Today is Data Privacy Day, celebrated in the US and Canada since 2008 on January 28. The date is used to create awareness about the importance of respecting privacy, safeguarding data, and enabling trust, as well as to commemorate the January 28, 1981 signing of the first legally binding international treaty dealing with privacy and data protection.
The National Cyber Security Alliance (NCSA) is the group in the United States that promotes the Data Privacy Day campaign, and the organization's work is part of STOP. THINK. CONNECT.™, a global campaign promoting online safety, security and privacy. Here are some tips you can take to keep yourself, your family and your business safe online.
Spam and Phishing
A lot of cyber attacks come through email in the form of spam and phishing. Spam is unsolicited bulk email. Reducing spam in your inbox is as easy as enabling filters on your email app of choice. In the macOS Mail app, just go to Mail > Preferences > Junk Mail, and make sure that the "Enable junk mail filtering" checkbox is checked. There's no equivalent control in iOS Mail, but for those who have both a Mac and an iOS device or two, enabling junk mail filtering on the Mac often prevents spam from reaching your iOS device.
Phishing uses email or malicious websites to get you to click on a link, then collect your personal and financial information or even infect your device with malware and viruses. Think you're safe on social networks? Phishing is also prevalent on those sites, so think twice about clicking a suspicious link.
Phishing works by sending out "official looking" emails that appear to be from a financial institution or even Apple. You're asked to click a link to resolve an issue or update personal data, and when you do so, you're usually asked to enter your user ID and password for the "real" business or site. Congratulations, you've just given a cybercriminal the key to your real accounts.
There's a fun phrase that should go through your head whenever you're faced with an email asking for your personal information or you're asked to click a link to go to a website -- "When in doubt, throw it out." Think before clicking any link! Other tips that can keep you from falling prey to a phishing attack include:
• Don't reveal personal or financial information in an email, and don't respond to email solicitations for this information. This includes following links that are sent in emails -- even if the email appears to be from a trusted source like your bank.
• Check the security of a website before sending or entering sensitive information online. Make sure that the website is using https encryption (a lock appears in the browser address bar), and then click the lock icon to check the security certificate of the organization running the website.
• Pay attention to the website URL (address). For example, if an email asks you to do something for an Apple ID or an iCloud account, the website address in the link should be suffixed with apple.com or iCloud.com. A phishing site might look identical to the real Apple website, but it will use an address that's totally incorrect, perhaps something like "apple.security.infosector.ru" or "iCloud.login.watercats.com".
• Not sure if an email request is legitimate or not? Contact the company directly using information provided on an account statement; don't trust email addresses or phone numbers listed in an email. As an example, say you get a suspicious email from your bank asking you to log into their website or to provide information through an email response. While this should be enough to set off alarm bells in your mind, if you're not sure, call the bank and ask them if they're requesting the info.
• Keep a clean machine. If your device is attached to a network (cellular, Wi-Fi or Ethernet), it should be running malware prevention apps to reduce the chances of having it infected with malware. On my Mac, I use ClamXAV to stay protected.
Protect yourself with STOP. THINK. CONNECT.™ tips
The NCSA and other groups participating in Data Privacy Day have created a simple mnemonic to help you stay safe online: STOP. THINK. CONNECT.™ Stop before you click on anything, think about whether or not a link could possibly be dangerous, and then -- after taking all precautions -- connect to the website. Here are some other tips:
• When in doubt, throw it out. See a link in an email, post, tweet or online ad that just looks suspicious or too good to be true? Delete it, or mark the email as junk.
• Think before you act. Any online communication that's telling you to ACT NOW! or makes that offer that sounds too good to believe should cause you to stop and consider whether or not to click on a link or respond.
• Make your password a sentence. Many people have problems remembering long passwords, so make your password a positive sentence or phrase that's easy to remember. Having a password at least 12 characters long is recommended, so something like "An Apple World Today Keeps The Hackers Away" would work on a lot of systems. More and more websites are allowing spaces as characters in passwords.
• Unique account, unique password. Try to have a separate and unique password for every account, as this will make it impossible for cybercriminals to use one password to get into all of your accounts. This can be very difficult if you have many accounts, so at a minimum at least separate your work and personal accounts. Be sure to have the most critical accounts (banks, healthcare, government websites, investments) protected with the strongest passwords.
• Lock down your login. Many newer Apple devices can store passwords for your many accounts, then enter them automatically once you've used biometric authentication through Touch ID or Face ID. Also consider using two-factor authentication -- this asks you to enter a code that's sent directly to your mobile device each time you try logging into a system that uses it.
Stay safe out there!
These are just a few of the tips and hints from the National Cyber Security Alliance. Increase your knowledge about staying safe online by visiting the StaySafeOnline website run by the NCSA.