The internet is becoming more pervasive in our everyday lives. Most of us use the internet as part of our job, children use it in schools, an increasing number of banks, merchants, utility companies, and healthcare providers offer completely paperless transactions that rely on secure accounts and emails. With the increase in our daily online activities, we are at risk of falling victim to any number of web-based hazards like worms, viruses, ransomware, phishing, malware and other scams. Whether we realize it or not, the need for awareness and protection from these dangers is necessary. Here are 24 easy tips you can (and should) use to help you stay safe online:
Currently, the commonly accepted wisdom in choosing a password is: length matters. If someone was trying to hack a password and using a computer to do it, then it doesn’t really matter if you use a number, lower case letter, upper case letter, or symbol, because it's all the same to a computer. The importance is how many characters you use. A computer would have a much harder time guessing a password with 28 characters than one with 8. A good password should be long, random, easy to remember, but hard to guess. The best example of this is explained in the “correct horse battery staple” comic below:
You should use a different password for each site. In the event that one account gets hacked, they won't be able to have instant access to all of your other accounts. Of course, you should also use a password for your computer. Don't worry, many operating systems and web browsers include secure password management tools so you don’t have to remember all your passwords.
23. Use Linux
Linux is a free, open-source operating system that can be used instead of Windows. Many viruses, worms, and other malware exploit known vulnerabilities in the Windows operating system. If you use a Linux operating system, you have automatically protected yourself from most malware threats and viruses. Ubuntu, the most popular distribution of Linux, comes with a built-in firewall and virus protection software. The recent WannaCry ransomware worm did not infect any Linux computers, as it exploited a Windows vulnerability to encrypt files. In fact, 98% of the infected computers were running on the unsupported and unsecured Windows 7 operating system!
22. Delete Old Accounts
Do you have an old Myspace account sitting around, gathering dust? Delete the data and close any account you aren't currently using. If you think you may use the account again someday, you can temporarily suspend it. People with less-than-good intentions can use the information you shared in an old social media account to build a false profile that claims to be you, then use that data to scam or phish your friends and family. Even your active accounts can potentially be cloned, and unsuspecting family and friends might think it is you. If you get a friend request from someone you're already connected to, verify they have created a new account before accepting the request!
21. Antivirus Software
Get virus protection software, keep it up to date, and scan your computers and devices regularly. Often you can get virus prevention and removal software for free from your Internet Service Provider. If yours doesn't offer it, there are free and paid versions of virus protection software from a lot of vendors. Update the software regularly to ensure you are protected from the latest malware.
As always, make sure that any software you download is reputable and comes from a trustworthy site. Some viruses actually come under the guise of anti-virus software. Malware can and often does tag along with other legitimate downloads from less-than-secure sites. Scammers can be very sneaky.
Some verified anti-virus programs are:
You do get a few extra bells and whistles with the paid versions of the software, but the free versions offer a good, basic level of protection.
20. Rogue Antivirus or Security Software
Some malware presents itself as anti-virus software, tricking you into installing the virus. Always choose a program with plenty of verified reviews, and make sure you get it directly from the software provider or a trustworthy download site. The names of bogus antivirus software can be very convincing, and may use words like "defender", "antivirus" and "secure".
19. Use a Firewall
A firewall is software that prevents unwanted visitors from accessing your computer. You may be able to find free firewall software, but make sure it's from a reputable company, and that you get it from a reputable download site. Recent versions of Windows have pretty good firewall protection built in, as does the more recent version of Ubuntu. It is important to make sure you have it configured correctly, and that you haven’t turned it off. If you use a router, that will generally provide some firewall protection. If you use a lot of open connections like in airports and coffee shops, a firewall becomes even more important.
18. Know the Scams
Stay up to date on the latest scam so you don’t fall victim to it. Let your friends and family know about them so they don’t get taken in either. But make sure it is really a scam, you aren’t doing anyone a favor by forwarding false information. In some cases, scams can actually be cleverly disguised as a scam warning, just as some viruses are spread by a virus that is masquerading as virus protection software.
17. Keep Software Current
Software is constantly being updated by developers and programmers, and updates often have the latest security patches built into them. In fact, all of the infected computers in the most recent ransomware outbreak had one thing in common: outdated operating systems and virus software. The simple act of keeping your operating system, antivirus software, and web browser up-to-date will do a lot to protect you from viruses, browser hijacking attempts, and malware when you're online.
16. Keep Personal Information Secure
If you can’t remember your passwords and have to resort to writing them down, keep them in a safe place. Don’t store your password on a sticky note taped to your computer, cell phone, or other device. If you keep your passwords in a computer file, give the file a boring, misleading name like “Children’s Shoe Sizes” or “Retirement Party Invitations.” That way if you do get hacked, it's unlikely they will bother to look in that file.
15. Don’t Use Open WiFi Without Protection
If you must access the Internet in a cafe or somewhere else with public WiFi, always use a Virtual Private Network (VPN) connection, and never log in to your bank account or other private accounts that contain sensitive data without one. Learn more about VPNs here.
