No one knows security mistakes better than hackers – because for them, tiny errors in security are the \u2018keys\u2019 that allow access to home PCs and office computer systems.<\/p>\n
And hackers are clear about one thing. Computer users make mistakes all the time – and often the same ones, over and over again. Two hackers – one \u2018ethical hacker\u2019, who tests computer systems by attempting to break into them, and one ex-hacker who now works in security – lay bare the ten errors that crop up most often.<\/p>\n
\u2018People are too trusting,\u2019 says Tom Beale, who has worked as an \u2018ethical hacker\u2019 for 10 years, protecting corporate and government systems by finding weaknesses.<\/p>\n
\u2018The human element is always the weak link in the chain. People are very easily distracted – and particular attackers prey on that.\u2019<\/p>\n
\u2018People are just getting more and more stupid,\u2019 says Cal Leeming, an ex-hacker who was convicted for a cyber crime, but now works in computer security.
\n\u2018They want their stuff to be protected, but they expect someone else to do it for them. People don\u2019t want to know. Even for companies, computer security isn\u2019t a priority, because it\u2019s not a primary source of income. It\u2019s only once the company\u2019s been hit that they realise, “Oh we should have paid more attention than that”.\u2019<\/p>\n
1. Don\u2019t use the same username everywhere
\n\u2018People often upload photos of themselves to an online library, say,\u2019 says Cal Leeming, a former hacker who works in security at Simplicity Media, \u2018But they use a username they use on other sites. They don\u2019t realise that people can use Google to connect them across all the different worlds they visit, and then work out a way in.\u2019<\/p>\n
2. Don\u2019t trust public wi-fi
\n\u2018When you go on a public wi-fi network you have no way to determine whether it\u2019s a real network run by a reputable company, or a fake run by a spotty guy next to you,\u2019 says Tom Beale of Vigilante Bespoke. ‘The problem\u2019s particularly bad on mobile, where you really can\u2019t tell if you\u2019re on a fake network set up to steal your data. If you\u2019re going to use public networks for business, use a laptop, because the browser will warn you of security breaches – your phone won\u2019t.\u2019<\/p>\n
3. Be careful about who you friend on Facebook
\n\u2018Facebook has been basically forced to implement privacy settings,\u2019 says Cal. \u2018But people still get it wrong. They randomly friend other people, not realising they are giving away information that could be useful in a cyber attack – for instance names of pets or family that might be a password or security question.\u2019<\/p>\n
4. Don\u2019t trust people you don\u2019t know
\n\u2018I always tell people to do an \u2018offline test\u2019 – ie would you do the same thing if you were offline? So for instance, if you\u2019re chatting to someone online, and you tell them some information, would you give that information to someone you\u2019d just met in a bar?,\u2019 says Tom. \u2018Online, you\u2019re even LESS safe – because you may not be talking to who you think you are. People just seem to lose all concept of reality when they\u2019re on a PC.\u2019<\/p>\n
5. Use two-factor passwords when you can
\n\u2018People resist this except when they\u2019re made to do it – like by their bank,\u2019 says Tom. \u2018But it does add that extra layer. It does offer protection. People accept that their bank will use tokens or keycard readers, but when other sites add it, people resist it – they just want quick access.\u2019<\/p>\n
6. Don\u2019t re-use your email password
\n\u2018This isn\u2019t going to be a problem that goes away any time soon,\u2019 says Cal. \u2018People don\u2019t realise what are the risks of using the same password. If you reuse your email password, you\u2019re handing out the keys to be hacked and breached – giving hackers access to the information they\u2019ll need to hack your bank account and other networks you use. People use simple passwords for convenience – memorising too many is just a pain.\u2019<\/p>\n
7. Don\u2019t be fooled by \u2018cries for help\u2019
\n\u2018Some of the most effective attacks are “cries for help” from friends – sent by email from a compromised machine. It\u2019s incredible how many people respond to that,\u2019 says Tom. \u2018If it\u2019s someone who travels a lot, and their email is hacked, it\u2019s more convincing when you get an email saying that they are stranded abroad, and need money. They target people with a scattergun approach, but when they find someone who IS abroad a lot, it\u2019s very effective.\u2019<\/p>\n
8. Use antivirus software
\n\u2018I can\u2019t see any reason why you wouldn\u2019t run AV software,\u2019 says Tom. \u2018It\u2019s not a Holy Grail, but it helps you to deal with most known problems. Browsing without it is like driving without a seatbelt. It\u2019s your first layer of defence, whether you\u2019re using PC, Mac or Android.\u2019<\/p>\n
9. Remember that funny videos can be very unfunny
\n\u2018Facebook\u2019s system doesn\u2019t filter for malicious links, so they can be very dangerous. Often a \u2018video\u2019 link will try to fool people into visiting an infected site or downloading something in the guise of video software or fake antivirus software. Your only defence is to think, \u2018Would my friend really post that?\u2019 so be careful about people you only half-know. Facebook and Twitter need to inform users better.\u2019<\/p>\n
10. Set everything to auto update No one knows security mistakes better than hackers – because for them, tiny errors in security are the \u2018keys\u2019 that allow access to home PCs and office computer systems. And hackers are clear about one thing. Computer users make mistakes all the time – and often the same ones, over and over again. Two hackers … <\/p>\n
\n\u2018Attackers will be actively looking for vulnerabilities – not just in your operating system, but in your browser, in plug-ins such as Flash and Java. Be sure that all of those are up to date,\u2019 says Tom. \u2018If you don\u2019t, you are leaving security holes. Most updates don\u2019t add functions, they just fix holes, and if you don\u2019t get them, you still have the holes.\u2019
\n http:\/\/uk.news.yahoo.com\/hackers-reveal-10-pc-security-mistakes-we-all-make.html <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"