You couldn’t go through the latest news without hearing some form online privacy or security breach.
Hacked…breached…phishing…these words can strike fear into the heart of anyone who uses IT and accesses the internet.
And that applies to an individual who surfs the internet for fun, to a major corporation with huge online presence.
Some damage might be more severe than others, though it’s all relative depending on your situation.
But for some reason, there is still complacency about the need to take extra measures to protect yourself online.
I’m not talking about making sure you don’t say anything online that you wouldn’t say face-to-face (though everyone should follow that rule).
But I’m talking about the need to make sure that all of your online activity is protected and secure enough.
You wouldn’t allow anyone to go through your most private documents, read your diary or be able to take your bike.
In fact, you would probably go out of your way to hide them, get the best lock possible and ensure they are more secure than Alcatraz prison.
So why is it when most of your life is now online, you do not use the same measures to protect yourself online?
It doesn’t have to be that hard.
And you don’t have to be a cyber security expert.
Just follow the advice below, and you would have made a huge difference to your online safety and privacy.
1. Use a Password Manager
Using strong passwords is perhaps the most important part of securing yourself online.
If you think you are being on about making “password” as your password, then you are kidding yourself.
Most people would hesitate about using a password manager as you are essentially storing all of your details in one place.
But it is impossible for your brain to be able to remember every single password, for every single website, which is unique and have a combination of small and capital letters, numbers and special characters.
Anything which is better than your memory should be encouraged to use.
Password managers don’t need to be perfect, they just need to be better than *not* using them which they unequivocally still are https://t.co/nVG5G6RAWx
— Troy Hunt (@troyhunt) April 1, 2017
The most popular password managers are the likes of LastPass, Dashlane and 1Passwords.
2. Do Not Write Down Your Passwords
I tweeted a while back at my shock that this product actually exists:
— Ahmed Khalifa (@IamAhmedKhalifa) April 4, 2017
That’s like having a tag on your keychain that states your address, because you know, just in case someone has found your house key and wanted to return it.
Or will they?
Unfortunately, not everyone is that honest if they have access to something that is considered to be private.
It’s not just about that journal above. Don’t write it anywhere.
Don’t write it down in a notepad and hide it.
Don’t write it on a sticky note
Even worse, don’t write it on a sticky note and then stick it on your monitor.
Why? Why would you do that?!
You wouldn’t write down your PIN and stick in your wallet, would you?
Just don’t write it down.
3. Beware of Free Public WiFi
Where there is free WiFi, people tend to flock.
Especially if you are abroad, have run out of internet data, or don’t want to pay for extra data.
Like a moth to a lightbulb, we just draw to anywhere which has free WiFi at a time of need.
And I’m not any different.
But when you start sharing private information such as your login details over public WiFI, you are inviting other sophisticated hackers to see them thanks to the public WiFi.
So just to clarify, there are huge dangers of using public WiFi.
But what can you do to prevent this?
First of all, do no use password-free WiFi. You risk being the wounded animal surrounded by hyenas waiting for you to fall in the trap.
Once you start typing your login details, you are exposed.Using public WiFi comes with a big risk to your online security and privacy Click To Tweet
Those public venues with password-protected WiFi are slightly better, but not when their password is pretty weak.
Too many times their password tends to be the name of the company.
You may as well just not bother having a password in the first.
But if you must use public WiFi, password-protected or not, the best way to protect yourself is to use Virtual Private Network (or VPN).
In the most basic form, a VPN allows you to hide the location of your IP address when you are accessing websites, which consequently protects you from snooping hackers.
Sure there are free VPNs out there, but when something is free, you are paying for it somehow, like lack of security.
So my advice is simply either pay for a premium VPN or don’t use one at all.
My current VPN of choice is NordVPN, which I use on my desktop, laptop, tablet and mobile when accessing public WiFi.
Even if you are carrying out sensitive acts such as digital banking and online payments, it is recommended to use a VPN for extra protection.
4. Keep Your Software, Programmes, Plugins & Apps Updated
Another very common reason why hackers have success with accessing other devices is simply because you have not carried out any updates.
This could be any of the below:
- Your Windows, iOS or any other operating system on your desktop, laptop, tablet or smartphone
- The programs you have installed or downloaded on your desktop or laptop
- The apps you have downloaded on your devices
- Your WordPress software, themes and plugins
- Browser extensions and add-ons
- And any other online tools
As well as improving functionalities, introduce new features, improve speed, battery life, etc, another main reason for the updates is for security reasons.
Some are minor; others are major.
Let’s be clear; there is no such thing as 100% secure tools.
But it’s important to make it as difficult as possible for the hackers by securing yourself as much as possible.
Behind the scenes, developers are constantly working hard to fix any security loopholes which they or someone else have discovered.
But it is up to you to make sure that you have updated them.
There has been evidence that older versions of a particular tool have been the cause of hacks because the developers are not continuously keeping on top of it.
