The internet is a jungle of a million threats. Take action using 35 ways to protect yourself online.
Passwords
1. Don’t use easily guessable passwords like “123456”. Don’t include information in your passwords which can be guessed (like your date of birth)
2. Include upper and lowercase letters, numbers and special characters and use a minimum of 10 characters.
3. Use a passphrase which is complex enough but easy for you to remember, for example “I love chocolate” can become “1L0v3cH0kolate!”.
4. Use a password manager to generate and save secure passwords for each of your logins. Don’t reuse a password on any other login.
5. Use two-factor authentication wherever possible. Most services offer this capability.
6. NEVER share your password with anyone.
7. Change your passwords regularly. Should be easy enough since you will be using a password manager from now on 🙂
8. Never assume that your inbox always delivers emails from legitimate senders. Spam filters can be bypassed, they are not perfect.
9. Think twice before opening emails from senders you do not know.
10. If an email asks you to click on links, open attachments or request sensitive information like usernames, passwords, card numbers delete it at once. If you want to check if a link is legitimate or not, check it through one of these services.
11. Organizations like your bank or internet service provider will never ask you for your password over the email.
12. If the sender is trying to impose a sense of urgency for you to do something, its a scam.
13. Consider using encryption for sensitive emails. See this tutorial for setting up pgp4win.
14. If you need to register for a website you will only use once, use a temporary email address which is disposable.
Software
15. Keep the software of your computer, phone or table up to date, to secure it from potential vulnerabilities. Install updates as the come, especially security updates.
16. Remove software you no longer use or need.
17. Always install software from trusted publishers.
18. Dont install browser extensions you dont need. If you actually need one, make sure it comes from a trusted publisher.
Antivirus
19. Make sure you have antivirus installed and it has the latest updates and signatures installed.
20. Ensure that your antivirus is set to actively scan all downloads and email attachments.
21. Always scan removable devices.
Data
22. Careful when storing sensitive data in the cloud.
23. External storage devices can be stolen, be cautious of what you put in them.
24. If you want to wipe data on an external drive, simply deleting them will not do as they can be recovered. Use specialized tools to erase the drive so that recovery is impossible.
25. Always backup your data, at least on two different types of media and locations.
Web Browsing
26. Make sure that the website you are visiting uses HTTPS to avoid having your data intercepted.
27. Use an adblocker to protect yourself from scams or fake download links.
28. Hover you mouse over that link. If you dont recognize it or seems suspicious dont click on it. Copy the link and inspect it with one of these free services.
29. Do not click on popup windows. We have gotten used to the “consent” popup for cookie acceptance, which malicious websites may use to trick you into clicking a link, either to direct you to another website, or to make you download malicious file.
30. Enable “do not track” in your browser. Many browsers have the ability to send a “do not track” request to websites which asks them not to collect or track your browsing data. However, what happens depends on how the sites respond to the request.
Social Media
31. Review your social media privacy settings so that you know what information is public.
32. Never let anyone else use your social media accounts.
33. Everything you put online is permanent. Remember that before you post anything.
34. Do not share pictures of your children or anyone else without their consent.
35. Beware of scammers. If something sound too good to be true, it probably is.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.