Cybersecurity Tips From an IBM Security Expert

March 12, 2012 Updated: April 30, 2012

In an era when our lives are connected to the Web, more and more cases are emerging where people have fallen victim to cybercrime—from stolen identities to unauthorized money transfers.

Adi Shaharabani, a senior expert for data security at IBM, however, has a few tips on how to minimize the impact of such an attack.

1) Keep your software updated

Whether you’re using an iPhone, Android, PC, or Mac, the software installed in them should always be up to date, since each update typically includes security patches for newly discovered vulnerabilities.

When new updates are issued, cybercriminals worldwide analyze them to see what the loopholes were. They then use it to create components that can hack into computers that have not been updated. Thus, if your computer if your operating system or other software is not updated, it is very likely to be hacked.

2) Never connect to unknown signals

As Shaharabani has proven, it is very easy for a hacker to connect to wireless signals that your mobile phone or computer may be connected to, and attack them.

He demonstrated how he could see every action the user is making (while connected to the signal), including what the user is typing in their browser. He could even take control of the system. Not only could a malicious hacker do this, but they can also use this vulnerability to infect a computer.

To avoid this, Shaharabani suggests refraining from using unknown connections. Sometimes we connect devices freely to random signals while on the go, but doing so could land your system in a trap.

In public spaces, it is recommended to use 3G or 4G connections when possible (instead of random wi-fi signals), because this type of connection is more difficult for hackers to break into. If you use wireless Internet at home, it is best to protect it with a password.

3) Use passwords wisely

In 2010, Turkish hackers breached several small Israeli websites and managed to get the usernames and passwords of their users.

The impact should not have been significant, but some of the victims used the same usernames and passwords for more important services, including their Gmail and Facebook accounts, as well as more sensitive applications.

To avoid situations like this, Shaharabani recommends using different passwords for each website or service. It is also unwise to use basic, common passwords such as “qwertyui” or “12345” since automated software can quickly break through these.

4) Only send sensitive information through secure websites

When a company asks you to write a sensitive document, it is supposed to direct you to an encrypted channel, which blocks the ability of others to see or hang the connection between you and the website. Before you type any sensitive information, like your credit card number or a vital password, be sure the website is secure.

Each Web browser has a different way to show you whether the website you’re on is encrypted. Thus, it is recommended to know your device well enough to know whether a website is secure. There are a few common ways to check this. Typically, secure websites will change the “http” at the beginning of the URL to “https,” with the new “s” meaning “secure.”

5) Rely on your instincts

The reality is you do not have control over the safety of the websites you use, but you can decide which are safe to visit and which are not, and for that matter, which you trust enough to provide personal information to.

If the website owners had no budget for good design and aesthetics, it’s also unlikely they had a budget to ensure their systems are secure. If something seems off, it may be that the website is not legitimate.

This article was originally published in the Hebrew edition of The Epoch Times