As more of our private information is stored online, the number of attackers trying to access that information only goes up: a cyberattack happens every 39 seconds.
So, how do you know if your information is safe? What measures can be taken to keep you protected?
Whether you’re a college student or a young professional, you likely have sensitive information stored online that you should take a second look at. Below we’ve created an online safety guide that explains ways to stay safe online and reduce online risks.
Want to Improve Yourself Each Day?
Sign up to Goodwall!
- Connect with improvement-focused people from 150+ countries
- Build valuable skills and experience
- Ask questions and get support when you need it
Download the app now to get started for FREE!
Cybersecurity 101: Following Basic Security Protocols
If you’re new to online safety protocols or want a quick refresher, we’ve included a few of the basic security tips for staying safe online. Below you can find Cybersecurity 101 for being safe online.
Protocol 1: Keep Confidential Data Offline
Fraud is a threat that isn’t going away anytime soon – identity theft cases were the largest category of crimes reported to the FTC in 2020.
But no one will be able to find your data if it never goes online. Do your best to keep all private information to yourself and not upload anything personal – like your Social Security number – to an online platform.
If you do have to share it, send it as an email attachment and encrypt the file before you send it.
Protocol 2: Use Strong Passwords
It’s common for many internet users – especially teens online – to have one or two passwords and use the same variation of that password for all websites. Unfortunately, if someone gains access to one of your passwords, they will now be able to access your information across different websites.
Using strong, unique passwords will give you the best online protection. Strong passwords should have a mix of letters, numbers, and special characters.
They should be at least 12 characters. A 2021 cybersecurity study showed that passwords under 10 characters could be cracked within an hour – just one hour! But passwords with at least 12 characters would take about a year to break, and 15-character passwords are even harder.
If you don’t want to think of a unique password, you can use a password generator. You also can create “tricks” in your password that make them harder to guess.
For example, say your email password was EmailmeHere.
You could decide to replace all of the Es in your password with 3s and then add a special character based on the number of Es you’ve replaced.
So, your new password would read
3mailm3h3r3$ with a
$ at the end because you’ve replaced 4 Es.
Protocol 3: Add Two-Factor Authentication
Two-factor authentication or 2FA is a way to provide an additional layer of protection to your account. Once you input your password, you’ll have to verify your identity by another means. This could be anything from inputting a code sent to your phone to entering your fingerprint or answering security questions.
Even if someone does get into your account with your password, they won’t be able to access anything because they won’t have the ability to verify their identity as you.
For 2FA, make sure that your answers to security questions are information that can’t be commonly found online. For example, your mom’s maiden name or the address of your childhood home could be found by a knowledgeable hacker.
Protocol 4: Use a VPN with Wifi
When something is “free” to download or Wifi is “free” to use, these are times when you should be extra cautious. It’s rare that things are free – often, storing your information is what allows them to provide the service.
However, this isn’t always the case, as some free wifi services do have reliable reputations and can be used cautiously. For example, free Wifi in coffee shops and in airports is okay to use as long as you don’t input any sensitive information.
Never access your bank accounts or complete an online purchase using free Wifi. If you do urgently need to do this, use VPN software to get protection for this data.
VPN stands for virtual private network and will give you online privacy and anonymity. The software works by creating a private network from a public internet connection.
VPNs mask your IP areas so your online actions are untraceable, and they establish encrypted connections.
Protocol 5: Update Your Computer Regularly
Keeping your computer updated is one of the best ways to ensure that your’e safe online. Make sure that you’re always using the latest version of your computer’s operating systems and apps.
Developers are constantly working on apps and how your computer or laptop functions to make sure that the latest threats are kept at bay and security measures are being taken.
Sometimes, there will be vulnerabilities in apps and systems that make them more susceptible to data breaches – developers will add security patches to prevent this from happening.
So, keep your online information safe by keeping your devices updated. In many cases, you can choose to have your computer install updates automatically.
Protocol 6: Avoid Suspicious Links
A rule of thumb for online security is always to avoid the following online content: suspicious links from untrusted sources, clickbait, tabloid headers, and “free” offers.”
