Follow these easy tips to protect the security of your devices, your data, your internet traffic, and your identity.
If a major shopping or financial site suffers a data breach, there’s not much you can do about it except change your password, get a new credit card, and possibly freeze your credit. Protecting against that sort of attack is just out of your hands. But there are many kinds of security problems that hit closer to home.
Ransomware could effectively brick your computer until you pay the ransom. A data-stealing Trojan could lift all your secure logins. Fortunately, there’s a lot you can do to defend against these local problems.
Making your devices, online identity, and activities more secure really dosesn’t take much effort. In fact, several of our tips about what you can do to be more secure online boil down to little more than common sense. These 12 tips for being more secure in your online life will help keep you safer.
1. Install an Antivirus and Keep it Updated
We call this type of software antivirus, but it actually protects against all kinds of malicious software. Ransomware encrypts your files and demands payment to restore them. Trojan horse programs seem like valid programs, but behind the scenes they steal your private information. Bots turn your computer into a soldier in a zombie army, ready to engage in a denial of service attack, or spew spam, or whatever the bot herder commands. An effective antivirus protects against these and many other kinds of malware.
You may be thinking, wait, isn’t antivirus built into Windows? Not only is Microsoft Defender Security baked into the operating system, it automatically takes over protection when it detects no other antivirus, and just as automatically steps aside when you install third-party protection. The thing is, this built-in antivirus just doesn’t compare with the best third-party solutions. Even the best free ones are way better than Windows Defender. Don’t rely on it; you can do better.
One more thing. If your antivirus or security suite doesn’t have ransomware protection, consider adding a separate layer of protection. Many ransomware-specific utilities are entirely free, so there’s no reason not to try a few of them and select the one that suits you best.
2. Explore the Security Tools You Install
Many excellent apps and settings help protect your devices and your identity, but they’re only valuable if you know how to use them properly. Understanding the tools that you assume will protect you will go a long way toward them actually protecting you. For example, your smartphone almost certainly includes an option to find it if lost, and you may have even turned it on. But did you actively try it out, so you’ll know how to use it if needed?
Your antivirus probably has the ability to fend off Potentially Unwanted Applications (PUAs), troublesome apps that aren’t exactly malware but don’t do anything beneficial. Check the detection settings and make sure it’s configured to block these annoyances. Likewise, your security suite may have components that aren’t active until you turn them on. When you install a new security product, flip through all the pages of the main window, and at least take a glance at the settings.
To be totally sure your antivirus is configured and working correctly, you can turn to the security features check page on the website of the AMTSO (Anti-Malware Testing Standards Organization). Each feature-check page lists the antivirus tools that should pass. If yours shows up in the list but doesn’t pass, it’s time to contact tech support and find out why.
3. Use Unique Passwords for Every Login
One of the easiest ways hackers steal information is by getting a batch of username and password combinations from one source and trying those same combinations elsewhere. For example, let’s say hackers got your username and password by hacking an email provider. They might try to log into banking sites or major online stores using the same username and password combination. The single best way to prevent one data breach from having a domino effect is to use a strong, unique password for every single online account you have.
Creating a unique and strong password for every account is not a job for a human. That why you use a password manager. Several very good password managers are free, and it takes little time to start using one. The good thing is that when you use a password manager, the only password you need to remember is the master password that locks the password manager itself.
4. Get a VPN and Use It
Any time you connect to the Internet using a Wi-Fi network that you don’t know, you should use a virtual private network, or VPN. Say you go to a coffee shop and connect to a free Wi-Fi network. You don’t know anything about the security of that connection. It’s possible that someone else on that network, without you knowing, could start looking through or stealing the files and data sent from your laptop or mobile device. A VPN encrypts your internet traffic, routing it though a server owned by the VPN company. That means nobody, not even the owner of the free Wi-Fi network, can snoop on your data.
5. Use Two-Factor Authentication
Two-factor authentication can be a pain, but it absolutely makes your accounts more secure. Two-factor authentication means you need to pass another layer of authentication, not just a username and password, to get into your accounts. If the data or personal information in an account is sensitive or valuable, and the account offers two-factor authentication, you should enable it.
Two-factor authentication verifies your identity using at least two different forms of authentication: something you are, something you have, or something you know. Something you know is the password, naturally. Something you are could mean authentication using a fingerprint, or facial recognition. Something you have could be your mobile phone. You might be asked to enter a code sent via text, or tap a confirmation button on a mobile app. Something you have could also be a physical Security Key; Google and Microsoft have announced a push toward this kind of authentication.
If you just use a password for authentication, anyone who learns that password owns your account. With two-factor authentication enabled, the password alone is useless. Most password managers support two-factor, though some only require it when they detect a connection from a new device. Enabling two-factor authentication for your password manager is a must.
