Almost all of us are online these days and much of our personal information is as well. Most Americans have at least two devices which are connected to the internet and used to conduct personal business and share personal information. This means that we are constantly vulnerable to being hacked by all sorts of different entities.
There are currently between 5 and 10 million attacks online every day (see a live view of current attacks – https://threatmap.checkpoint.com/ThreatPortal/livemap.html) and we are all being targeted. We’re being targeted by governments that are spying on us, by criminals that want to steal our money or identity, by attackers that want to take control of our computer or device to use it in a larger scale attack and by companies that want to know our personal details to market their products to us. None of these actors are considering our best interest only their own agenda.
Below I provide some essentials tips to stay as secure as possible online. Even with these things in place one can never be fully secure but the frequency and types of attacks are increasing exponentially as times passes making security ever more critical.
Some basic steps to stay safe online:
The most basic form of security is the password. However today passwords are very easy to crack thanks to the power of modern computers. The days of creating an easy to remember and easy to type password are long over. To be at all effective today passwords must be long and complex which means you can’t easily remember them or type them in.
A secure password should be at least 12 characters in length (or longer) and contain a mixture of lower and upper case letters, numbers and symbols. Here is an example: J3cp82!01K?(
It should not contain any actual words or any personal information as that would make it much easier to crack. Using Childs names, birthdays, your favorite color will make your password useless meaning I could crack it in about 2 minutes.
Its also important to use a different password on every site or service, never reuse the same password and when you change your password it needs to be changed to something completely different not just changing a few characters. This is because if one service is compromised attackers immediately try that password on all the other services you use which means all your services are compromised if one of them is. This is all too common and usually works very well for the attacker because people are in the habit or reusing passwords.
So, if you need to create a complex password for every site how do you keep track of them all much less use them to log in without going crazy? The answer is a password manager. There are several password manager apps that will keep track of all your passwords for you for each site you use. You only need to enter the password once into the password manager (the password manager will even generate strong passwords for you) and then you can simply copy and paste it in when you need to use it or have the password manager insert it for you. These are the two password managers I recommend:
Dashlane (https://www.dashlane.com) or 1password (https://1password.com)
They both have versions for Windows, MacOS, iOS and Andriod. These allow you to have fully secure passwords and to be able to keep track of them and enter them easily without compromising security.
Two Factor Authentication
Even with complex secure passwords they still can be cracked or otherwise discovered and compromised. One way to shore up the inadequacies of passwords is with two factor authentication. This means you enter a password but have to provide some other piece of information in addition to it. This is good because even if your password is compromised its not enough for the attacker to get in.
The most common form of two factor authentication are text codes. Once you log in with your password, the site sends a text message to your phone with a code which you then type in. An attacker would then need to have your phone in order to access your account. Most services include an option for two factor authentication including Google, Facebook, Apple/iCloud, Microsoft and more. However, with some of these you have to turn it on manually to start using it. Consider this absolutely essential.
Besides stealing people’s login info the other common way an attacker gets into a system is by exploiting a bug or flaw in the software. Software including operating systems, apps and programs and online services are filled with bugs or vulnerabilities that attackers can discover and take advantage of. Bugs are found every day in all types of software systems. When they are found if the manufacturer knows about them they create an update to patch or fix that flaw preventing it from being used by attackers.
However far too many people don’t apply updates and so there are a great many systems out there with known vulnerabilities which have not been patched. It is estimated that 25% of people install an update right away, another 25% within 3 months, another 25% within a year and the remaining 25% not at all. This leaves millions of vulnerable systems out there and attackers use those systems every day to commit all sorts of crimes and fraud.
So, it is an essential practice to install updates as quickly as possible and to even setup automatic updates wherever you can. If your system is up to date it is much harder to hack.
Another important step for staying safe in the digital world is making sure you have security software installed, activated and up to date. We used to call this anti-virus software but today it covers more than just viruses. Malware is the general term for any type of software that should not be on your computer, was put there without your consent and is doing something that is not in your best interest. Most of our computers have built in security software which helps to keep the system safe but generally we need to install a third party product as well to cover all the bases.
I recommend Avast free anti-virus. It has versions for Windows, Mac and Android. Avast is free unless you want the premium version but the free version will check your files for infection, it will check email and it will check web sites you visit which are the main ways to get infected. If you are already infected or think you might be I recommend a product called MalwareBytes which can help clean your computer and can be used in place of Avast if desired although they are both very good.
If you are on Windows, Mac or Linux your computer comes with something called a firewall which protects it from certain types of attacks from the internet directed at standard services like web browsing and email. It is important to make sure your firewall is turned on by going into your security settings because often firewalls are not turned on by default unfortunately.
When you browse the web today you are being tracked every step of the way by many entities from ad companies to Facebook and Google to the government. This is usually done for marketing purposes but also fro criminal intentions and surveillance. It is primarily done by sites dropping a little file on your computer called a cookie which leaves information the site (and other sites) to keep track of you. Tracking allows companies to know what sites you visit, what products you buy, what your preferences are and what you read and search for online. This gives them a very effective profile of your personality and behavior. You can see it when you view a product on Amazon and then see ads for that product on Facebook and in your Gmail.
The best way to prevent at least some of this is to use a privacy friendly browser. I recommend using Firefox because it is a fast open source browser made by non-profit Mozilla, a web pioneer. On the Mac Safari is also a good open but I prefer Firefox. A great add-on for Firefox to shore up your tracking protection is Privacy Badger from the Electronic Freedom Foundation. It adds a full layer or tracking protection to your browsing experience.
Some final suggestions
- Be careful with links and attachments – When you are browsing the web only visit sites you trust and never click on a link in an email unless you can confirm the sender. This is true for email attachments too because they are a primary way for an attacker to get access to your system. Never open an attachment from an unknown sender or any attachment that looks suspicious. Get in the habit of scrutinizing these things instead of impulsively opening or clicking.
- NEVER give anyone your login info or password, period. Don’t give this information our no matter who is asking for it even if it seems official, no official source will ask for this kind of info. Don’t respond to an email asking for it, don’t text it to anyone and don’t give it over the phone even if the requester says they are with your bank or the government. NEVER give out login credentials to anyone for any reason.
- Make sure your phone is locked, our phones have our personal info in them so your phone should have a password or PIN or Touch ID before it can be used.
If you want to know more about how we are vulnerable electronically now and into the future I recommend the book ‘Click Here to Kill Everybody’ by Bruce Schneier who is one of the leading CyberSecurity researchers and a Harvard fellow.