If you’re receiving a malicious email attachment, the text will not mention the file. This is how you know it’s not safe. Instead, the message will tell you to “open the attached file and see for yourself.”
When you’re on a website, make sure that the link that takes you there actually matches the subject of a website. If you click a link that says it will tell you about local businesses hiring in the area but instead takes you to a page about a random celebrity, leave the page quickly.
Protocol 7: Only Use Secure Websites
A phishing website is one that will request your sensitive information – like passwords and credit card information – and steal your user data. In January 2021, Google had identified more than 2 million registered phishing sites.
Luckily, these sites are easy to identify and avoid if you know what you’re looking for. First, look for a little padlock next to the website’s address. This means that the connection is secure and encrypted.
Next, take a look at the website to see if it feels legitimate. If the pages are neatly designed, the text lines are consistent, and all of the images fit the screen, it’s likely a safe website. The content should also seem valuable and relevant.
A phishing website will often not provide the same quality of content or design as a legitimate website. Instead, it will usually focus on asking you to input user data.
Advanced Cybersecurity: Eliminating Threats
Once you’ve got a handle on some of the basic online safety measures, you may want to start taking a more proactive approach by focusing on eliminating some of the threats that you come across.
Below we include five of the most common threats to your safety that you’ll experience during your everyday use of the internet and how to eliminate them.
Threat 1: Malware
Malware, short for “malicious software,” is any intrusive software created by cybercriminals to steal your data and damage your computer system. It’s no surprise that most of us will do anything to avoid malware at all costs.
Most of the time, malware downloads automatically when loading a malicious webpage, which is why you should stop clicking on links that promise unrealistic rewards or come from people you don’t know.
One way to eliminate malware is by asking the people you communicate with regularly to give you notice if they plan on sending you a link – and only send the link to you after they get positive confirmation from you.
Or, text the sender to ensure that the link is really from them. This may sound excessive, but hackers are getting more advanced. Many will send users emails from addresses that look like the people they trust.
One pro tip is to set your browser to ask where a document is saved every time something is being downloaded. This will always tell you when something is being downloaded. Hackers usually rely on stealth, so users don’t recognize when malicious software is being added to their computers.
By scanning files as they’re downloaded and asking you where the files should be stored, you can prevent the file from being downloaded in the first place.
Threat 2: Spyware
Spyware is similar to malware – they’re both malicious softwares designed to take your information. But spyware will then send this data to a third party without you knowing about it.
An attacker who compromises your browser with spyware will be able to access quite a bit of information about you. Here, browser extensions should be used with caution.
Download browser extensions with a grain of salt, because they’re easy delivery mechanisms for spyware. Make sure to check your list of extensions (chrome://extensions) to see if anything unfamiliar is there. If anything looks suspicious, just disable it.
Also, be careful with websites that try to trick you into installing browser extensions or have browser extensions that were created by individuals.
A prompt that says “Click here to speed up this website” is trying to deceive you. (There are other ways to speed up your internet.) A browser add-on made by an individual may not be inherently bad, but it will often access sites without HTTPS and leave you vulnerable.
Anytime you download an add-on, always get it from the source. If you need Adobe Reader, go to Adobe’s website. Don’t use free PDF converters or “free video to gif” makers that require you to download anything.
One helpful website to use is PortableApps.com. The PortableApps website lets you use open source and free-to-use applications from trusted sources without the risk of dangerous downloads.
Threat 3: Tracking
It’s happened to everyone: the internet is tracking our every move. After you visit a website to look for new shoes, ads for shoes appear everywhere you go. Even when browsing a news platform online, you notice ads for shoes.
Essentially, cookies store a whole wealth of information that is a gold mine for cybercriminals.
First, make sure to use private browsing or incognito mode when you’re online. These modes will prevent cookies and browsing history from being stored after your session ends. Start up incognito mode and then visit a website so you can ensure you’re not being tracked.
If you want to always be incognito in Chrome, you’ll have to go into Chrome’s properties and add “incognito” at the end of the target command. This varies depending on your computer, but you can find a helpful guide here.
