Staying safe online can feel overwhelming sometimes. Advice seems to be always changing, and you may not always find the answer you need when you need it. But, that’s why we’re here!
We recently took to social media to gather your most pressing cyber security questions, and you asked some great ones. Now, it’s our turn to give some great answers back. Here they are:
Is my smart device listening to me?
According to the Canadian Internet Registration Authority, 3 in 10 Canadians believe their smart devices are listening to them without their permission. But are they right?
Well, yes and no. Yes, your smart device is listening to you. It needs to so your smart assistant can hear its name when you give it a voice command. And yes, there’s a chance that someone from a tech company might hear it, too — anonymously, of course. Humans are needed to help the assistant learn to tell the difference between when you’ve actually said its name or just a similar word.
But outside of stories about a well-timed mattress ad showing up on your social media feed, there is no evidence that our devices are listening to us for advertising, data collection or any other nefarious purpose. Any weirdly relevant advertising you’ve seen is a result of advanced algorithms that make intelligent guesses about you based on your online activity, not your device spying on you.
That said, it is possible for a cyber criminal to steal sensitive information from your digital assistant. They might take advantage of software vulnerabilities to access personal information, eavesdrop on conversations and even mess with other smart devices on your network.
You can take simple steps to protect your smart assistant. Set a unique PIN if possible, update regularly, and check your device’s settings to make sure your camera and microphone aren’t enabled on apps when they’re not needed — especially if you’re discussing sensitive information around your device.
My dad is the worst at managing passwords. How can I help him?
One of the best things you can do for your accounts and devices is to have a unique password for each — but that can be a lot to remember. With a password manager, you only have to remember one really strong password.
Password managers are secure digital vaults that keep track of all your login information. As long as you can remember your primary password, you’ll always have access to all your login details across different apps, accounts and devices — without compromising the security of your accounts by repeating passwords.
In order to keep your password manager secure, make sure that your primary password is a complex password or passphrase, and enable multi-factor authentication (MFA) whenever it is available. Avoid storing passwords for your sensitive accounts, like your banking or email, in your password manager. They should always be stored separately.
How do I shop online safely?
The COVID-19 pandemic has made online shopping a bigger part of our lives than ever before, so it’s important that we know how to do it safely and securely. Here are some tips:
- Don’t give away too much information. The only things a retailer needs to sell and deliver a product is your name, address, contact, and payment information — and they should only ask for this at the end of the transaction.
- Practice good cyber security. Use unique passwords for every account you create and enable multi-factor authentication whenever it’s available.
- Keep an eye out. Once you’ve made a purchase, watch your bank statements for any unusual activity.
What is safe to do on public Wi-Fi?
Public Wi-Fi isn’t the safest way to connect to the internet, but that doesn’t mean you can never use it. It’s great for checking up on social media, watching videos (with headphones on — don’t be that person), searching for a fact to prove a friend wrong, or browsing for things you plan to buy later when you’re on a more secure network. As a general rule, imagine that someone is behind you, looking over your screen. Anything you wouldn’t want them to see, like checking your bank account or other sensitive info, should wait until you’re off public Wi-Fi.
And when in doubt, use a VPN!
How do I know if a website is a potential threat?
Before you click a link, double check the URL by hovering over it with your mouse or pressing down on it on your phone. If this link doesn’t go where it says it’s going, you’re probably not headed to a legitimate site.
Many browsers and some antivirus software will also alert you if a site is not secure and give you the option to return to the last page. You can also check if a site is secure by looking at the URL bar. Secure websites will have a padlock icon beside the URL. The URL itself should start with “https”, not just “http”. This is hidden on some browsers but clicking on the text should open the full URL. However, just because a website has https in the URL doesn’t mean it’s guaranteed to be safe — it’s more secure than http, but it can still be attacked. Clever cyber criminals can spoof a website by making it look secure to trick you into entering personal information.
What’s a firewall anyways?
Firewalls monitor incoming and outgoing network traffic to your devices and block traffic that doesn’t meet security requirements. In other words, it’s like the network version of a bouncer — based on a list of rules, it checks whether or not data should be allowed into your device or turned away at the door.
Firewalls can be hardware, software, or both, and come with most operating systems. Check to see if your devices have built-in firewalls through your device settings.
How do I know if an email is legitimate? My friend asks me about this all the time as they’re always paranoid about phishing!
We’d like to start this answer with a quote from Catch-22: Just because you're paranoid doesn't mean they aren't after you. It’s great that your friend is cautious when checking their emails — but for a little extra reassurance, here are some tips you can share with them.
Knowing if an email is legitimate can be hard but spotting one that’s not is a bit easier. One of the biggest signs of a phishing email is that it’s unexpected. Emails about missed payments on paid accounts, password resets you didn’t ask for, or delivery updates for things you didn’t order are phishing emails more often than not. This is especially true if they include attachments or use urgent or threatening language to get you to take action. You can also look for inconsistencies in the email. Things like spelling errors, poor graphic design, or email addresses that don’t line up with the alleged sender are all clear signs of phishing.
If you’re looking for a handy resource, our infographic on The 7 Red Flags of Phishing might be perfect for that phishing-paranoid person in your life.
I don’t do anything risky online. Why should I care about cyber security?
Unfortunately, no matter how safe your behaviour is, you’re likely to come across a cyber threat when you’re online. Whether it’s a phishing email in your inbox, a sketchy link sent over social media or just a video with bad cyber security advice, cyber criminals are looking to target you while you feel safe — that way, you’re more likely to fall for their tricks.
But if you care about cyber security, you’re always on the lookout for suspicious activity online. And that means a cyber criminal is less likely to catch you off guard, keeping your devices, accounts and personal information in safe hands.
Staying safe online is easy if you have the right information. If we didn’t answer your most pressing cyber security question, give us a shout on social media (you can find the links on our home page) — we’re here to help!