June 14, 2011— -- The U.S. Senate, Citigroup, Sony and Google have all been hacked in the past month. If such behemoths can't protect themselves, how can you as an individual? ABC News contacted cybersecurity experts to provide helpful tips on how you can protect yourself from theft, identity fraud and other online dangers.
"The next Pearl Harbor we confront could very well be a cyberattack that cripples our power systems, our grid, our security systems, our financial systems, our governmental systems," CIA Chief Leon Panetta said to the Senate Armed Services Committee last week during a confirmation hearing to become the next secretary of defense.
Although you should be wary when providing information about yourself online, experts say, individuals have a much lower threat of direct, coordinated attack than large companies and public figures.
"The average person should know that they are not as much as a target individually," Mark Rasch, director of cybersecurity and privacy consulting for CSC and a former member of the U.S. Department of Justice division that deals with cybercrimes, told ABC News. "While there are these broad sweeps of people trying to break into any place they can, by and large hacking activity is targeted at companies that hold information about you, not your personal machine."
In general, you should remember to use a common- sense approach to browsing and posting information online.
"There are not particularly dangerous places on the Internet, but if you liken the Internet to the real world, don't got down that dark alley," E.J. Hilbert, president of Online Intelligence and a former FBI agent who investigated cases of cybercrime, told ABC News. "Every place on the Internet is not legitimate. If you're walking down the street and you see a sign directing you into a dark alley to get to a store, you would probably think twice about it. You need to do the same thing on the Internet."
9 Crucial Steps for Safe Browsing
1. Use powerful passwords: The more complicated the password, provided you can still remember it, the better. A combination of letters, numbers, uppercase, lowercase and special characters is best. Also make sure you use a password that is not intricately connected to information about you, such as your date of birth or your mother's name, because thieves might be able to track down that information.
2. Use updated reputable anti-viral and anti-malware software: Norton and McAfee are the best known but there are also several free options available online.
3. Don't use the same ID and password: "Just like you have a ring of keys, you have a key to your house and a key to your car, you need a different key for each site," said Hilbert. "If I get your Facebook account, because your email account is your logon, then I probably also have your email account. And then if I have your email account, I can probably get your bank account and things like that."
4. Google yourself: Be aware of the information about you that is available online. One of the ways in which individuals are compromised is when a hacker or con man uses information that they've found out about you through a simple search and manipulate it.
9 Crucial Steps for Safe Browsing
5. Be wary of "phishing" attacks: "Any time you see a link in an email, be wary," Rasch said. "The problem is these are all games of abuse of trust. They want you to trust the email so you'll click the link. If they've compromised your best friend's email, you're going to get an email from your best friend."
A good rule is: When in doubt, type it out. Although the URL may look trustworthy, con men hide bad links in hyperlinks. "If you type in the thing yourself, you'll be able to see if that email was real or not," Hilbert said.
In general, read the URL and use a common sense approach. If it says ".ru" instead of ".com," ask yourself, "Does it make sense that my bank site is being hosted in Russia?"
6. Pay attention to misspellings: If the site doesn't look right, check your spelling. If you spell Google or Disney wrong, you might not be in the right place. "People buy those domains and monetize off of those. They make money if you click on a link and it takes you someplace else," Hilbert said.
7. Understand how your data is shared: Although you might have provided your contact information to your local supermarket, they might not be the ones storing that information. Many companies outsource that kind of storage to a third party. "The answer is not to say, 'I will never use the Internet'. The answer is to say, 'I'm going to hold the companies I do business with, both online and offline, accountable for their actions," Hilbert told ABC News.
8. Try to use one credit card for online purchases: This way, if your information is compromised, you know exactly which card is breached. If you are notified of a breach, get a new card. Although your credit card company might offer monitoring services, you will be safer getting a new card, especially if you only have one credit card.
9. If breached, change the password and security questions: Many people simply change their passwords if they believe there accounts have been compromised. Make sure you also change the security question that many sites ask in conjunction with a password. Use common sense, if you talk about your current pet on social networks, it might not be best to use its name as the answer to your security questions.