5 Tips for Staying Safe Online

Posted by Jarren Long at 2016-06-22 16:34:59

When it comes to using computers, mobile devices, and the Internet, it amazes me how safe people feel, and how many of those people fall victim to viruses, malware, and identity theft. While everyone seems to think that the Internet is a safe place, the truth is that the Internet is the complete opposite!

Unsafe

The same goes for your computers, your mobile devices (cell phones, tablets, your smart car, etc.). Anything that is connected to network of other devices can be prone to exploitation. Though the internet is not safe, there are certain steps that you can take to at least attempt to protect yourself.

1. Be Cautious, Be Suspicious

First and foremost, if you are online, you need to be cautious. It is very safe to assume that for every legitimate website on the Internet you could find, there are 50 more that look almost identical, but are designed specifically to trick you into clicking on a link to post to your Facebook, instead downloading and installing malicious software on your computer or mobile device. If you are browsing websites like Facebook, Twitter, etc. Check the top-left corner of your web browser for something that looks like this:

HTTPS

This simple little green lock image and "https://" text indicates that the website is being sent to you using a SSL Certificate to encrypt your data. If you click on this icon, you can read additional information about the website to verify that the website you are looking at actually matches the certificate. If it doesn't, get out of there! It's probably a scam.

If a website doesn't quite look right to you, proceed with caution (or get out of there). As I said before, many websites are created specifically to look exactly like another, legitimate website. Scammers try to use these look alike websites to fool you into giving up personal information and download viruses/malware/trojan horses/etc. If you think you are looking at facebook, but the Facebook logo image the wrong color, it's probably not legitimate. Watch out for the little details; even something like the font used for text on the webpage could be slightly off. Finally, keep an eye on the URL for the website. A domain name can only be registered to ONE person, so if someone was trying to make a fake Facebook (I'll just keep using them as an example), they might register a website to http://www.facebok.com (notice that "book" is spelled wrong). If you weren't paying attention, you could end up looking at the scammers website (luckily, Facebook has already thought of this, as have most other major website owners). One other sneaky trick that scammers use is to post fake links. As an example, the following link says it goes to Twitter. Use your mouse to hover over the link, but don't click it.

Go To Twitter

While you are hovering over the link, look in the bottom left corner of your web browser. The text says "google.com", doesn't it? If I were a meaner person (I am, but I try to play nice), I could have easily made that link take you to the nastiest adult material you could (or could not) imagine. Just because a link says that it does something doesn't necessarily mean that it really does what it says. Always check what you are clicking on before you click on it!

Finally, don't be afraid to be a little suspicious while online. Does your grandmother really need your social security number? When did your cousin move to Nigeria and become a prince? When you are talking to somebody online, you are talking to an Anonymous entity (more or less); treat them as such. If something seems unusual or out-of-the-ordinary, refer back to the "be cautious" tips above.

2. Use Secure Passwords

Passwords are at the heart of security. If we don't have some form of secret key to use to lock our data away, it could be taken as easily as taking candy from a baby (seriously, who does that?). For anyone who hasn't already seen these tips a hundred times, here they are again:

  • Your should always use a strong password. Make it 10 characters or more in length, or use a whole sentence! Make sure there are uppercase and lowercase letters, numbers, and symbols included. If you can see it on your keyboard, you can use it in a password (so use it)!
  • Never reuse passwords! If you reuse usernames and/or passwords for all of your social sites, it only needs to be stolen once for you to have all of your social sites compromised. And for the love of computing, DO NOT use the same credentials for your public data (such as social sites) and private data (such as your bank account)!! I will repeat this: DO NOT use the same credentials for your public data (such as social sites) and private data (such as your bank account)!! One more time: DO NOT use the same credentials for your public data (such as social sites) and private data (such as your bank account)!!
  • Use a password manager application: If you take the advice of the two bullet points above, you're going to have a lot of complex passwords to remember. Is your memory not as sharp as it used to be? Get a Password Manager application. These programs are specifically designed to remember these passwords for you, and securely store them on your computer/mobile device.
  • When possible, use Two-factor Authentication: Two-factor authentication is a way of making sure you are really you when logging in to a website. There are many forms of this, but most people rely on password+text message approach, where you enter your username and password to login to the website, and then a randomly generated confirmation code is sent to your phone, which you also have to enter into the website to prove that you are really you.

