Get advice on how to stay safe online

how not to get hacked

Cyber-security sounds like something straight out of a cheesy ‘90s movie. BUT. The fact of the matter is, the Internet is here to stay, and more and more of our lives are being lived online. And no one likes getting hacked. 

Hackers can wreak havoc on your personal lives (and your credit scores). It can take years to untangle the mess of identity theft or fraud. Who needs it? That's why the Department of Homeland Security has declared October Cyber-Security month. 

So let's all pretend we're living in the movie Hackers, and take a few minutes to defeat the bad guys. 

We interviewed Kyle Welsh, BECU Chief Information Security Officer, to brief us on what we need to do to keep safe online. If you want to get hacked…just don't follow this advice.

1. Passwords. Do they really matter? Can't hackers find a way around them?

Passwords matter more than anything else – and usernames. Don't underestimate the power of a good password! 

Think of your passwords like toothbrushes:

  • Change them frequently

  • Don't share them

  • Don't leave them lying around

  • The longer you brush, the better 

Use a combination of numbers, special characters, lowercase and capital letters to create passwords that are at least 12 characters long. I recommend using pass phrases – a string of words that have meaning to you but will create a long password (such as Hackers1sUnder@ppreci@ted). 

Don't use your email address for your username – it's too easy to find your email on the Internet, and then hackers have half the equation. 

Try to use separate passwords for every account. 

While you're updating passwords and usernames, make sure your addresses, email addresses and phone numbers are up-to-date and accurate.

2. I know using different passwords is important, but how the heck are we supposed to remember super long passwords for every account?

Yeah, that's tough. I personally use a password manager. All you have to do is remember one password. The manager remembers the rest for you and stores them securely in the cloud. I like LastPass and Dashlane. Both have good security measures in place. 

3. How do I know if I've been hacked?

Go to the website haveibeenpwned.com and enter your email address and any usernames you use. This free service will tell you if you've been hacked. It's a good source. We recommend it to our employees here at BECU.

Note: “Pwned” is internet slang for “owned,” “dominated” or “beaten.” It can be pronounced as owned or as poned.

Some signs that you may have been hacked:

  • You have programs that suddenly don't work

  • New files have appeared or files you didn't delete are now missing.

  • You have new programs or internet browser toolbars.

  • Random, frequent pop-ups appear

  • People in your email contacts are getting fake messages from you.

  • Money is missing from your bank account or you're getting bills to pay for online purchases you didn't make.

4. What do I do if I've been hacked?! Should I throw my computer across the room, or....?

  1. Disconnect from the internet.

  2. Get a computer savvy friend to assist if needed.

  3. Run a complete scan with an anti-virus/spyware scanner you trust.

  4. Contact your financial institution and credit card companies to alert them to a potential issue.

5. I hear social media can be risky, but...I just can't quit.

Just be careful with what you share. Check your settings to make sure only friends can see what you post, or at most friends of friends. 

Don't post when you're going to be traveling. Don't share your address. Don't make your email public. Don't take pictures with sensitive information in them. And set good passwords! Social media has made it much easier to steal people's identities. 

6. Why do hacking scenes always take place in coffee shops and airports? 

Because public Wi-Fi makes it easier on the hackers. Assume that everything you do on public or free Wi-Fi can be seen by other people. Refrain from conducting sensitive activities such as online banking or shopping. If you are browsing, make sure the websites you're using are encrypted. Encrypted sites have URLs that begin with https – the “s” stands for secure.

7. Is mobile banking safe?  

It is if you're using a legitimate app provided by your financial institution. Anyone can develop an app with no safety evaluation and many are malicious. The Apple store verifies apps and eliminates ones that aren't legitimate. But Android and Windows don't have the same system in place. 

I always check to see how many reviews an app has. Not what the rating is – how many people have reviewed it. The more, the better. 
There are some things that you can do to make your phone more secure.

  • Create a complex password to unlock your device or use fingerprint authentication if you have it.

  • Enable encryption

  • Enable remote wipe capabilities

And when it comes to our mobile app, have a little patience, grasshopper. The reason your accounts take a few seconds to load when you first open the app is because we wipe all your information from your phone every time you log out. So when you log back in, your app has to pull all that data in from the remote server, where we're guarding it securely with a ring of fierce dragons (well...not really. But we are working to keep your information safe!). 

Links to our official, safe-to-use app:
iTunes Store
Google Play
Windows