And users who are using these discontinued/unmaintained tools run the risk of having security loopholes on their devices and websites.
In fact, Wordfence has carried a survey in 2016 where the top reasons for a site been hacked are because of plugins which could be abandoned by developers and/or not updated by site owners:
So stay on top of your updates.
5. Don’t Click on Suspicious Links in Emails
You would probably think twice about replying to an email from a prince who has cash lying around and needs to transfer it to you.
But hackers are becoming more and more sophisticated about encouraging you to click on a link which takes you to a fake version of a popular retailer e.g. Apple or Amazon.
Below is an example of how sophisticated phishing are getting with some more examples here.
— Jason Murray (@_JasonMurray) February 1, 2017
In some cases, if you have entered your details in a fake website, your login details have been compromised.
In other cases, if you click on a link within those emails, you have been compromised and gave access to the hackers.
It doesn’t matter how quickly you close the browser, run an anti-virus or shut down the computer.
It is too late.
If that happened to you, you are best off getting an expert to help you or follow some professional guidelines.
- changing your passwords asap
- checking your bank account for fraudulent transactions
- if necessary, blocking your credit cards
But when you receive any emails which ask you to click on a link, think about whether it’s genuine or not.
For example, check the email address that has sent you the email. More often than not, they will not end with a familiar as @[brand].com such as @apple.com or @amazon.co.uk.
If you are on a page which asks for your login details, check the address bar. Is the URL correct and does it have HTTPS?
If you have received a message from a courier or retailers stating that your order has been cancelled, delivered or made, has it really?
You are probably asked to click on a link to “check” your order.
Instead of clicking on the link within the email, it is best to click on the spam icon at the top of your email or block that email.
6. Protect Your Emails from Peering Eyes using ProtonMail
You probably didn’t realise it, but someone or something is reading your emails right now.
Yep, while you are reading this, your sent and received emails are being read to help gather as much data about you as possible.
What’s the purpose of this?
Use your personal information to create adverts and make money about you out of your online behaviour.
Gmail is the main culprit of this:
Somewhat worryingly, even Google has made it clear that you shouldn’t expect privacy when sending to or from Gmail.
Even if you are not keen on changing your email address, it’s worth considering registering your name at ProtonMail.
For those who don’t know, ProtonMail was founded by 3 CERN scientists in Geneva, Switzerland and provides an end-to-end encrypted email account.
With the increase in awareness on privacy, more people are avoiding the popular email platforms in favour of those which focus on privacy.
You are likely to find your name being available, which is a rarity nowadays if you are used to the likes of Gmail, Hotmail/Outlook and Yahoo.
But on top of that, you can rely on ProtonMail to provide encrypted and fully secure email service.
7. Use DuckDuckGo; A Privacy-Based Search Engines
Out of all the recommendations mentioned above, this one is probably the most difficult one.
Avoid using Google.
Don’t get me wrong, Google is incredible.
The products that they have built, the branding, their community, their creativeness and initiatives.
You can’t fault them; they have built a hugely successful business.
But the price of using their search engine for free is that they gather data about you in return.
It might sound innocent, but there is a very good chance that Google knows more about you than you think.
And that’s why I use DuckDuckGo, which has been my homepage for a number of years and my number 1 choice of search engine.
Their focus is privacy-based searches:
- they don’t store your personal information
- they don’t follow you around with ad
- they don’t track you, regardless of whether you are in private browsing mode or not (you are not really private in incognito)
If you think they are not popular, think again as they have recently reached 10 billion private searches…and counting.
I can’t claim to say that I don’t use Google at all.
Their search engine is useful for certain SEO tasks, hacks or to find content ideas.
Google Analytics is my number one analytic tool, while Google Docs and Sheet are incredibly useful for collaborative work.
And I even use their G-Suite to link the custom company email to Google’s products.
So it’s difficult to stay away from them; I can admit that.
But I have reduced the number of times I use their search engine.
It doesn’t mean that they know nothing about me.But it does mean they know a heck of a lot less about my personal life, and that’s better than before.
Round-up of All Tools
So just to round it all up, below is a list of tools that I have mentioned above:
One of my favourite excuses for anyone who doesn’t care about protecting themselves online is this:
“I don’t have anything to hide”.
If you have heard that, I always reply the same way:
“OK, can you write down your email address and password of your email for me?”
They will always reply “No!”, to which I always reply with:
“But I thought you said you’ve got nothing to hide. You were happy and quite relaxed about anyone gathering data about you and happy for them to access it, but not me?”
More and more of your life is going online, so it only makes sense for you to start taking online security and privacy very seriously.
And even if you don’t follow the advice or use all of the tools above, at least don’t do anything crazy; like writing down your passwords.
If you did, burn it. Throwing it in the bin will not be enough.
How secure are you online? Do you take it seriously? If not, why not? I would love to hear what you think in the comments section below.