Most of us tend to be rather careless when it comes to online security. Until something unpleasant happens. Be smart and don’t fall into the trap of complacency. Follow these everyday online cybersecurity tips so they can become good habits.
Almost everyone has heard the password and online security spiel thousand times by now. And yet, the human element has still consistently been the biggest risk to online security. Which means, either people don’t listen, or they tend to forget.
It’s normal for people to become complacent when nothing happens. Because they think it won’t happen to them, so they forget to stay attentive. That’s why it is so vital to start forming good internet security habits and stick to them.
20 Online Security Practices To Start Taking Up Now
From social engineering to DDoS attacks, cybercriminals have plenty of inventive ways to target people. Forming good security habits help make it harder to get exploited. Follow these 20 security tips to stay safe against the most common types of cyberattacks.
1. It Can Happen at Anytime
The first step towards becoming serious about cybersecurity is realizing that everyone is a target. Hackers mostly target people indiscriminately – they employ automated techniques to reach a lot of people and hope they get lucky. Some call it the “spray and pray” technique.
The point is that everyone’s a target, even if they think they’re too unimportant to be one. Identity theft is a big motivator if there’s nothing else to steal.
2. Manage Social Media Sharing
It’s fun to share every personal detail and event with the world through social media, but it can have severe consequences. Social media networks are increasingly popular targets for attackers because they’re a wealth of information laid bare.
Criminals love getting access to personal data because this gives them information on where people live, what they do, and what they like. This makes it possible to steal from them, manipulate them, or gain access to their secure accounts through phishing attempts.
It’s not necessary to share everything on social media, especially current locations. Also, make sure to check up on privacy and security settings for the social media networks that are being used. Turn on any settings that keep strangers from seeing personal information.
3. Try to Stay Away From HTTP Sites
A lot of people still don’t know that HTTP sites are unsecured and make it easy for hackers to find them. Most sites these days (at least the good ones) use HTTPS as this is a more secure form of browsing.
HTTPS is a combination of the Hypertext Transfer Protocol (HTTP) and Secure Socket Layer (SSL)/Transport Layer Security (TLS) protocol. This means that any data traveling through that connection is encrypted. Motivated hackers might still get through, but they will have a harder time of it.
This is especially important to remember when visiting sites that require login information. If a site doesn’t start with [https://], then don’t enter any information into it.
4. Use Secure Messaging Apps
Just because a messaging app is popular, it doesn’t mean it’s safe to use. Try to stick to messengers that use end-to-end encryption as this is the safest option. This type of encryption means the messages are encrypted by the sender’s device and then decrypted by the recipient.
Messengers that use “encryption in transit” send the texts to a company first, where they are stored on servers. Those servers could be hacked or the company can sell that data.
5. Stay Up to Date
Always keep up to date with software and hardware updates for all apps and devices. These come out for a reason, and they usually contain security patches. Developers create patches for known malware and security flaws in their software.
6. Find and Use a Good VPN
The great thing about a VPN is that it works silently in the background without much effort, making it one of the easiest ways to get a secure connection and keep it that way.
A virtual private network acts as a go-between whenever someone connects to the internet. All of the traffic is first encrypted, then sent through the VPN where it’s decrypted before connecting to the website.
It’s a good idea to get a VPN to keep outsiders from seeing any data that’s being sent over the network, including banking details, emails, travel plans, and online purchasing information.
7. Delete Suspicious Emails
Do not open any attachments or click on any links from an unknown sender. Also, delete unwarranted or suspicious emails, even if it’s from a friend. Hackers often send phishing attacks to a victim’s contact list.
8. Don’t Login on Other Devices
A person might keep their own devices and network secure, but not everyone does. Do not log into accounts with sensitive information on other people’s devices. Their device could already have been compromised. Or it could become compromised in the future with all that personal data ready for the grabbing.
9. Avoid Public WiFi When Possible
The convenience of public WiFi has spread all over the world. It’s become popular to the point where people can travel without ever connecting to their mobile network. The only problem is that when something like that becomes so popular, the wrong sort of people take notice too.
Public WiFi has become a major target for hackers because it’s easy to breach and gives them access to a lot of people. Especially business people with troves of sensitive company data and documents. So it’s best to avoid public WiFi when possible, or at least use a VPN when connecting to one.
10. Beware of the Telltale Phishing Signs
Phishing attempts are becoming more targeted, but the core identifying markers of these attempts are mostly still the same. Whenever receiving any sort of online communication or text message, look out for:
– Bad grammar/spelling
– The message starting with “Dear Customer” or another type of impersonal greeting
– A sense of urgency which states that action has to be taken right now
– Unwarranted downloads or attachments
– URLs that don’t look the same as the ones a bank or other company normally sends.
