The internet makes most things easier. With just a few clicks you can do your shopping, plan a trip, find the name of that one actor in that one movie (you know the one), and connect with friends and family. Unfortunately, the internet makes things easier for criminals too.
If someone gained access to your email account, or your bank account information, your identity and financial future would be in danger. If you manage online accounts for your work or a nonprofit, those would be vulnerable too. Thankfully, there’s a lot you can do to protect yourself online, and we put together a list of best practices you should follow.
1. Ditch Your Bad Passwords
We all know how hard it is to remember passwords, especially since every online service wants you to create a new account. But don’t forget the golden rule of account security: don’t use the same password for multiple accounts.
Imagine this scenario: You shop online once at a new retailer, create an account, and never go back. A year later, their site is compromised and someone has your account info, and the password for that account is the same as for the email you registered with. Anyone with access to your inbox can get into any accounts you use that email for by using the “Forgot your password?” option. That almost always sends you a secure link to change your password in an email, but if someone else is in your inbox then it isn’t actually secure at all!
Use different passwords, or at least unique variations on one base password, to minimize that risk. If you want to go completely random, you can even use a tool like Norton’s Password Generator. If you’re coming up with your own, keep these rules in mind:
- Make it at least 8-12 characters long
- Use mixed-case letters, numbers, and punctuation.
- Change it every three months
2. Always Use Two-Factor Authentication
Since most people have a smartphone in their pockets these days, passwords aren’t the only way to provide security. Many sites and services offer two-factor authentication, sending a code to your device when you login from a different computer or phone, in addition to your password, to verify your identity. In other words, it requires “something you know (your password) and something you have (your device).”
It doesn’t take very long to enable two-factor authentication for services that offer it, and it makes it much more difficult for anyone to hack into your account.
3. Be Careful What You Share Online
If feels like there’s a new data breach in the news every week, with businesses from banks to big box retailers all vulnerable to attacks. In 2015 alone, 121 million records were compromised by external hackers, compared to half that number in 2014. It boils down to this: the more places your information is stored online, the more likely it is that your account information will turn up in someone else’s hands.
There’s not much you can do to prevent data breaches, but you can be careful where you share your info. If you’re shopping online, use gift cards when possible, and use credit cards over debit cards since they offer more fraud protection and don’t allow hackers to draw funds directly from your checking account. Also, don’t send sensitive information like your login info over email or chat services like Skype or Facebook Messenger.
4. Don’t Fall for Phishy Emails
Phishing is when someone tries to fool you into giving them your information online by pretending to be a legitimate business or figure. For a long time, the go-to example for this was the email from a Nigerian prince who just needs access to a foreign bank account to get his fortune out of the country, which he would gladly share.
We laugh, but phishers have gotten more sophisticated. A recent study by Intel asked individuals to look at 10 real emails and identify all the phishing attempts. 80% of people surveyed missed at least one, and it only takes one successful phishing attempt to compromise your accounts.
Phishers will try to disguise themselves as a company or person you’re familiar with, like a popular retailer, a friend, or even the HR department at your employer. Any links in phishing emails are a trap, directing you to a fake page that either installs malicious software or tries to trick you into entering login information.
If you’re attentive, you can identify most phishing emails by following these guidelines:
- Look for misspellings and grammatical errors.
- Don’t click any suspicious links.
- If it’s supposedly from someone you know, call and check.
5. Don’t Let Kids Surf Unsupervised
The rules for kids in real life are simple: don’t talk to strangers, look both ways before you cross the street, and don’t be out too late. Set ground rules the same way before you let your kids go online. Teach them to be careful before clicking links or downloading anything to avoid accidentally installing something harmful.
If you trust your kids to get online by themselves, make sure you have an antivirus software and/or web blocker installed in case they slip up. The internet’s such a big part of society today, it’s difficult to keep kids away from it entirely, so focus your energy on educating them to be smart, safe web surfers instead.
Keep Your Eyes on Internet Safety
Follow our guidelines and you’ll be much less susceptible to online attacks. New online services and tools become available everyday, along with new ways to hack them. To truly protect your online identity, follow the news and keep up on the latest advances in security, phishing techniques, and compromised businesses. The safest web surfers are the ones who stay vigilant!