Six Helpful Tips for On-Line Safety

By William Knox, Legal Assistant, and Staff

At Brown, Brown & Young, as with most businesses these days, much vital information is now in a digital, computer-based format, and much communication occurs over the internet. That moves us to make sure that our security systems are absolutely the latest and best, to protect our data from spies, hackers and even on-line thieves, and that our safety and back-up systems are likewise the latest and best, so that our data is safe and secure no matter what might happen to an individual computer, file or even the entire office!

The reality these days is that the same kind of steps we have taken here at BB&Y also need to be taken by everyone who uses a computer and the internet — and that pretty much means EVERYONE! Most of these steps are things you have either heard about or even might have practiced before: so here are six "helpful tips" to make sure you're doing them correctly!

1. Keep Your Computer and Its Installed Programs Up-to-Date

Most newer operating systems and software programs have a default setting that auto-updates to their latest versions. This is important, because cyber-thieves can break into your computer through flaws or "chinks" in older versions of software and operating systems (in fact, most updates include "sealing off" discovered holes). It is prudent to update to the latest versions in order to remove security vulnerabilities.

Many people hold off performing these updates. If you have a legitimate reason to hold off (for instance, if doing so will "break" a program crucial for daily business operations), OK — but do the update as soon as you can nonetheless.

2. Have Strong, Unique Usernames and Passwords

We can't say this strongly enough: never, EVER, use the same usernames and passwords across multiple accounts, programs, services, devices and websites.  Always use different unique usernames and passwords — a different one EVERY SINGLE TIME, for everything you do on-line.

The reason for this is obvious: if your log-in credentials are the same everywhere, then if one program is compromised, all are, and every account you have is now at risk — including your bank accounts or credit card accounts. Your "identity" has been completely compromised!

We're not trying to scare you into never doing things on-line; we are just saying that having uniquely different usernames and passwords makes it more difficult for someone with nefarious intentions to access and control your identity.

Usernames should be impersonal, not found in a dictionary, and difficult to guess even by the people who know you best. Passwords should contain at least nine (9) characters, including upper case and lower case letters, numbers and symbols.  There are many free services on-line that will generate these kinds of passwords for you; one such is a site called Last Pass Password Generator. This site even provides you with an automatic yet secure way to apply your passwords.

If you need help retrieving all of those usernames and passwords — and who doesn't? — by all means write them all down on a piece of paper, but don't tape that piece of paper under your desk or onto your keyboard or monitor! Put that piece of paper in a safe place.

3.Use Up-to-Date Protective Software — and Common Sense!

Make sure you install, update and keep active good quality Anti-Virus, Anti-Malware, Anti-Adware and Anti-Ransom-ware programs.  These "Anti" programs run "in the background" while you are using your regular operating system and applications; they help keep your computer free of malicious software that can do everything from slowing down your internet speed, to spamming your contact list, or using your computer to send millions of spam mail out across the globe — to even locking you out of your personal data unless you pay to have it unlocked ("ransomware")!

Of course, protective software programs require frequent updates to maintain their ability to protect your system, because there is a never-ending escalation between the creators of malware and the creators of programs that defuse them.

One of the best tips to help prevent malware programs from getting into your system is to use common sense when downloading anything from the internet, and that also means THINKING before clicking on or opening an attachment.

Use your brains — If you receive an e-mail from someone you weren't expecting to hear from, that contains an attachment, or urges you to visit a link, don't do it! Don't open anything, don't download anything, and don't click on anything — until you have absolutely confirmed that it was sent to you by someone you trust, and you know in advance what it is.

Most (if not all) well-publicized security breaches victimizing government, political parties or businesses were NOT accomplished by hackers breaking through firewalls or decoding passwords — the breaches occurred because people inside the protection level innocently opened a malware program sent to them as part of an e-mail. The malware immediately spread throughout the company or institution, looking for passwords, transferring data and creating havoc. The same could happen to you!

As a general safety step, even if you receive an e-notification from a company with which you do business (such as PayPal or your credit card company), asking you to select a link to correct or update something (for instance, an expired credit card) — NEVER DO IT!

"Phishing" thieves have for years been able to emulate legitimate companies, using their logos, layout, color schemes, type styles and even phraseology, to bluff you into clicking that link or revealing information. Instead, delete the e-mail and proactively access your account with that company directly from your browser. If the notification was legitimate, the real company will then ask you the same question. ERR ON THE SIDE OF CAUTION!