Also, don’t respond to friend requests or messages from strangers on social media, and definitely don’t click on any links they send.
11. Create Regular Backups
Most people don’t think to back up the data, photos, or files on their personal computers and mobile phones. That’s something that businesses are supposed to do, right? Wrong.
Electronic devices are hot property that could get stolen at any time, and all of the data they contain go with them. Theft aside, there are cyberthreats too – like ransomware. Individual people don’t get targeted by ransomware as much as companies do, but it does happen. Avoid having to pay a costly fee to get files and data unlocked by doing regular backups.
12. Go Through Accounts From Time to Time
Things might seem well and dandy because everything’s running smoothly, but hackers are smart. They hide their malware and snooping software in hard to find places and do everything they can to avoid detection.
Make a point to periodically go through your main accounts and check for suspicious behavior. It could be anything. From an email subscription that the account holder didn’t sign up for, to small changes in security settings.
13. Be Careful With Online Shopping
Online businesses are a major target for cyber attacks. They hold a lot of sensitive data like credit card details and personally identifying information.
All of that data could land in the wrong hands if they don’t have reliable security systems in place. Plus, if they aren’t using a secure connection, then hackers could intercept any exchanges and steal a customer’s money and details too.
Unfortunately, there’s no real way to know if an online shop is doing all they can to protect customers’ data. That said, never shop on a site that doesn’t have an SSL certificate (the https:// extension). An SSL certificate means that they are encrypting transactions on their website so hackers cannot intercept them.
From the buyer’s side, they should also always make sure never to save their card details on an account. It might be annoying to have to type in those details every time you make a purchase, but it’s safer.
14. Become Best Friends With 2FA
Two-factor authentication is a great additional layer of security that anyone can (and should!) add to their accounts. Not all accounts have this feature, but people should make use of those that do offer them.
An account that has 2FA enabled will send an additional security prompt to another account or device. That security pin or answer has to be entered into the login attempt within a small window of time. Otherwise, the login fails, and the person cannot get into the account. Passwords can get compromised, and two-factor authentication can keep cybercriminals at bay even if that happens.
15. Delete Old and Unused Apps
The problem with apps is that they are potential entry points for malicious invaders to gain access to a smartphone. Even if an app is completely legit, it could be lacking in the security department, allowing attackers to take advantage of a security flaw.
Delete any apps that you don’t use anymore or no longer receive updates from the developer. When software stops receiving updates, it might mean that the developer has abandoned the project. Which could open up new security holes that they haven’t yet identified.
16. Think Twice Before Clicking on an Ad
That flashy advertisement could be a wolf in sheep’s clothing. Cybercriminals hide their sketchy websites behind alluring advertisements and pounce on anyone who clicks on them. Only click on an ad if it’s really necessary and stay vigilant.
If the ad opens up to a website that doesn’t look like what was being advertised, then close it quickly. Pay close attention to the URL while the website loads, as well.
17. Password Management is Key
Passwords are often the only thing standing between users’ accounts and hackers getting access to their information. It’s therefore vital that these passwords are protected at all costs. Following good password hygiene is important, and getting a password manager is a good option too.
This will help a lot with remembering hard passwords. It will also keep people from reusing a password for multiple accounts, which is a very bad idea.
18. To Plug or Not to Plug? Think Carefully
Plugging in any unfamiliar external devices is always a risk. There’s no real way to know what the drive has been plugged into and whether that device was compromised. If it’s a friend’s or colleague’s drive, run the computer in safe mode first before plugging it in and scan it for any viruses.
19. Check Up on Bank Statements
One of the easiest ways to determine if an important account has been hacked is to check bank statements regularly. Any strange or unauthorized purchases, no matter how small, are an indication that an account (or accounts) have been compromised. The harder part comes in when it’s time to identify which one is the culprit, but the statements sometimes provide a clue.
20. Try Email Encryption
Anyone who sends emails of a particularly sensitive nature should invest in email encryption software. Especially freelancers or remote workers who deal with business over email. Though this can be a good option for anyone, who doesn’t want their emails hijacked by cybercriminals.
Emails can be used to identify a person and gain information about their accounts. That information can then be used in targeted phishing attacks that are hard to discern from the real thing.
We also interviewed several security industry experts about their daily internet security tips.
