Hackers and You – General Tips For Avoiding Hackers
Welcome to the final part of our series looking at hackers and you. Previously we’ve covered who hackers are and what they do, how to protect your VPS from hackers and what to do if your VPS does get hacked. In this final post, we’ll be looking over some general tips to help you avoid hackers in general.
Update and Scan
First of all, there’s general housekeeping on your computer. Much like the software on your VPS, it’s important to keep the software on your computer up to date to fix bugs that hackers could use to attack you. It’s also recommended that you run an antivirus software to detect known malware that attackers may be trying to put on your computer.
Email Threats
On the subject of malware, one of the most common methods to spread malware is to use email. Infected email may be plain spam (unrequested email), or phishing (an email pretending to be legitimate such as from your bank or a major store with links to the hacker’s website). It’s important to be wary of the links found in email, even if they come from friends. Once a hacker compromises someone’s email account, they’ll often send email to the contacts on the account with the aim of fooling their friends into accidentally downloading malware.
Similarly, attachments may be added to email carrying malware, so it’s possible for hackers to use image and video files, as well as office documents and more to hide malware. Always be cautious and diligent when downloading. As with your VPS, it’s recommended that you take regular backups of your computer so that if malware does manage to infect your computer, you can recover everything quickly and easily.
Network Risks
It is also important to be mindful of which computer networks you use. These days, almost everywhere you go from restaurants and pubs to public transport and airports, offers free wifi. The downside to this is that these give hackers a great way to compromise a lot of systems. Many of these wifi services are what is known as “open” wifi, in that you can connect without needing to enter a password (or key) and may rely on you entering some form of login details on a web-based portal to use it. The problem with this is that these open wifi transmit all your data in plain text, which means anyone else on that network can read it if they want to.
While many websites use HTTPS these days to add security to access their sites, there’s still a lot of data a hacker can learn from just your connection, and in recent years a number of older HTTPS encryption methods have been broken by hackers. Wifi requiring a password is more secure, but it’s possible for a hacker to impersonate the legitimate wifi network, which again enables them to see all the data you are sending, just as with an open wifi network. If you do need to use wifi networks rather than relying on your mobile network, then it’s recommended that you connect through a VPN service to add an additional level of security.
Online Access
Always be mindful of how you log into online services. Attackers who wish to break into these services will often start with trying to brute force guess your passwords. If you re-use your passwords between sites, then once the attacker has guessed one password then they can re-use it across the other services you use. This security risk is exactly why it is recommended to use a different password on each site you use.
A recommendation you’ll often see is to keep your password complex. While this usually involves combining letters with numbers and punctuation, people often use passwords that are too short. Anything with 10 characters or less can be cracked by a hacker surprisingly quickly on modern hardware. So a passphrase or sentence is better as every single character increase in length massively increases the amount of time required to crack a password over the previous length.
Two-Factor Authentication
In association with a password, many sites and services now support TwoFactor Authentication (2FA) or multi-factor authentication (MFA). This may entail sending you a one-time code when you attempt to log in using email or SMS, using a one-time code from an app such as Google Authenticator, or using a hardware token such as a Fido U2F key. It’s strongly recommended that you utilize 2FA/MFA options when services provide for them.
While these tips may not keep you completely secure, taking them seriously can help you ensure that you are safer than you otherwise may be.