Google’s ‘Security Princess’ gives top 4 tips vs online attackers

YUJI-Google Photo2

Google’s ‘Security Princess’ Parisa Tabriz  PHOTO/YUJI GONZALES

The Internet may feel like a safe haven for today’s digital natives, but the truth that web users should remind themselves every day is it’s not.

For Parisa Tabriz, dubbed as Google’s “Security Princess,” a full security in the internet is never guaranteed no matter how much precaution you put into place, especially when attackers like hackers are very determined and well-funded.

But Tabriz, who manages Google’s information security engineering team, noted that users can always try to make it difficult for attackers to exploit them and their personal data.

“We have more challenges ahead for sure, but we have a shared responsibility to secure the internet,” Tabriz told Manila-based journalists in a video conference at Google Philippines’ headquarters in Taguig.

In line with the celebration of Safer Internet Day last Feb. 7, Tabriz shared the following four security tips to maintain a safe and secure online environment:

  1. Don’t reuse or share same password.

“Hackers know that people reuse the same password, and so what they will do is target especially weak websites to extract passwords from all users of that website, look at a full database of passwords, and try to use those in other multiple platforms. When you use the same passwords, it’s more like a secret—the more people you tell about it, the more likely it is to be known,” Tabriz said.

Acknowledging the difficulty in remembering a different password for every single site, Tabriz recommended the use of a password manager, which makes it possible for the technology to remember different passwords across multiple platforms.

  1. Never log in on shared computers and strengthen the security settings of your account

Tabriz said shared public computers are more likely to have malware in a form of keylogger, which can remember keyboard strokes and possibly send passwords to attackers. “Think of it as having a lot of germs from other people. You don’t want to put something sensitive into something that has a lot of germs,” she said.

The Google security princess urged users to verify their account security settings where they can check the places and devices where they logged in their accounts and use a “second layer” of protection through the two-step verification process.

“If you don’t own an iPhone and you see that somebody who has an iPhone has logged in to your account, then that might be suspicious. What’s more important to do here is to add a second-factor authentication to your account because there is a risk that your password gets leaked,” Tabriz added.

  1. Be mindful of all software or applications you install on your computer and phone

“This is challenging because if you’re not a security expert, or even if you are a security expert, it’s difficult to tell what’s a legitimate software versus an attacker trying to fool somebody,” Tabriz said.

The security expert recommended the use of Google Safe Browsing which “regularly scans all sites on the web and opens every website in its own quarantine machine.”

“Based on the behavior of that site, based on our online analysis, we will be able to determine if this site is bad and put it into a blacklist. If you try to log in to these sites on Chrome, instead of directing you to that site, we are going to send you a red warning,” she added.

  1. Keep your software up to date

Tabriz highlighted the importance of regularly installing updates because they usually come with security updates that solve critical security bugs. “If you are not installing those updates, then you leave yourself open and vulnerable to attackers,” she said.

Aside from the above-mentioned tips, Google also recommends the following measures to avoid being a victim of cybercrime:

-Use a long password made up of numbers, letters and symbols.

-Many services will send an email to you at a recovery email address if you need to reset your password, so make sure your recovery email address is up-to-date and an account you can still access.

-Don’t reply if you see a suspicious email, instant message or webpage asking for your personal or financial information.

-Never enter your password if you’ve arrived at a site by following a link in an email or chat that you don’t trust.

-Don’t send your password via email, and don’t share it with others.

-Beware of strangers bearing gifts. If someone tells you you’re a winner and asks you to fill out with your personal information, don’t be tempted to start filling it out.

-Do your research. When shopping online, research the seller and be wary of suspiciously low prices just like you would if you were buying something at a local store.

-When in doubt, play it safe. Only click on ads or buy products from sites that are safe, reviewed and trusted.

-You should always lock your screen when you finish using your computer, laptop or phone. For added security, you should also set your device to automatic lock when it goes to sleep.

-Use secure networks. It’s good to be extra careful whenever you go online using a network you don’t know or trust—like using the free Wi-Fi at your local cafe.

-Know your Google security and privacy tools (2-step verification, account settings, incognito mode, Google Dashboard, Ads Settings, Google+ Circles).

Read more...