8 Internet Security Tips To Help You Stay Safe
While this article is largely geared towards newcomers to the online world, there are tips here that everybody should be aware of and putting into practice.
Because, like it or not, the Internet is awash with people whose intentions are far from honest – people who want to steal you credit cards and banking information, people who want to steal your money through scams, and even people who want to steal your identity.
You really cannot be too careful these days.
So, here are a few tips to get you going.
Beware Of Phishing Scams
Phishing scams are one of the oldest tricks in the book, and they’re still effective – which is why you still see them.
How this works is that hackers will send you an email that looks like it comes from an official and trustworthy source.
Examples would be email (e.g. Gmail), banks, social media sites (e.g. Facebook, Twitter), government departments, or commerce sites (e.g. Amazon).
The email may look genuine, with the correct logos and names, and on the face of it, any links in that email may look genuine too.
If you click any of the links, you will be taken to a web page that looks real too, and it’s usually a login page.
However, once you enter your details (i.e. username and password), that information is then forwarded to the hacker, who now has the ability to log into your real account with whatever organization they were pretending to be from, and then you might find your bank account has been emptied, or worse.
The good news is there are a few things you can quickly check to make sure it’s safe to click the link, including:
- Do you actually have an account with the company that the email purports to be from? For example, if the email looks like it’s from the Bank of America, but you don’t have an account with them, then you can and should delete the email immediately.
- Who was the email sent to? Genuine companies will usually only send an email to your specific email address, whereas phishing emails sometimes go to a large group of recipients, or they will be sent to an email address that is the same, or similar, to the address the email was sent from. Also, if you do have an account with the company the email claims to come from, then is it the correct email address (i.e. the one you use for that company or organization)?
- How good is the English? Emails from genuine organizations will usually have gone through several stages of review before being sent out, meaning the language used should be close to perfect. However, phishing emails are often created by people who do not speak English as their first language, so you will often find several mistakes (e.g. spelling, grammar, or just phrases that are not quite right) that are red flags.
- Before clicking any link, copy the link (e.g. by right-clicking on it and selecting Copy Link Location, although this may vary by browser) and then paste it into a site such as Wheregoes, which lets you see where a URL really goes to. If the link says it belongs to Facebook but Wheregoes shows it goes somewhere else, delete the email. Also, look out for domain names that look like the real thing, but which are slightly misspelled.
- And lastly, remember the old adage that if it looks like it’s too good to be true (e.g. you have won a lottery you didn’t even enter) then it probably is.
Activate Two-Factor Authentication
Traditional online security has always been information that only you should know, such as a username or email address, and a password.
However, there is a better system that has been around for a while now that also requires something you have in your possession.
This system is called two-factor authentication (aka 2FA), and the most common implementation is, after you enter your primary credentials, to send a text message to your cell / mobile phone. That message includes a code (usually four to six digits) that you then need to enter into the website you’re trying to access.
The advantage here is that, even if somebody has stolen your credentials, they still won’t be able to log in without having access to your phone too.
More and more websites are offering 2FA – on some it’s optional, while on others (e.g. banks) it’s becoming mandatory.
In general though, if it’s an option, you should enable it, which you can usually do from somewhere within your account.
Use A Random Password Generator
Too many people use either passwords that are too obvious (e.g. their child’s or pet’s name), or too short.
These days, with computing power increasing all the time, you need longer and longer passwords to defeat what are known as brute force attacks. These are attempts to log into your account where people keep trying passwords until they hit the right one. (You can see this in action a couple of times in the movie Terminator 2: Judgement Day, for example.)
It used to be recommended that you use passwords that contain a mixture of lower case letters, upper case letters, numbers, and even special characters (e.g. punctuation symbols).
However, based on this article (an archive version of which is here should that link no longer work), that method of creating a password is no longer as effective as it once was.
What the article recommends these days is to create a password that is made up of several real words strung together. An example of this, taken from the above article, would be “bolt vat frisky fob land hazy rigid”.
It’s possible to memorize that, and almost impossible to guess, even via brute force attacks.
And if you are put off by having to remember lots of different passwords, because you really shouldn’t use the same one on every site, then you should consider using password management software.
The one I have used for years is LastPass, but there are plenty of other options out there.
Note, though, that since these utilities may end up storing all of your sensitive passwords for actual websites, the master password that you use to access that password management software absolutely has to be 100% secure!
Change Your Passwords Regularly
Not only should you use secure, hard-to-guess passwords that are different on each site, but you should change them regularly, for added security.
Some sites will force you to do this, but if not, then many password managers (including the one I use), can be set up to remind you to change passwords after a set number of days.
While this may be overkill for all of the sites you access, it does make sense for the more important ones (e.g. bank accounts), for obvious reasons.
Connect To The Internet Securely And Anonymously
Most people connect to the Internet via their Internet Service Provider (ISP), and while it works, it’s not always as secure as you might think.
That’s why buying access to something called a Virtual Private Network (VPN) is recommended these days.
VPNs can either be software you use on your computer, or a physical device that connects to your router / modem.
A VPN (from a reputable provider, of course), can protect you by creating a safe and secure connection, making sure that all data transferred to and from your computers is encrypted – something that happens anyway on certain sites (e.g. banks and any page where you enter financial details such as check-out pages on ecommerce sites).
Another benefit of a VPN is that it keeps your Internet usage anonymous.
And while it’s not related to security, there’s one more advantage – a VPN can make it look like you’re in a different country.
Why is that useful?
Well, some sites only allow access from specific countries. For example, there are some websites that stream TV shows and movies, but you have to be in that country to use them.
Let’s say you are British but have moved to the USA (as is the case with me). You used to enjoy watching the BBC online, but now you can’t because you’re in the USA. Well, a good VPN will allow you to make it appear as though you are still in the UK, so you can continue watching your favourite UK TV shows.
Use Antivirus And Malware Software
You really should be using both of these types of software on any Internet-connected devices, because they serve slightly different needs.
One looks for viruses, which have been around since at least the late 1980s are are getting more sophisticated all the time, and the other looks for other types of evil software, such as Trojan horses and worms.
Again, there are plenty of choices out there. I have used Avast and Malwarebytes for years, and they seem to do their job well.
Remember To Secure Your Mobile Devices
With phones becoming more and more like computers, the same security issues (e.g. phishing, privacy, encryption) apply to smartphones these days, so the same sort of solutions described above should be used here too.
Take Your time
This final tip is not technical in nature, but it’s just as important.
If you’re in a rush, you might feel tempted to click on a link in an email, say, without fully investigating whether it’s safe or not.
So, if you don’t have the time you need, then leave it until later, when you can do your due diligence.
I have to say that, in spite of being online since the late 1990s and having worked in IT for most of my life and being security-conscious, I too was caught by a phishing email a few years ago. I realized what I’d done almost immediately, and was able to remedy the situation before any harm was done – but I fell for it because I was in a hurry.
Conclusion
Remember, Internet and online security is not something you set up just once – it’s something you need to keep on top of at all times.
And with increasingly younger children having access to the online world, either via computers at home or their own smartphones), it’s vital you ensure they are protected too, because the dangers are very real.
Additional Resources
These are suggestions for those who wish to delve deeper into any of the above: