June 19, 2018 Three simple steps to avoid getting hacked online
Banks lose tens of millions of dollars to online fraud every year.
They may be loathed to publicise it, but it’s true. To say this is a massive issue is an understatement.
For me, it really hit home recently.
A relative of mine was hacked a little while back and lost $50,000. Let me repeat that. Fifty. Thousand. Dollars. Not $1,000. Not $5,000. But $50,000.
Just let that sink in for a moment. Crazy, right?!
Now, any financial institution worth its salt spends squillions on security.
That’s one of the primary reasons why people use a bank in the first – a place to securely store their money. In their defence, the vast majority of banks do everything they possibly can to protect your money.
Ultimately, though, the onus firmly rests with us, the customer.
If you’re a little loose on security – and I’m not saying you necessarily are – no amount of security from the bank’s end will stop your money falling into the wrong hands.
Often, all it takes is a small window; a momentary distraction or lapse in concentration.
So here’s a question for you: what’s your strategy for keeping your accounts secure?
Bearing in mind that most of us have a few accounts spread across different banking institutions.
How most people get hacked…
Weak password
Seems like an obvious one, I know, but you’d be surprised.
If your password is ‘password123’, you may want to consider something a bit stronger, which I’ll talk you through below.
Public Wi-Fi and computers
I avoid free public Wi-Fi spots like the plague.
I’ll let you trawl Google yourself, but the stats for people having their security credentials compromised while using public Wi-Fi spots is high. I always use my own data – it really isn’t worth the risk.
Same goes for using public computers.
Malware
I’m talking stuff like computer viruses, ransomware, spyware, trojans and whatnot.
They’re designed to sit in the background of your computer’s operating system (or completely take over), giving the attacker the ability to steal your information, unbeknownst to you – say when you go to log into to your internet banking via your desktop computer.
Phishing
This typically comes in the form of an email.
Here, an attacker may disguise themselves as your bank and try to get you to enter your login credentials into a fake login page to capture your security information.
Just so you’re aware, most banks will never ask you to log in to your account directly via a link within the email they’ve sent.
Okay, so how can you protect yourself and avoid getting hacked online?
Coming from banking originally, I’ve always been acutely aware of the importance of having a security strategy that covers every account where my money’s stored.
I won’t walk through all of them, but here are the three main steps to avoid getting hacked online that I focus on…
Password
Let’s start with the obvious one.
Creating a strong password is possibly the easiest but most effective thing you can do to safeguard access to your bank account.
Firstly, using a catch-all password for all your online activity’s a really bad idea.
If you’re using the same password for, say, Facebook and your internet banking, you’re asking for trouble.
Rather, I used a tiered approach that encompasses three passwords that I actively use, depending on the level of importance of a particular application. The other thing I do is change them every three to four months.
I also use passphrases.
They’re basically a collection of mish-mashed words – each of which has some meaning so that I remember them – and should be around 20 characters or more, with the addition of a number and special character. The consensus is the longer, the better – it makes it much, much harder to hack, apparently.
What’s more, passphrases are much easier to remember than generating random letters, numbers and special characters, which, to be honest, are always nigh on impossible to remember.
There’s a neat little app called LastPass, which will help you generate and store your passwords. Best of all it’s free!
Last but not least, never share your password with anyone.
Again, an obvious one, but an important one to remember.
Two-factor authentication
Often referred to as ‘2FA’, this one’s critical when I consider opening an account with a bank.
With your stock-standard login procedure, you enter your username and password, and you’re in.
With two-factor authentication, you’re essentially adding an additional step – such as security code via SMS – to be able to access your account. Most banks allow you to set it up via internet banking or their app.
Outside of banking specifically, I also use Google’s 2FA for certain platforms that I use regularly. It’s really simple to set up and integrate. You can learn more about it here.
Biometric authentication
By that, I’m specifically talking about fingerprint authentication on, say, your iPhone.
From my limited understanding of the tech itself, it’s no silver bullet.
Combined with 2FA and a tiered password strategy, though, it just gives me a bit more peace of mind, mainly when it comes to accessing my main bank’s app, which I have it set up for on my iPhone.
Tim
Posted at 16:18h, 21 JuneInteresting post. I recently tried to change the password to my Westpac online banking. For some reason they only allow up a six character password. Not a minimum of six characters, but a maximum!! Seems crazy.
Michael Chew
Posted at 08:35h, 04 JulyHey Tim, That’s pretty odd. They should know better given the number of high profile companies which get hacked.
Money apps I can’t live without - Orange Wealth
Posted at 10:09h, 27 September[…] me, technology has a time and a […]