Protecting personal data online
PROTECTING PERSONAL DATA IS A MAJOR CONCERN. CEO OF INNOVATE, JIM HUGHES, TELLS CARMEL DOYLE ABOUT THE BEST WAYS TO STAY SECURE
IN today’s increasingly digitised world, many of us are choosing to conduct both our business and personal affairs online - be that for internet banking, to book flights, do online shopping or engage with our friends on platforms such as Facebook and Instagram.
But how do you ensure that your personal identity is protected while you still carry out transactions online or post information about yourself on social media sites?
It’s all about keeping personal information professional and brief, according to Jim Hughes, CEO of Wexford company Innovate, the IT and cloud service provider that operates in areas such as security, networking, unified communications and cloud infrastructure.
‘ You should only complete the minimum requirements that meet the criteria for you to do business with a new entity, while always keeping personal information professional and limited.’
Firstly, when browsing online or using social media sites, people should keep their privacy settings on, Hughes said.
‘Marketers want to know all about you, and so do hackers. Both can learn a lot from your browsing and social media usage. But people can take charge of their own information by ensuring you have enabled all available privacy settings in your web browser.’
He said people should update their security settings on a regular basis, ideally once every quarter, especially on sites such as Facebook.
Secondly, it’s all about practising safe internet browsing. It’s essential, according to Hughes, to make sure that the websites you visit have ‘ https://’ in their URL. This means a site’s internet address should begin with the special prefix ‘ https’ where the ‘s’ means ‘secure’.
Thirdly, people should have a secure internet connection.
‘When you go online in a public place, for example, by using a public Wi-Fi connection, make sure your device is secure. When in doubt, wait until you’re able to connect to a secure WiFi network before providing information such as your bank account number.’
Having a secure virtual private network ( VPN) is also important, he said. A VPN creates a private network from a public internet connection. This means it enables you to send and receive data while staying secure online.
Businesses, for instance, can buy VPN applications to ensure that the data being transferred is encrypted, while individual consumers can also purchase such apps.
‘Use a secure VPN if possible,’ said Hughes, adding that they enable you to have a secure connection between your device and an internet server that no one can monitor or access the data you’re exchanging.
With online banking, Hughes said this is especially getting much more secure, particularly as a result of two-factor authentication (also known as two-step verification). Essentially, this means that you need to go through two steps to verify that it is actually ‘you’ accessing your bank account.
With AIB Bank, for example, Hughes explained that it’s now necessary to have a mobile banking app on your phone to authenticate that ‘I am who I am’ when logging on to internet banking, especially from different devices such as a tablet.
If you use Gmail, you can also set up two-step verification on your Google account. Platforms such as WhatsApp and Facebook also enable you to use two-factor verification when logging on.
This means that when you sign in to any of these platforms, you will be asked for your password, as usual, but an extra layer of security means that a code will be sent to your phone and you must input this code in the next step before logging in to your account.
The aim of two-factor verification is to stop hackers from getting into your accounts and accessing sensitive information about you.
Suspicious text messages (smishing) are another threat to look out for. This is when you receive a text message from a fraudster that attempts to trick you into giving them personal information.
Such fraudsters can often target random mobile phone numbers.
An example of this in recent times is texts that people can get, pretending to be from their bank.
Such fraudulent texts can contain a URL that directs you to a ‘fake’ website if you click on it. The goal is to trick you into giving your online banking details and/or credit/debit card information.
The reality, said Hughes, is that a bank will never send people a text message that contains a link directing you to its website. Bank of Ireland, for example, warns on its website that it will ‘never send you a link asking you to confirm your personal banking details’.
Phone scams are another potential threat that people should be aware of. Known as ‘vishing’, this is a scam whereby people receive a telephone call from a fraudster who claims they are from a bank, the Gardaí, an internet service provider or a telephone company, for instance.
On its website, the Banking & Payments Federation Ireland (BPFI) explains that such fraudsters use tactics to ‘ trick’ the person on the phone that they are a ‘ legitimate and trusted’ representation of the organisation they are claiming to be from. This is in order to ‘ trick’ you into giving them personal information, according to the BPFI.
Ways to avoid being the victim of a vishing scam include never disclosing your online banking PIN number and never sharing your passwords or User IDs with anyone over the phone. If you are in doubt about a caller’s authenticity, the BPFI advises that you should take the person’s number and tell them you will call them back once you have ‘validated’ their identity.
You can then look up the number of the organisation they are claiming to be from and call it to confirm the identity of the caller. See https:// www.bpfi.ie/customer-assist/personal-customers/ for further information on vishing.
When sharing personal data online, Hughes said that it’s also essential to have an awareness of malware threats.
Malware is any program or software that has been specifically designed to harm a computer. Key ways of preventing malware from infecting your computer is to stay clear of downloading or installing any software onto your PC that you do not understand.
For businesses, in particular, downloading malware can not only infect your PC but potentially infect an entire business network.
It’s also to be aware of online scams (phishing), he said. An example of this is emails from ‘fake’ companies that aim to trick you into clicking on a fraudulent link in order to hand over personal information such as your banking details.
Before clicking onto any website, Hughes said it’s important to ‘check the URL’ and not to be too trusting.
‘Awareness is hugely important. People should also be vigilant about clicking onto fake ‘pop-up’ ads. Again, it’s about having awareness, he said.
Finally, with online networking, Hughes said people should be as cautious online as you would in the real world about who you bring into your ‘network’. This can apply to everything from adding new Facebook friends to connecting with new professional contacts on LinkedIn.