6. Use Passcodes Even When They Are Optional
Apply a passcode lock wherever available, even if it’s optional. Think of all the personal data and connections on your smartphone. Going without a pass-code lock is unthinkable.
Many smartphones offer a four-digit PIN by default. Don’t settle for that. Use biometric authentication when available, and set a strong passcode, not a stupid four-digit PIN. Remember, even when you use Touch ID or equivalent, you can still authenticate with the passcode, so it needs to be strong.
Modern iOS devices offer a six-digit option; ignore it. Go to Settings > Touch ID & Passcode and select Change Passcode (or Add Passcode if you don’t have one). Enter your old passcode, if needed. On the screen to enter the new code, choose Custom Alphanumeric Code. Enter a strong password, then record it as a secure note in your password manager.
Different Android devices offer different paths to setting a strong passcode. Find the Screen Lock settings on your device, enter your old PIN, and choose Password (if available). As with the iOS device, add a strong password and record it as a secure note.
7. Pay With Your Smartphone
The system of credit card use is outdated and not very secure at all. That’s not your fault, but there is something you can do about it. Instead of whyipping out the old credit card, use Apple Pay or an Android equivalent everywhere you can. There are tons of choices when it comes to apps. In fact, we have an entire roundup of mobile payment apps.
Setting up your smartphone as a payment device is typically a simple process. It usually starts with snapping a picture of the credit card that you’ll use to back up your app-based payments. And setup pretty much ends there; you’re ready.
How is that better than using the credit card itself? The app generates a one-use authentication code, good for the current transaction only. Even if someone filched that code, it wouldn’t do them any good. And paying with a smartphone app completely eliminates the possibility of data theft by a credit card skimmer.
Some smartphone payment apps let you pay online with a similar one-time code. If yours doesn’t, check with your credit card provider. Bank of America, for example, has a program called ShopSafe that works like this: You log into your account, generate a 16-digit number as well as a security code and “on-card” expiry date, and then you set a time for when you want all those digits to expire. You use the new temporary numbers in place of your real credit card when you shop online, and the charges go to your regular account. The temporary card number will not work again after it expires. Other banks offer similar services. The next time your credit card company or bank calls you to try and sell you upgrades, ask about one-time use card numbers.
8. Use Different Email Addresses for Different Kinds of Accounts
People who are both highly organized and methodical about their security often use different email addresses for different purposes, to keep the online identities associated with them separate. If a phishing email claiming to be from your bank comes to the account you use only for social media, you know it’s fake.
Consider maintaining one email address dedicated to signing up for apps that you want to try, but which might have questionable security, or which might spam you with promotional messages. After you’ve vetted a service or app, sign up using one of your permanent email accounts. If the dedicated account starts to get spam, close it, and create a new one. This is a do-it-yourself version of the masked emails you get from Abine Blur and other disposable email account services.
Many sites equate your email address with your username, but some let you select your own username. Consider using a different username every time—hey, your password manager remembers it! Now anyone trying to get into your account must guess both the username and the password.
Never underestimate how much your browser’s cache knows about you. Saved cookies, saved searches, and Web history could point to home address, family information, and other personal data.
10. Turn Off the ‘Save Password’ Feature in Browsers
Think about this. When you install a third-party password manager, it typically offers to import your password from the browser’s storage. If the password manager can do that, you can be sure some malicious software can do the same. In addition, keeping your passwords in a single, central password manager lets you use them across all browsers and devices.
11. Don’t Fall Prey to Click Bait
Part of securing your online life is being smart about what you click. Click bait doesn’t just refer to cat compilation videos and catchy headlines. It can also comprise links in email, messaging apps, and on Facebook. Phishing links masquerade as secure websites, hoping to trick you into giving them your credentials. Drive-by download pages can cause malware to automatically download and infect your device.
12. Protect Your Social Media Privacy
You can drastically reduce the amount of data going to Facebook by disabling the sharing platform entirely. Once you do, your friends can no longer leak your personal data. You can’t lose data to apps, because you can’t use apps. And you can’t use Facebook to log into other websites (which was always a bad idea).
Of course, other social media sites need attention too. Google probably knows more about you than Facebook, so take steps to manage your Google privacy, too. Make sure you’ve configured each social media site so that your posts aren’t public (well, all except Twitter). Think twice before revealing too much in a post, since your friends might share it with others. With care you can retain your privacy without losing the entertainment and connections of social media.
This article offers excellent cyber security measures that you should apply. However, knowing, choosing, and implementing the right tools for your environment can take a lot of research and time. We are here to offer our expertise, so that you can focus your time and energy on your business!
If you are in the market for a managed service provider that specializes in cyber security – CALL US! We can assess your IT environment, identify areas that can be improved and implement inexpensive, effective cyber security measures to keep you safe.
Email us at email@example.com or give us a call at 732.780.8615 to get more information, or to schedule an appointment with one of our trained professionals.