14. Direct Message or Email Whenever Possible
Never announce your vacation plans on social media or publicize the fact that you will be out of the house for an extended period of time. Most people don’t need to know that kind of information, and those that do, should be told on an individual basis using email or private messaging.
13. Be Aware of What You Share
While it is nice to get hundreds of birthday wishes from friends on Facebook, do you really need to make that information public? Many secure accounts use personal information like your birth date to validate your identity, so it might be wise to make sure it's not readily available on your public profile.
12. Make Stuff Up
Sometimes accounts require you to create password hints. You can make them up, or mix them up. Use your elementary school instead of your high school, or replace your mother’s maiden name with the name of your first pet. Whatever you choose, just make sure it is something you will remember.
11. Back Up Your Data Regularly
It's a good idea to regularly back up important files. You can do this with an external hard drive, or by saving to a cloud. Not only will this protect you from sinister forces like hijacking attempts, but it also protects you from your average everyday computer crash as well.
10. Check Your Online Privacy and Security Settings
9. Know Before You Click
Always verify the authenticity of an email before you click on a link or opening an attachment. Check to make sure the email address matches the source.
For example, a bank or credit card company will probably never send you an email from a Gmail or Yahoo account. The sender's email address should be from the domain name of the company it is coming from.
What is the best way to deal with unsolicited emails, or messages with unknown attachments? Delete them. The adage “If it is too good to be true, it probably is” is especially true on the internet. All the "Nigerian Princes", and "long-lost relatives" have probably spent all their money anyway.
8. Verify Sites Before Entering Sensitive Info
Most reputable companies will not ask you for any sensitive information by email. Before giving any personal information to a website link that came in an email, do your best to make sure the website is legitimate. If you feel uneasy about a site, there's probably a good reason for it. If there are frequent misspelled words, sketchy phrasing, and inaccurate information it could be a red flag that something isn't right. Phishing sites will often try to mimic legitimate sites like banks, shops, and the Internal Revenue Service.
7. Shop Only at HTTPS Protected Sites
HTTPS is the secure version of HTTP, the communication protocol used on the web. If you are shopping online, always make sure the site is secure by confirming that "https://" occurs at the beginning of the website URL. You can add extra security yourself with the use of the browser extension HTTPS Everywhere that gives an extra layer of encryption to prevent hackers from accessing your data while browsing with what is known as a “man in the middle” attack.
6. Be Extra Careful In the Dark Alleys of the Internet
If you leave the beaten path of the ClearNet and venture out into the DarkNet, you need to use a good bit of extra caution. You can learn more about the DarkNet, here.
5. Log Off When Done
When surfing the web on a shared computer, or a computer that others can access, it is always a good idea to log off of everything when you are finished. If you leave the computer while you're still logged on to even something as mundane as a social media account, you are asking for trouble. If nothing else, a co-worker may come along and post inappropriate things in your name. Now imagine what kinds of damage could be done if you forgot to log out of your bank account!
4. Tips on Paying Ransom – Don’t!
If you are unfortunate enough to get hit by a ransomware attack, the general consensus is don’t pay the ransom. Paying the ransom rewards the criminals, and often they don't provide you with the decryption anyway. Once they have your money there is no incentive for them to decrypt your files. Again, remember to back up your data frequently.
3. Keep Your Children Children Safe Online, Too
- Educate themselves about malicious hacking, phishing, malware, and viruses
- Educate their children about them, too
- Check out the sites their children visit frequently
- Set time limits for children being on the computer
- Keep open communication with children about what they see and do on the Internet
- Supervise children’s computer use
- Use Family Protection software
- Use a nickname instead of their real name
- Never meet an “online friend” in person
- Only accept friend requests from people they know
- Tell an adult if something feels weird, creepy, or if someone asks to meet them
- Never divulge personal data like names and addresses to people they don’t know
- Never post photos or videos of themselves
2. Stay Secure on Your Cell Phone
Don’t get so caught up with who you are talking to, or what you are doing online that you forget to pay attention to what is going on around you. Always be aware of your surroundings.
You might want to protect your phone with a puzzle, passcode, or password, especially if you have a habit of leaving it lying around or losing it. Most people leave their phones logged in to secure accounts, which would give anyone who finds it unauthorized access to your phone, and a lot of personal data.
1. Monitor Yourself
Check your bank account and other secure accounts often for any signs of suspicious activity. If you don’t have a credit monitoring service, check your credit reports regularly. You are entitled to a free credit report from each of the three major credit reporting agencies once per year, and there are also websites that offer free credit monitoring, advice, and reports. Once again, be sure to check the reputation of the site before you hand over any sensitive personal information.
Warning signs you may have been hacked:
- Unexplained charges, bills, or withdrawals
- You stop getting bills or other mail
- Notices that your information may have been breached
- Your check bounces or your bank card is declined
If you think your identity may have been compromised, the Federal Trade Commission has a website at IdentityTheft.gov that gives tips and a plan of action to report it and minimize the damage.
- By Wayne Porter