3. Use a Secure Network Link

There are multiple ways to connect to the Internet these days. All laptops and many desktop computers come equipped with a WiFi adapter that allows you to connect to a wireless network, as do most mobile phones and tablet devices. Many of these devices also have the ability to use a cellular network to connect to the Internet. Finally, there is always the good old-fashioned wired connection to a switch/router. Whatever method you use, you need to consider how secure the connection itself is.

Public WiFi is by far the most insecure connection method currently available. This is a concept commonly seen at your local Starbucks, or anywhere there is a business offering WiFi. Public WiFi is so insecure because it is, well, public, meaning that ANYONE can use it. For public WiFi to work for everyone, security measures that are normally used with WiFi connections are often disabled. Oftentimes, this means that anyone who is currently using the same public WiFi hotspot that you are has complete access to the network, AKA complete access to see any data you send over the network. In some cases, they can also see files and data stored on your computer or mobile device.

When using public WiFi (or any network connection), it is very wise to use a Virtual Private Network (VPN) connection to help secure the data you send and receive from your device. A VPN connection allows you to safely connect to a private network over a public network, and encrypts your data while doing so. This allows you to send and receive your data over a public connection securely, greatly reducing the chance that your data can be seen by prying eyes. A VPN, though secure, does not protect your PC itself. When connected to a network, be sure that you also have a firewall enabled and running on your device. A firewall is a program (or standalone device) that selectively blocks traffic to and from your device, which can be used to stop people from getting into your computer. A firewall is highly recommended to be used at all times. Under normal circumstances, your computer will already have a free firewall installed and enabled right out of the box (such as Windows Firewall), but your mobile device may not (if not, visit your device's App Store and search for 'firewall' to download and install one).

4. Use Antivirus AND Anti-malware Programs

Let's face it: at some point in time (no matter how safe you are online), you are more than likely to inadvertently acquire some malicious software. If you don't want this to be a daily occurrence, make sure you have quality antivirus and anti-malware software installed and running at all times. Not all quality software costs money; there are many free security applications that can be very helpful. I personally recommend the free versions of AVG Antivirus and Malwarebytes Anti-Malware. When used side-by-side they do an excellent job of preventing and (if necessary) removing Potentially Unwanted Programs (PUPs), viruses, spyware, and malware.

While we're on the topic of software, it would be good to note that the programs you run on your computer/mobile device are regularly updated by their developers, usually to fix security issues that have been found in them. It is extremely important that you keep your software up-to-date, especially on mobile devices. If you ever see an "update available" popup or notification for an application that you know and trust, make sure you install it ASAP. Warning: As mentioned earlier, scammers can sometimes create false "look alike" popups that can actually install PUPs on your devices; be sure that you inspect any update notifications and make sure they are credible before installing them. If you are prompted to install an update for a program on your device that you have never heard of, it is safer to ignore it than to install it and find out the hard way that it was not what it seemed to be.

5. Back Up Your Data

If all else fails and your device is 100% infected, corrupted, or struck by lightning, you'll be fine, because you regularly back up all of your data, right? Wrong! From my experience, the majority of users NEVER back up their data, meaning the first time something goes catastrophically wrong, they have completely lost some or all of their personal data. Can you imaging getting infected by CryptoLocker, and having every family photo you have encrypted and held ransom, or completely destroyed?

Backing up your personal data is an extremely important step to take, and can be thought of as a contingency plan for when all else fails. Properly backed up data can be recovered in a relatively short period of time (minutes to days, depending on the volume of data to restore). There are a variety of ways to back up your data, which can be online (using a service such as DropBox, Google, or Microsoft OneDrive), or offline (using a device such as a USB thumb drive, external hard drive, or CD/DVD disks). It is good to have both online and offline copies of your data, just in case one of the two backups is unrecoverable (which does occasionally happen). Finally, if data is extremely sensitive, it is good to have what is called an "offsite backup", which backup that is stored at a different physical location than where you really are. Offsite backups are good for times when your computer gets physically destroyed (house burns down, flood, etc.), which can be spared from being damaged themselves.

Recapping Online Safety

To sum up what this article discussed:

  • The internet is not a safe place, but you can be
  • Be cautious, be suspicious ** No, you do not have a Nigerian Prince cousin
  • Use secure passwords ** Make 'em long, strong, and unique
  • Use a secure network link and a firewall ** Public WiFi is the devil
  • Use Antivirus and Anti-Malware ** Avoid PUPs (not puppys)
  • Backup your data ** Always have a Plan B, online, offline, or both