There has been a rash of email security attacks lately. The most recent (May 2017) a phishing attack associated with Gmail accounts.
We expect service providers like Google to build and manage systems that keep our data and information secure. However, we have some responsibility for our privacy and security when using online tools as well.
Here are a few best practices you should consider:
#1 – Pay attention to what you are about to click on. Too often we get in a rush and don’t pay attention to what we are about to click on. One simple tip I encourage all computer users to do is to hover over every link and view the actual URL (web address) before clicking on it.
This looks like a safe URL – http://www.google.com. However, if you hover over it you’ll see in the bottom left of the screen that the actual URL is not what you think it is. Hover and view a URL before you click on it.
#2 – Beware of shortened URLs. ow.ly/PD5H30btRmF looks like a typical shortened URL. However, you have no idea where it goes. I have used a tool called URL Xray (http://urlxray.com/) to look at shortened URLS from people I just meet. I am not sure who created it, however the page is very plain with no distracting ads. I like it and it works.
#3 – Pay attention to the URLs you use daily. When you login to your regular online accounts it’s important to pay attention to the URLs in the address bar. Knowing what to expect can help you when you see an address that is not expected.
#4 – If you don’t expect it, don’t open it. A significant number of the phishing emails are messages from people who have never sent us messages with attachments before. Stop and ponder before clicking on the message or the attachment. Better yet, send an email to the person and ask them what the attachment is before opening it. Don’t reply to their message, create a new message.
#5 – Use Two step Verification with Online Accounts. Most online accounts have a Two step verification login process. The basic functionality is that when you login to your account from a new or different device you are required to enter a security code sent to your mobile phone.
Here are the URLs to some of the online systems where I am using Two Step Verification today:
- Google – https://myaccount.google.com/signinoptions/two-step-verification
- Facebook – https://www.facebook.com/settings?tab=security§ion=two_fac_auth
- Twitter – https://twitter.com/settings/account
- LinkedIn – https://www.linkedin.com/psettings/two-step-verification
- MailChimp – https://us2.admin.mailchimp.com/account/security/
- Dropbox – https://www.dropbox.com/account/security
I use 2 step login verification on every account I that have two step verification.
#6 – Look at systems connected to your online accounts. LinkedIn, Facebook, Google, Twitter and most online systems allow applications to connect to them. It’s important to review these connections regularly. Here are the URLS to the pages related to these online accounts:
- LinkedIn – https://www.linkedin.com/psettings/third-party-applications
- Google – https://myaccount.google.com/permissions
- Twitter – https://twitter.com/settings/applications
- Facebook – https://www.facebook.com/settings?tab=applications
- Dropbox – https://www.dropbox.com/account/security
- MailChimp – https://us2.admin.mailchimp.com/account/integrations/
#7 – Explore the Privacy and Security pages of all of your online accounts. Knowing what you can do to improve your privacy and security online is a big part of the process. Many of the links shared in this article will take you to these pages.
- Google – https://www.google.com/intl/en/policies/privacy/
- LinkedIn – https://www.linkedin.com/legal/privacy-policy
- Facebook – https://www.facebook.com/policies
- Twitter – https://twitter.com/privacy
- Dropbox – https://www.dropbox.com/privacy
- MailChimp – http://mailchimp.com/legal/privacy
- Quora – https://www.quora.com/about/privacy
#8 – Use Unique passwords on every online account. This should be common sense, but unfortunately many people fail on this best practice. Create unique passwords for each online account. Also, consider changing your passwords at least once a year. Another useful idea is to use a Password Management tool. I use LastPass.com on all of my computers. I never write down a password, it’s in LastPass or else.
#9 – Review where you are logged in. Most online systems track where you are logged in. This can be useful to find where you have not logged out, or where someone else has logged in with your account. Here are the URLs to some of my favorite accounts to check where I am logged in:
- Facebook https://www.facebook.com/settings?tab=security§ion=devices&view
- LinkedIn – https://www.linkedin.com/psettings/sessions
- Google – https://myaccount.google.com/security#activity
- Dropbox – https://www.dropbox.com/account/security
#10 – Never share your passwords with anyone. No matter what. There are ways to overcome this issue. The Terms of Services of most online accounts inform users that sharing their passwords is a violation of the terms of use.
My last tip is to PSA (Pay Serious Attention). We may want to rely on the systems we use to protect us from phishing, hacking, protect our privacy and security, however we too play a role in protecting ourselves.
If you want help with your social media security let’s talk – info@BurrissConsulting.com or 336-283-6121