Nowadays, we rely on technology for all sorts of things. However, if you don’t know what you’re doing, you can get hacked or scammed, which can be very costly and time-consuming to recover from. Many people use technology without really understanding how to properly secure it, so here are some tips for staying safe online.
1. Use two-factor authentication a.k.a. 2FA
These days, there are many different ways for people to steal your password. Sometimes you can get tricked into giving it out, other times there are data breaches. Some malware can log your keystrokes and then steal passwords that way. As such, it’s important to have two-factor authentication instead of single-factor authentication. Single-factor authentication is just a username secured with a password and nothing else. Two-factor requires an additional code to log in. With 2FA enabled, someone can’t log into your account even if they stole your password.
There are two main categories of two-factor authentication: text message (SMS) and authenticator app-based 2FA. SMS 2FA is less secure, because it uses text messages, and criminals have been known to socially-engineer phone service customer support and get other people’s phone numbers, which allows them to get someone else’s 2FA codes. The more secure 2FA option is authenticator app-based 2FA, which can use something like Google Authenticator to generate codes using something called TOTP, or Time-based One-Time Password algorithm.
Google Authenticator is available for iOS and Android.
2. Use a VPN (Virtual Private Network)
VPNs are tools that let you establish a secure connection from your device to a VPN server before connecting you to the end servers you’re really trying to connect to. This is useful for both privacy and security. From a security standpoint, they are important if you’re traveling or using an untrusted network, such as a hotel or coffee shop’s wifi. For privacy, they hide your real IP address and sites/servers will only see your VPN’s server’s IP address. To a website, you appear to be coming from wherever the VPN is, not from your actual location or IP address.
Another thing VPNs are useful for is if you live in or travel to a country that censors the internet. VPNs can be used on phones and computers. They used to be more difficult to set up, but nowadays you just install an app and connect.
One potential issue with VPNs is that they might not be trustworthy, which is more of an issue for free VPNs, as opposed to paid ones. A free VPN might be free because it’s collecting information about how you use the internet. In that case, it’s not really worth using because that defeats the purpose of using a VPN at all. The other potential issue affecting VPNs is that if your VPN itself gets hacked, then you are also compromised, thus eliminating any benefits for privacy or security.
Hello Life Skills recommends only using paid VPNs, and you should do a lot of research ahead of time before choosing which VPN to use. Many of the people who write for Hello Life Skills use Express VPN because it isn’t blocked in China, but you might want to use something else instead.
3. Have good password hygiene
A lot of so-called hacking involves people guessing weak passwords. Make sure your passwords are complex, and also don’t reuse the same password on multiple accounts. For example, if you use “#dfgR$%385d8” as your password for Facebook, and then Facebook gets hacked, then criminals might attempt to use that same password and your email address to log in to online banking accounts. People commonly either use predictable passwords (containing things like names or years of birth, or just simple words like “password”), and that can be used to steal your online accounts. A strong password should contain uppercase letters, lowercase letters, numbers, and punctuation, and they should be relatively long too.
That all being said, it’s really hard to memorize all your passwords. These days, people have tons of online accounts, so they take shortcuts like either reusing the same password for everything, having a “base” password that they change (such as using the same “root word” for all passwords and then just adding a couple characters onto the end), using simple passwords, or just writing them down on a piece of paper. These are all bad practices and make your accounts less secure. A better option is to use a password manager so that you can have many different unique, complex passwords, but you don’t have to memorize them all. A password manager requires you to log in with a “master password” and then it lets you access all your other passwords. Some password managers are online, such as LastPass, but some people are skeptical about these kinds of password managers because they are online and could possibly be breached at some point. So some people prefer to use offline password managers, such as KeePass.
Hello Life Skills recommends using a password manager, but weigh the pros and cons of convenience vs. security for online vs. offline password managers.
In addition to account passwords, it’s also important to have login passwords for computers, or lock screen codes for phones, so that someone can’t just open it and see everything on it. And make sure it’s a good combination, not something predictable such as 1234.
4. Be careful about recovery questions
On the topic of passwords, recovery questions are basically another kind of password, even if people don’t think of them that way. When you make an online account, it might ask you to enter recovery questions, which might be things like your mother’s maiden name, town you were born in, name of your first pet, or something like that. If you forget your password, you can use a recovery question to gain access to your account again. This is useful for some legitimate purposes, but criminals can misuse this to try and steal your accounts. If you make public social media posts that let people know the answers to your recovery questions, you are at risk for having your accounts stolen. So Hello Life Skills recommends treating them as extra passwords. You can even store them as notes in a password managers. Also be wary of people asking for very specific questions on social media, such as the mother’s maiden name example. They might seem like they’re just getting to know you better, but in reality they might be trying to steal your accounts.