No protective software can protect you from being scammed via social media or by a simple old-fashioned "con man." If you receive an e-mail from your nephew John, saying he is stuck in a far-away city and begging you for money, CALL John and double-check that he really is stuck. This venerable scam (originally called the "Spanish Prisoner Con") started with telegrams, then went to telephones, and now uses e-mail. Don't fall for it, or any of its similar versions, some of which are called "Spear Phishing"!

And never, EVER give ANYONE your bank account, passwords, telephone numbers, address, SSN or any personal information on the internet (or the phone!) unless you are absolutely certain the request is valid. Again — err on the side of caution!

4. Secure Your Home Wi-Fi Connection

Many homes these days have a wireless local area networking system, allowing the use of mobile phones, personal computers, gaming consoles, televisions, printers and other devices without any connecting wires (other than power cables). Such a system is called "Wi-Fi," and it is a great convenience, allowing unrestricted internet use.

Like your other accounts, your home Wi-Fi network's name and password should be unique, and should not include any personal information or information specific to where you live. Every wireless router has a Service Set Identifier (SSID) that it broadcasts widely so people within range can link up with it. Your wireless device receives the SSID notification and displays it; if you have the password, you can use it. That name that you see (for example, 123Springlake, NETGEAR_5g or Smith Family Internet) is the SSID.

The first thing you should always do is change the default SSID of your home wireless router to something anonymous. This means to some name that does not not include personal or location-specific information ("Smith Family; "123Springlake"). This makes it harder for a Wi-Fi thief to identify your system.

Next, make sure access to your wireless network is password-protected by a strong password. Older password protocols are now deemed very easy for hackers to break. Currently, the best and really only form of encryption you should be using is the Wi-Fi Protected Access II with Advanced Encryption Standard — WPA2-AES.

Your WPA2-AES password should be at least 20 characters long, including upper and lowercase letters, numbers, and symbols. You only have to enter it once on your computer, phone, or other Wi-Fi enabled device, because your device thereafter "remembers" it, so there is no real excuse for not doing it right!

If you want to go further into securing your home network as a whole, there are lots of resources out there on the internet or from your local networking professional to help you.

5. Center Your Wireless Router

There are at least two big reasons for placing your wireless router as close as possible to the middle of your residence. First, doing so allows for the signal to reach the greatest amount of area possible in your residence (if your router is in the basement, you may have trouble getting a strong-enough signal in your bedroom).

The second reason is that you want to prevent your signal from "leaking" out of your residence into the public area.  This helps with a myriad of security situations, including preventing your neighbor from using your Wi-Fi without permission (and slowing it down!) to a random stranger sitting in a car on your block using your internet access and having access to what is on your home network.

6. Double-Back-Up Your Data

In today's digital world, where "hard copies" are becoming more and more rare, having good backup solutions is necessary, period, whether for the largest corporate datacenter or for your personal laptop at home.  If work files, documents, wedding photos or home movies are worth saving, then they are worth backing up.

There are a many different options for backing up your data, but you should seriously consider always doing a DOUBLE back-up: locally with you, and remotely "in the cloud" (on-line).

Local backup means anything from copying your data to a separate external hard drive (this can be done automatically at timed intervals using programs such as "Time Machine") or manually to a thumb drive, or even "burning" the data to a CD or DVD, which you keep in a fire-proof safe.

The beauty of local backup is that no matter what happens to your computer, your files are safe (you can always re-install the software that accesses the files).

Automatic remote storage systems such as "CrashPlan" have improved hugely in recent years, and nowadays "storing in the cloud" (which means remotely in a company's protected servers) is practical, quick and fairly inexpensive.

Of course, make sure you have a unique, strong username and password for your "cloud" storage. You can find remote storage providers easily by searching on the internet, and then using ratings programs and reading reviews to determine which one you will choose. The benefit of this is that even if a tornado hits your home and scatters everything to kingdom come (including that fire-proof safe), you are safely and completely "backed up"!

To Summarize, here are our "Six Tips for On-Line Safety":

(1) Keep Up to Date
(2) Exercise Password Control
(3) Always Use Protection Software & Common Sense
(4) Secure Your Wi-Fi Connection
(5) Center Your Wireless Router
(6) Back Up Locally AND Remotely

We hope you have found these tips helpful and useful. At Brown, Brown & Young, we take very seriously our obligation to teach you how to protect and preserve your data, and we are proud to use the latest, strongest and most effective protection protocols and safeguards in our office, for your protection.

You, too, should not be afraid to take the first steps to securing your own precious data and your personal information. It cannot be said too often: everyone nowadays is at risk, so act to protect your data, your business, and yourself!