If you missed last week’s webinar “Simple Steps to Staying Safe and Secure Online”, you can watch the replay over on the free Member Area. If you haven’t already registered, here’s the link.
For those of you who prefer the written word, here’s what prompted a webinar on how (and why) expats should protect themselves online.
I was on a brilliant webinar last year, with Trisha Carter (of CiCollective and Finding Home Abroad fame) and her colleague Justin Bowden, a risk and crisis management expert.
The topic under discussion was security, and this guy knew his stuff. He advises the BBC and ABC journalists, for goodness sake. However, what really struck me amidst the masses of excellent advice that he gave was the single biggest safety risk factor for expats: our own behaviour. Not carjacking, hostage situations or home invasions, but our own carelessness and risk-taking. Apparently, once we arrive in places with less rigid Highway Codes, we decide that we are immortal and that all that well- researched advice that we were given as novice drivers in our home nations is now irrelevant.
Needless to say, disaster ensues.
There is a very real parallel between our on road and our online behaviour. We take great pains to lock our doors, secure our belongings and set our alarms, but when it comes to our mobile devices, we often don’t lock them, use terrible passwords and save our details somewhere convenient like Post-it notes, our contacts file or our note-taking app. Sound familiar?
Today, we are going to put all that right, and take some simple steps that will protect your identity, your privacy and your data, without raising a sweat.
Those of you with kids will probably already have these enabled, if only to prevent the pesky little critters getting on your devices and downloading the latest gifs, emoticons and crush updates. For the rest of you, here’s what you need to be doing:
BEFORE YOU LEAVE THE HOUSE…
Lock the Front Door – AKA Set Passcodes
Mobile device manufacturers have some seriously clever security features built into their devices, but they rely on you actually using them. The main gatekeeper is your passcode, which once activated, enables internal encryption that can only be unscrambled by correct entry of your unique numbers. This will buy you time to notice that your device is missing and take the necessary steps to lock down your data or change your account passwords (more on that later).
The bad news is that a simple four digit passcode could potentially be broken in a little under a minute, while a nine-digit code would take two and a half years to break…
On mobile devices and tablets, head to
- Settings – typically a grey gear or cogwheel icon – and look for
- Security and Privacy. (The terms may differ on individual devices, so if you are having trouble, a quick Google search for “setting passcode” and your device model will find the information you need).
- Once there, either Create / Change your Passcode, making sure that you
- Turn Simple Passcode off and choose a nice 9 digit one.
Don’t Leave the Key Under the Doormat – AKA Disable Automatic Login
You are going to set a passcode and disable automatic login. Yes, I know it’s going to add an extra second to your day, but seriously, you’ll thank me if your devices are ever stolen (or when your kids start downloading viruses willy nilly while your back is turned).
On a Mac:
- Open System Preferences (it’s the grey gearwheel icon again),
- click on Security and Privacy, and
- under the General tab, either Change or Create a Password.
While you are there, check the ‘require password’ box and set it to ‘immediately’ and then Disable automatic login.
Now it’s time to secure it for Guest Users too – it’s the same process:
- System Preferences >
- Users and Groups >
- Password tab >
- Login Options (at the bottom left hand corner).
- Turn the Automatic login to off, and the
- Display login window as Name and Password
On a PC:
- Hover in the bottom right hand corner of your screen to pull up the start menu and search for Control Panel. Once you have clicked on it, head to
- User Accounts and Family Safety, and then
- Create and Change Password.
You can now rest easy that should your laptop go missing, you have the first line of defence in place. Feeling stronger yet?
Stop Random Oversharing – AKA Change Your Sharing Settings
Increasingly, devices are set up for wireless working – cloud based syncing, wireless printing, automatic updates. You get the picture. Which is all well and good when you are in the comfort and security of your own home, but it does pose a sneaky back door for the less well-intentioned in this world. Time to shut it down and stop oversharing…
On a Mac: Head to
- System Preferences >
- Sharing and
- Uncheck any sharing boxes.
On a PC, you’ll need to pull up
- Control Panel >
- Network and Sharing Centre >
- Change Advance Sharing Settings and
- toggle Public to off
ONLINE SECURITY ON THE MOVE
As much as we love public wifi, we have to remember that it is exactly that; public – and there is the chance that your data can be intercepted. So, these next steps are going to help keep you safe, whether you are using a laptop, tablet or smartphone.
1. Choose your Wifi carefully.
There are some sneaky people out there, who have figured out that the easiest way to get people to share is by naming their own wifi ‘Starbucks’ or “Marriott Hotel”, so check for the company redirect page once you have connected.
2. Never ‘Remember Networks”
Public wifi is not the place to be sharing banking, credit card or personal details, so use your own data package or an independent wifi connection for those. However, bear in mind that many devices will automatically seek out the strongest signal and if you have given it permission previously, will connect automatically. Great for when you are on a Skype call to your mother, not so hot when you are in the middle of an international funds transfer and the world can potentially see into your bank account… To avoid slip-ups, uncheck the ‘Remember this network’ box every time you log in to somewhere new.
3. Check your Sharing settings.
If you haven’t already changed your Sharing settings, do so now. (Scroll back up for details…)
4. Use the secure version of sites
Increasing numbers of websites want us to create accounts with logins and passwords, but not all sites have the same levels of security to protect your information. The easiest way to check is to look for https (with an s at the end) in the address – denoting a secure site. If that’s one thing to many to remember, consider using HttpsEverywhere, which will automatically redirect your browser to the secure version of any website and alert you if the site is not secure.
5. Use a VPN
VPNs (or Virtual Private Networks) encrypt data traveling between your device and the server, meaning that nobody can see your information or your location. It seems extreme, but it is actually very simple – think of it as the online version of putting an envelope around a letter. One highly recommended version is CyberGhost, which has a free basic option – more than enough for checking your email and doing basic browsing online – with paid upgrades if you need them. It’s a doddle to install and start up and as an added bonus, the location cloaking means that you can watch your favorite TV from home, anywhere in the world. Perfect for you BBC iPlayer and Netflix fans.
6. Private Browsing
For those moments when you can’t avoid using a public computer, there’s private browsing. Somehow, no matter how sophisticated our systems get, there’s always someone, somewhere who needs a printed copy – boarding pass, ticket, proof of insurance. You get the picture. Or worse, you have just had your device stolen and need to get onto your bank / insurance company/ mom ASA, without leaving a telltale trail of username and passwords for the next user.
Enter Private Browsing. For Safari and Chrome users, you can access it by going to the top left hand corner of your browser window and clicking on either the name of the browser (Safari) or File (Chrome).
Once there, search the drop down menus for Private Browsing (Safari) or New Incognito Window (Chrome). Firefox has a great instructional video for their users here. Finally, for those of you unlucky enough to be using Internet explorer, there’s an extra step (of course).
Start menu > Internet Explorer > Click the Tools button , point to Safety, and then click InPrivate Browsing. Ugh.
Now, Stay Safe
All the security advice in the world won’t save you if all I have to do to get into your accounts is to find your email (which is plastered all over the internet, thanks to Facebook, Twitter, Linkedin and your best friend hitting Reply All) and guess your password. Which all too often is pa55w0rd, your child’s birthday or your middle name. All of which I can figure out pretty darn easily – especially if you helpfully set your accounts to ‘Remember Me’.
Passwords are the most important security feature that we have. While the media adore a good story about how the latest big retailer has been hacked, in reality, this would not be a huge problem for us if it wasn’t for two things:
- 1. We use really bad passwords that are easy to decipher
- 2. We use those passwords across all our accounts, no matter the information or access that they allow.
Secure websites don’t save your actual passwords – instead, they save an encrypted version, which is why you only ever get the option to request a hint (if you set one up when you opened your account) or a complete password reset. Unfortunately, hackers are quickly able to decrypt simple passwords – those that use real words, only lower case letters and ones that have a real world format – names and dates, for instance. Simply adding uppercase letters increase the difficulty exponentially, and randomly adding numbers and symbols makes your password darn near impossible to figure out.
For those of you who are about to give up and pour yourself a stiff drink rather than face trying to reset and remember endless complicated passwords, there is hope in the form of a password manager. These are pieces of software that use secure encryption to remember all your passwords for you, leaving you to only remember a single login on your browser.
The most widely recommended is currently LastPass, which is free (and easy) to install. Once there, it will offer you the option of remembering the login in the Last Pass Vault – similar to Chrome and Safari “remember me’ options, but far more secure.
While we are on the subject, never, ever “Remember Me’ anywhere other than with a password manager. It just makes life far too easy for those of evil intent to get into your documents, data and everywhere else. It’s one of the worst habits that we get into, and the reason for more Facebook shaming than I care to name.
Finally, consider what you actually feel comfortable storing and sharing online. While I know many people who store their entire personal identity on Evernote, it’s not always the best option. Instead, consider investing in a portable hard drive and storing your essential back-up documents there. Easy to store somewhere secure, easy to grab in an emergency, and available regardless of internet connection.
Now, it’s over to you…