5. Don’t overshare on social media
Nowadays, it’s easier than ever to share information with other people. However, sometimes people share too much personal information, especially online. This can be used for identity theft, social engineering, account recovery, or even extortion. A lot of oversharing issues pertain to security and identity theft, but some can have more social-related consequences as opposed to hacking-related stuff. Don’t put something online unless you are okay with it being made public. If you send something to someone in a supposedly private message, that person might save it and post it elsewhere for other people to see it. Or your account can get compromised and then the person who steals your account can see what your posted. Privacy and security on the internet are very difficult, so it’s safer to assume that things are public. And once something is publicly online, it’s extremely difficult to get rid of it, because people can save and repost things, such as photos, screenshots of text, and things like that. Think before you post.
6. Install software updates
Nobody likes spending time downloading and installing updates, but it’s still really important. Whether it’s for your phone, router, computer, or smart device, they all need updates. When security researchers find a security flaw in software, they report it and the people in charge of that software issue an update that fixes the security problem. Then, as long as you install the update, you’re not vulnerable to that security flaw. If you don’t install updates, you are at risk for getting hacked. Equifax got hacked because they didn’t install updates on their server. It had a known security problem. Known security issues are called Common Vulnerabilities and Exposures, or CVEs. A security issue will be assigned a CVE number. Check out CVE Details for more information about CVEs.
Also, keep in mind that lots of modern devices are computers, even if you don’t think of them that way. A router is a computer, a smart meter is a computer, a smart TV is also a computer. If it has any sort of network connectivity, it’s important that you keep it updated. However, many older devices no longer get software updates that fix security problems, so sometimes you need to stop using a device unless you want the security risks associated with it.
7. Understand the risks of cloud storage
Lots of people use cloud storage these days. But what exactly is cloud storage? Simply put, the cloud is just other people’s computers. Cloud storage is just storage on someone else’s computer. If you use Google Drive, you are using storage on Google’s computers. Cloud storage can be convenient, especially if your phone or computer doesn’t have much free space, or if you want to back up or share files. However, you need to be aware of the security and privacy issues associated with cloud storage.
Cloud storage providers can get hacked. In addition, even if the provider itself doesn’t get hacked, someone could steal your password and log into your account to see your supposedly private files. In addition, sometimes people accidentally choose the wrong setting and make their files completely public. It can sometimes be a case of accidentally clicking a button or checking the wrong box when you’re doing something related to cloud stuff. Be sure to review all privacy and security settings, and you can also optionally encrypt data before uploading it to cloud storage. Or, just consider that maybe not everything should be put in the cloud, especially not sensitive data that you wouldn’t want other people to see, if it got hacked and made public.
8. Don’t fall for phishing/social engineering
Not all hacking is highly technical stuff. A lot of it just involves tricking people. For example, criminals can pretend to be from companies they’re not. Don’t blindly trust people online, or even on the phone. A scammer might send you an email that says you need to click a link and confirm your bank account details because it was compromised. A lot of scammers do phishing, which is getting someone to enter in their login details on a fake website that is made to look like a real one, and will often include a similar-looking domain name, but sometimes with a misspelling, or different top level domain (such as .net or .co instead of .com). When in doubt, don’t click a link or open an email attachment, and if someone over the phone sounds suspicious, just hang up.
Scammers will try to create a sense of urgency, telling you to do something immediately because they don’t want you to spend time thinking about it. The longer you think about a scam, the more likely you are to realize that it’s not legitimate. In addition, scammers don’t tend to like to take no as an answer. But even if someone pressures you into giving out personal information, such as a password or credit card number, just say no or block them.
9. Remember that people are not accounts
You trust your friend, but that’s not the same thing as trusting what’s posted from their accounts. Let’s say you get a DM from “your friend” on Twitter. You know your friend is trustworthy. But did your friend actually send that link, or was their account compromised? What hackers will often do is something called reputation hijacking, meaning you trust your friends and family and will be less likely to doubt the legitimacy of email attachments or links that they send you on social media. So a scammer will compromise one person’s account, and then send malware or scam links to the people from that person’s contacts. When in doubt, don’t click.
10. Be careful about what apps you install
Whether you’re on a phone or computer, you shouldn’t just install any old random thing. It could be malicious and steal information from your device. If an app asks for way too many permissions, it might be doing so in order to collect and sell your personal information. Be careful about app permissions on mobile, or about running executable files on computers. Keep in mind that some “free” apps make money by selling information about the users. Keep in mind that a lot of malware can be stealthy, so just because you don’t see anything bad doesn’t mean it’s okay. It could be doing something in the background, with no noticeable symptoms on your device. A program doesn’t need a window in order to run.
Technology is very complicated and changes all the time. It can be difficult to navigate through everything. These are just a few starting tips which just barely scratch the surface, but Hello Life Skills will continue to write more about security in upcoming articles. Check back for more tips in the future.
This article was written by Alan and Stephen. You can contact Alan on Twitter here or Stephen via email here.
If you got something out of this, please share it on social media. And what did you find useful? What are some tips that you have that weren’t mentioned here? Please leave a comment below.