Brandon Ackroyd from Tiger Mobiles writes;
My top tip for internet security you should include in your daily routine is to get your employees to use Universal Second Factor (U2F) on all logins that contain sensitive information. It’s similar to Two Factor Authentication (2FA) which is an additional layer on top of your username and password (usually a one time code generated from your smartphone). Many financial websites already use 2FA but U2F is more secure. This year I expect more businesses and vendors to start promoting its use and offering it to prevent data theft, SIM hijacking etc.
U2F will grow because 2FA, while better than nothing, it is inherently insecure.
- No shared secret (private key) is sent over the internet at any time.
- No sensitive or confidential information shared due to public key cryptography.
- It’s easier to use as there is no retyping of one-time codes.
- No personal information is associated with the secret key.
My other top tip is that any workplace that is storing files in services like Dropbox, Google Drive, OneDrive etc. should encrypt sensitive files client side before they upload them. That way, they are adding a second layer of security. The tool we use is https://cryptomator.org/
While most cloud storage providers offer their own encryption, they have the encryption key. So you can’t always be sure that the key is safe and that your information is secure.
Many people use the cloud for convenience, so as well as the data being encrypted by Dropbox, it’s worth encrypting them locally via Cryptomator as another line of defence. It’s straightforward to use, you download Cryptomator, create vaults in your Dropbox, Google Drive or wherever you like. Assign a passphrase and move the files into the virtual vault drive that’s created. Here’s a video.
I’m not affiliated with the company, just a fan and user of the product. Myself and staff all use it daily for both business and personal use. Even though we’ve never suffered a data breach I wish I’d know about it from the word go as I’d have felt more confident uploading sensitive files to the cloud.
Gabe Turner director of content at Security Baron, says;
Regular security habits
I make sure to arm my security system whenever I leave my home. I have notifications turned on so that I’m notified if any of my alarms go off, or if my camera detects a person. We also make sure to check my livestream periodically to make sure everything is okay, as well as the status of my smart locks. Personally, I put my smart light bulbs on a schedule so that it seems like I’m home when I’m not. Plus, if anyone comes to my front door, I’m notified immediately via my video doorbell, and can see and speak to them from there. Or, if I’m not feeling particularly social, I can just play them a pre-recorded messages, again, making it appear that I’m home 24/7.
I use many security tools in my daily life. One example is my smart security camera, which has person detection and even facial recognition. It notifies me not only when it detects a person, but also with the name of who it detected, or, if the camera hasn’t seen the person, I get an unfamiliar face alert. This makes it easy for me to stay on top of my home’s security remotely, with minimal effort put in. Like I said before, I also use smart light bulbs set on a schedule to make it seem like I’m home when I’m not, as well as video doorbells so it seems like I’m answering the door from inside. Burglars are much less likely to rob a home if they think someone is home, so these simple solutions prevent them from even trying with my home.
Preventing website hacks
There are a few things I do to prevent my website from being hacked. One, I use a password manager to create a unique, long and complicated password for each of my many accounts. It also alerts me if my credentials were found in my email’s inbox or the dark web, both of which could leave me vulnerable to hackers. I also use a Virtual Private Network, otherwise known as a VPN, which encrypts my web traffic in a tunnel. Finally, I set up two or multi-factor authentication for all of my accounts to make sure that the right person is accessing them, either through a passcode on a mobile device or biometrics like fingerprint and facial recognition.
I personally don’t run my office’s internal network, but to prevent hacking, I employ the same strategies as above (password managers, VPNs, and two or multi-factor authentication). I also recommend that each user has anti-malware software, anti-virus software, and pop-up blockers. Employees should also be trained on how to recognize phishing emails, which have gotten significantly more convincing in recent years.
Brent Shelton at Bospar says;
A new consumer survey from ExpressVPN reports that less than 20% read terms of service (ToS), but what might be worse yet for web/app designers is thatLess than 35% of consumers trust brands to uphold their ToS, and more than 42% of consumers think that brands often change ToS without telling the user. Trust is a hage factor and making sure your ToS is up to date and you communicate this with your users is paramount.
The study also finds that 30% of Americans say they now use a VPN (up from less than 20% in a similar 2018 study), with more than half responding that they use a VPN to thwart hackers. Half of VPN users also say they use it for protection and confidence when using public Wi-Fi. Meanwhile, 42% use VPNs for preventing sites from tracking them (based on IP address).
Whether dealing with vendors or working outside of your protected network, the security experts at ExpressVPN suggest utilizing a VPN for personal, and small office environments to help encrypt files and protect your personal and financial information from bad actors, as well as your ISP.
Ray Walsh over at Pro Privacy says;
What regular security habits do you undertake within your business, home or workplace?
Internet users must always ensure that all their accounts and devices are properly protected with passwords, as this will ensure that nobody can gain access. Passwords must be robust and unique for every single account they own in order to stop hackers from gaining access to multiple accounts if one is compromised.
