Ashley Madison’s recent hack has been nothing but a train wreck, but you can actually learn a thing or two about cybersecurity from it.
The adultery website’s leaked data by the hacktivist group The Impact Team has led to government staff getting in trouble for having accounts; several alleged suicides in Texas and Canada; and even a few lawsuits claiming the exposed information caused emotional distress to many.
The hack exposed nearly 37 million users who have created accounts with Ashley Madison. Many of those users had accounts because they were promised a cloak of digital anonymity, and in exchange, they shared their private desires and information.
Hackers have recently been jumping on the trend to hack popular websites in order to make a point about weak surveillance, calling it a “sophisticated attack.” However, in the process they compromise the private information of millions of people; including credit card information, addresses, social security numbers and even reputations — otherwise known as Personally Identifiable Information.
Other websites that have been hacked in recent years include Tj Maxx, with more than 100 million records exposed; Anthem Blue Cross Blue Shield, which had more than 80 million records; and other retail stores such as Target and Zappos.
Gary Miliefsky, expert in cybersecurity and CEO of SnoopWall, said it’s better to just assume you have been compromised and take simple preventative measures online.
“The question is, “when is our record going to be monetized by someone on the dark web,'” said Miliefsky.
Miliefsky said leaks of PII can be prevented by having better email servers, better antivirus and better employee training. However, it takes time for companies to improve their security.
In the meantime, there are several things a person can do to prevent being a victim of hack. Here’s a list of simple things you can do to protect yourself against the bad people on the web:
Change your passwords:
Changing all your passwords is the first thing you should do if you ever think you’ve been compromised. This is the simplest thing you can do to prevent being a victim of hack, and it seems obvious, but most people forget to do so or they’re just lazy.
If you’re not already using numbers, capital letters and symbols, you should start doing so. Experts also recommend you change your password often. If you doing it bi-weekly is too often, then you should try at least once a month.
HTTPS:
Whenever you are signing up for a new account you should make sure that you are doing so on a Web page that is encrypted with HTTPS. If a webpage is encrypted with HTTPS it means that there is a link between your computer and network that wards off prying eyes, but that still doesn’t mean that the website is honest.
You can tell if the website is encrypted by looking at the beginning of a URL and finding a green lock icon. You can also click on the lock to see who bought that certificate and make it sure it’s owned by the company itself.
Turn off Geolocation and Geotagging:
Many people aren’t familiar with the terms geotagging and geolocation, but they should be. These two features share the location of cellphone and computer users constantly, allowing hackers to track where users have been and what networks they use.
If you turn these features off hackers won’t be able to track you and access your information when you’re using a public network such as a coffee shop’s. Therefore, the less information you share on your location, the safer you will be.
Don’t click on foreign links:
If you get an unknown email with a link, don’t click on it. Links are usually invitations for hackers to steal you information: passwords, user names, network information and card numbers. Sometimes unknown links will also be sent via social media from other friends who have already been hacked.
You should question every link that is ever sent to you. Especially if it starts with a generic message like, “Click here to find out how …” or “Learn more about how I …” If a close friend sent you the link you would also be able to recognize if they’ve been hacked or it’s an actual link.
Two-step verification:
Most websites are starting to give users the option to establish a two-step verification — or authentication — login. This process lets you type in your password, then a three or four digit code gets sent to your phone, which you then have to input to log in. Yes, it seems lengthy and like a hassle, but it is worth it.
Hackers wouldn’t be able to log in to your account unless they had your cellphone with them. If you have sensitive information on your email, then a two-step verification would help ward off some of the hackers.
Read the fine print/User agreement/Terms and conditions:
Don’t just click next, agree and install. The hundreds of letters in the fine print, user agreement and terms and conditions are filled with information about sharing information. This is information you should read and be aware of before signing up for anything.
Reading the fine print can let you know who owns your information and which third parties have access to it. This is vital information in case of hack. Sometimes third-party companies or services are not legitimate and they can compromise your private information.
Use credit cards instead of debit cards:
Always use a credit card online. If you were to use a debit card the money in your account it would immediately disappear and it’d take up to 60 days for you to get it back. However, if you’re using a credit card then the money doesn’t really exist and your card can automatically be frozen to prevent future charges.
It’s also easier to deal with banks when it comes to credit card fraud.
Opt-out from sharing services:
When you create accounts with websites, phone applications and devices you’re often asked if you want the company to turn on an array of features and services. You’ll mostly say yes, but that means the company will be tracking you and storing your information for advertising purposes — or just product improvement.
There are many people who don’t like the idea of being spied on, though. Companies usually let users opt out from these services by either switching a setting off or contacting them directly.
