windows computer, but there’s still malware available for them – so it’s important that you run regular virus scans across all devices just for peace of mind.
Keep all of your devices up-to-date Keep all of your devices up-to-date
Here’s a big one that seems to slip under a lot of people’s radar. Software applications often have vulnerabilities in their code that can be exploited by a third party in order to perform malicious attacks as well as stealing personal information. Software developers will fix vulnerabilities in their applications once they’ve discovered them, but in order for your devices to benefit from the fix, you need to update the application to the latest version.
This also goes for operating system updates, be it on your computers or mobile devices. If there’s a software update available, it is very important that you update – running older versions could mean you are susceptible to attack.
Authentication and encryption Authentication and encryption
Use two-factor authentication where possible
Some online services offer a second form of authentication where possible, normally by sending a text message to your mobile phone to confirm you’ve logged into your online account from a device you haven’t used that service on before.
Use two-factor authentication wherever possible. A number of online services offer this as an option but it’s not enabled by default. Using this form of authentication adds a second layer of protection just in case your password is obtained by a malicious third party.
Encrypt your sensitive information
This may not be applicable to everyone, but encryption may come in handy if you have any personal data that you want to protect from falling into the wrong hands if your computer is stolen or your computer is taken over by malware.
Encryption is the most effective way to properly secure your data. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it.
There are a number of applications available that can be used to encrypt files. Some computer operating systems have options to encrypt your hard drive’s contents when the machine is not being used.
Also, a number of password managers include secure note functions, which allow for text to be held securely.
Suspicious messages and fraud attempts Suspicious messages and fraud attempts
Be aware of suspicious emails or messages
Emails can be configured to look like they’ve originated from a specific company or individual when in fact they haven’t. It is good practice to never click on links in emails and never respond to emails asking for information unless you are 100% certain that the email is genuine.
If you have any suspicions, contact the company or individuals the email purports to be from to query the legitimacy of the message.
Report online fraud attempts
If you spot a cybercrime incident or you're the victim of one, the Police have an online reporting tool that allows you to flag the incident - actionfraud.police.uk**
Also, if you know the IP address that is responsible for committing the abuse (such as a network attack, sending spam emails or abusive messages) you could report the incident to the Internet provider that owns the IP address. All reputable Internet providers forbid their users from committing abuse using their Broadband connection. Customers who do commit abuse could be disconnected from using the service.
You can identify who the Internet provider is by running a Who is lookup on the IP, the results will tell you the provider that owns that IP address and in most cases it will provide an email address you can use to report the incident. You can run a Who is lookup using this website – ping.eu**
Keep physical security in mind Keep physical security in mind
A good portion of incidents where personal or financial information has been subject to theft involves a physical security failure, often by the victim.
- Ensure that you lock your computer or log out of it when you’re not using it, even if you’re just leaving it for a minute or so to grab a coffee
- Never set your web browser and other applications to remember your account passwords unless you are the only person that uses that computer (or profile if the computer has user profiles setup)
- When using a computer you share with others, always log out of any online services after you stop using them
- Don’t write your passwords down on paper. Burglars are becoming increasingly aware that people keep passwords written down, and they exploit this when committing burglaries
- Never provide information or data to someone you do not trust, if you have any suspicions that someone is not legitimate, ask for identification or contact the company they claim to represent
Understand how accounts become compromised Understand how accounts become compromised
Online accounts can become compromised in a number of ways, below are a number of the most common techniques used by hackers:
- Malware – Often referred to as viruses, malware is malicious software designed to steal personal/financial data or use your computer in order to commit abuse such as participating in network attacks. Malware is often installed without a user’s knowledge, and is often bundled with illegal downloads of media or on less than reputable websites
- Phishing – Malicious third parties may send emails or other types of messages that are designed to look like they have been sent by a reputable company or individual in order to obtain information from you or to infect your machine with malware. An example is an email that appears to come from your bank, asking you to update your online password
- Social Engineering – This is where a malicious third party uses social techniques to trick information out of someone or to trick someone into doing something for them. A good example is someone calling you advising they’ve noticed your computer is infected with malware, and they require access to your computer in order to resolve it. Once given access, they will be able to access your machine and can install malware, extract personal information and even hold your data to ransom
- Password attacks – A password attack is when various techniques are used to gain access to a system or service that requires a password
- Dictionary/Rainbow attacks - Common techniques include an automated process attempting commonly used password or dictionary words, trying them one after another until access is gained
- Brute force attacks - Some automated process are also used to try every possible combination of letters, numbers and special characters in order to eventually guess the correct password for that account
- Password re-use attacks – Hackers know that a great deal of people use the same (or similar) passwords for most of the accounts they use online, so when they get hold of a password for one account, they will often use an automated process to try and login to as many online services they can think of with that password
- Vulnerability exploitation - Software applications often have vulnerabilities in their code that can be exploited by a third party in order to perform malicious attacks as well as stealing personal information
- Data leaks - Malicious hackers rarely keep stolen data to themselves, they will publish usernames, passwords and any other data they’ve obtained online for the world to see. This will then trigger other malicious third parties to perform identify theft or access your online accounts using the credentials that have been leaked online
Further advice regarding security issues including what to do if you’ve been the victim of online fraud or cybercrime, please visit virginmedia.com/securityhub
*These fixes are provided as a courtesy and we are not responsible for any problems encountered whilst applying these steps and we are not able to provide any technical support for such problems.
** These links to external sites are provided as a courtesy and we are not responsible for the content of these sites or any problems encountered whilst applying these steps and we are not able to provide any technical support for such problems.