Robust passwords must be difficult and must contain a mix of numbers, upper and lower case characters, and symbols. Due to the fact that large numbers of unique, robust passwords will nearly always be too difficult to remember, consumers are highly recommended to use a secure password manager to manage their accounts.
All internet users should engage in careful email monitoring and proper spam controls. When emails arrive from unknown sources, great care should be taken to ascertain the legitimacy of the sender. If an email contains links or downloads, it is always better to proceed with extreme caution because it is possible that the email could contain malware or links to websites that have been compromised.
When surfing the web, it is important to always keep a watchful eye on the websites that you visit. Secure websites will start with the prefix HTTPS, and will contain a little lock to the left of the URL. If a website is HTTP it is not secure, and your data including your payment details and login credentials could be exposed to a man in the middle attack.
Do you use security tools? If so, which ones and why?
An up to date antivirus is essential in order to catch any unwanted code that is downloaded accidentally. An active antivirus should not only regularly scan a computer for malware, but also be ready to quarantine any malicious code that is downloaded on the fly.
A firewall should be set up in order to stop any unwanted incoming communications from the internet. And, the very best firewalls can even be set up to monitor for unwanted outgoing traffic that could be malware communicating with a Command and Control server belonging to a cybercriminal.
All internet users must ensure that they always patch all the software that they use, this includes apps, programs, and operating systems. Out of date software can give hackers an easy way to gain a foothold on your system, which is why it is essential always to monitor for and take updates and patches as soon as they are made available.
In addition, it is an extremely good idea to purchase a subscription with a VPN. A VPN encrypts all of the data coming and going from your devices in order to stop your data falling victim to a man-in-the-middle attack. This is especially important for people who regularly use public WiFi hotspots because hackers could potentially intercept their traffic to steal their credentials, passwords, card details, and other sensitive private information. A VPN solves this problem by ensuring that the data is always securely encrypted as it passes over the local network.
How do you prevent a user from hacking into your website?
In order to stop hackers infiltrating your website, it is important to always stay up to date on possible threats. Your web developer should be somebody who is competent with website security and who is keeping themselves abreast of any emerging vulnerabilities that could allow hackers to take control or inject malicious code into the site.
Access to admin pages for the site must be strongly protected with unique passwords that cannot be guessed, and those passwords should be updated on a regular basis. Limiting the number of login attempts permitted can stop hackers from attempting to brute force access. Dual factor authentication is another way to ensure that hackers cannot easily gain access if the worst does happen and employees have their password lifted via phishing.
Admin pages can be hidden in order to stop them from being searchable on Google and other search engines. This will stop hackers from stumbling on those sensitive web portals.
All components of the website, apps, and software used in its architecture must be kept up to date and any redundant components should be removed to ensure that there is nothing creating a possible attack vector that is not strictly needed.
A Web Application Firewall should be set up to scan every bit of data coming and going to the website server. By deploying a cloud solution in front of your web server you can protect your site against unwanted traffic such as spammers and malicious bots. It will also stop hackers from performing cross-site scripting, SQL injections, and remote file inclusions.
Employing a cloud service to do packet inspection is an effective way to protect against incoming DDoS attacks that could render a site unusable and cause downtime for employees and users.
Do you have an internal office network with multiple users? What security measures are in place to prevent hacking and the accidental sharing of malware attachments?
Education is the key to ensuring that employees are well prepared not to infect company systems with malware. Employees should be trained to watch out for malicious websites and phishing emails that could cause infection.
Staff should also be trained to watch out for potentially dangerous executable files that come attached to emails.
Endpoint security is essential in order to protect against possible infection with malware either arriving from the internet or via physical devices plugged into USB ports, for example. Firewalls and antivirus programs should be enabled and should be up to date.
Network admins should ensure that access to different parts of the network is properly protected with passwords and that employees only have access to those parts of the network they actually require.
Segregating and segmenting corporate systems and setting up rules and software restriction policies can help to stop the lateral movement of malicious code within a network. It can also help to protect against insider attacks.
Active monitoring of data within a network using monitoring software can stop the spread of ransomware and other exploits laterally within a corporate network.
Network admins can also restrict which websites staff can access in order to stop them falling victim to insecure HTTP websites and to blacklist sites that are considered more susceptible to malware exploits such as drive-by downloads.
Victor Congionti Co-Founder & CIO of Proven Data explains;
I couldn’t agree more that data security is too commonly ignored in the assumption that cyber attacks will not victimize them. However, it is often the case that businesses and consumers with an apathetic attitude are the targets of cyber crime. With my experience as a Co-Founder and Chief Information Officer, I have actionable insight to help both organizations and consumers alike stay safe and promote better cyber hygiene.
1) What regular security habits do you undertake within your business, home or work place?
→ Make it a habit to regularly backup your data to both cloud and local storage locations. Using the 3-2-1 backup method (three backups total = 2 in different offsite locations and 1 onsite, offline) which can better guarantee a successful recovery in the case of a ransomware attack. Creating a regular to backup data means you’ll always have the most recent version of a file when you desperately need it.
2) Do you use security tools?
→ Businesses should ensure they have downloaded endpoint malware security platforms that can track suspicious behavior happening on a computer or network system. These tools often stop certain attacks (such as ransomware) from spreading throughout a network and infecting other neighbor computers in the business. We also recommend enabling Two-Factor Authentication across all login portals and utilizing a physical security key, if possible.
3) Which security tools do you use, and why?
→ We recommend Sophos AMP for it’s dedication to patchwork and proven track record of detecting incoming cyber attacks. The team behind the endpoint software uses modern threat intelligence to improve the framework and help defend against a wide variety of attack vectors and vulnerabilities. We also recommend using Yubico YubiKey Security Key which helps serve as a proper physical security login key, which can be carried around with you always to log into your accounts (such as email)
4) How do you prevent user from hacking into your website?
→ Prevent SQL injection attacks in which cyber attackers try to send malicious script code into input fields & forms on your website which can help gain them access into the network. Error-based SQL injection is like a “roadmap” that can return important server information when the information is input wrong.
5) Do you have an internal office network with multiple users?
→ If your office space uses an internal network and server which hosts all data and network activity, it’s critical the proper security steps are taken to reduce the risk of falling to a cyber attack. RDP (Remote Desktop Protocol) ports need to be properly closed from outside, unauthorized users. This is a common vulnerability that many are unaware that has been left open when the network was set up.
6) What security measures are in place to prevent hacking and the accidental sharing of malware attachments?
→ Many email service providers (such as GMail) provide a quality built-in spam filter which automatically deletes malicious emails with malware attachments. However, the system isn’t proven to be perfect, and cyber criminals are more directing their attacks (via email) in more clever ways such as spear-phishing. Once the cyber attacker gets the email recipient to rust in them and download an attachment, the malware is spread throughout the network. Educate your staff on emerging cyber threats such as phishing, which are becoming more difficult to detect, and employees must become the first defense to stop these attacks.
It’s important that we all work together to share this awareness and help improve the culture around data security, which can protect consumers and businesses of all sizes. With more resources and action, many cyber threats can be mitigated and we can promote a future of better cybersecurity.
Jamie Cambell Founder of GoBestVPN writes;
What regular security habits do you undertake within your business, home or work place? Do you use security tools? If so, which ones and why?
Some habits you can build up starting now are:
1. Use a password manager. Not only do they store your passwords, but also help you generate secure ones.
2. Use a VPN. Today, everyone is tracking you. Whether you’re doing anything illegal or not, using a VPN (or VPNs) help scramble your online behavior.
3. Stop opening strange links. This is an easy one but a lot of people still can’t get it right.
How do you prevent user from hacking into your website?
This entirely depends on your set up. First, your servers need to be locked down and files encrypted. Second, your administrative login process should be secure (secure login credentials and URL, whitelist IPs). Third, watch what your website is running on, if it’s WordPress, are you up-to-date with the latest core updates? Are there third-party plugins and are they up-to-date?
Do you have an internal office network with multiple users? What security measures are in place to prevent hacking and the accidental sharing of malware attachments?
I’ve worked with numerous companies with these conditions. I’d say in most cases, the problem is the lack of education and responsibility. Once you train and educate employees on the importance of data protection and security, and once you make it aware that they are also responsible for these aspects, they start taking things seriously.
Some of these tips might be common, but repetition can’t hurt. In fact, when it comes to forming good habits, repetition is great. So keep these valuable tips in mind every day, and soon online security will feel like second nature.
Angelo has been involved in the creative IT world for over 20 years. He built his first website back in 1998 using Dreamweaver, Flash and Photoshop. He expanded his knowledge and expertise by learning a wider range of programming skills, such as HTML/CSS, Flash ActionScript and XML.
Angelo completed formal training with the CIW (Certified Internet Webmasters) program in Sydney Australia, learning the core fundamentals of computer networking and how it relates to the infrastructure of the world wide web.
Apart from running Sunlight Media, Angelo enjoys writing informative content related to web & app development, digital marketing and other tech related topics.