If you really want to ensure that you’re not being tracked, use your social accounts on different user profiles. For example, use Facebook on Chrome and Twitter on Safari.
Log into the profiles here, and only here. This will keep the data associated with that login to that account and will prevent all of your history on those sites from popping up everywhere you go.
Another helpful way to reduce tracking is to enable Do Not Track on browsers you use. DNT isn’t enforced but it does tell websites that you don’t want to be tracked. While many websites may not follow this, it still can’t hurt.
Threat 4: Information Breaches
But you can take the prevention of tracking one step further by preventing cookies. Cookies are targets for cybercriminals because they contain such useful information. From emails and passwords to sensitive information like your credit card, cybercriminals can access this information and steal your identity.
Your first course of action is to block cookies whenever you can. Always block third-party cookies – it may be difficult to disable first-party cookies without seriously limiting all of your web browsing features. Make sure to delete your web browser history regularly.
Also, never let your browsers store your passwords. Data breaches happen here all the time. If you like the convenience of stored passwords, use a separate password manager that’s independent of your browser.Private Browsers: Full Protection Against Tracking
If you want to ensure that you’re fully protected, use a secure search engine like DuckDuckGo. DuckDuckGo will not store information automatically transmitted by the computer, like your IP address.
You’ll notice that DuckDuckGo can’t auto-complete search queries based on past searches or where you’re located because it will not be able to link your search history to you.
The only way to make sure that information will be kept to yourself is by using private browsing services. If cookies aren’t saved, there’s nothing for cybercriminals to steal. You will have to log into websites every time you visit because they won’t know who you are at the beginning of each new session.
And while we mentioned before that you need to be careful with add-ons, some can be good and keep you safer. Disconnect is one helpful add-on that blocks third-party tracking cookies. It blocks social media accounts from keeping tabs on browser history so users have control over the site’s tracking scripts.
Threat 5: Phishing
We touched on phishing earlier, but we’re going to explain it in a bit more depth to keep you as secure as possible.
As we stated earlier, never click on links received in emails or open attachments without verifying that the sender did indeed send it to you. Don’t fill out sensitive information forms without verification.
If you get a form from FedEx asking you to fill out personal information, call FedEx to see why they sent the form to you. Don’t click on an email talking about your vacation balance – go to your company directly and get an update.
One helpful trick to catch fraudulent websites is to type out the URLs instead of just clicking on them. Often, phishing sites will try to make the link look as close as possible to the actual site so users won’t notice when changes are made.
By typing out the site, you’ll notice little changes like when zeros are substituted for the letter ‘o’ or when nn is used instead of the letter m.
Some websites will use the original site name in the address, like Venmo.com.website.com. Without looking, it’s easy to be fooled into thinking that site is actually Venmo because the name is present.
Make sure to provide personal information only on sites that use HTTPS. Some sites offer limited support for encryption over HTTS and may default to unencrypted HTTP or take users back to an unencrypted site.
Make sure to use websites that use HTTPS when asking for personal information. The HTTPS Everywhere extension from the Electronic Frontier Foundation and private web browsing service Tor makes websites more secure by rewriting HTTPS requests.
What if I Want More Protection?
Let’s say that you want to go for maximum protection to stay safe online. You’ll need to create a system of separate browsers and operating systems as well as different virtual machines. Here are a few ways to obtain maximum security.
First, you’ll want to use different browsers for different activities. Have one for financial transactions, one for communication on social media, and one for browsing.
If an attacker compromises your information on one of these browsers, they won’t be able to access the information on all of the other sites using cross-scripting. If you use the same browser, the attacker could access your Amazon account by gaining access to your Facebook.
For your most sensitive website, like your bank account with most of your assets, use a dedicated web browser and be very careful with its configurations.
Set up permissions so you can’t accidentally visit or browse sites other than the one that you use for your bank information. Turn on all security options to lock down the browser.
If you’re using a site that is risky or incredibly sensitive, you might want to use a virtual machine. A virtual machine is a resource that uses software instead of a physical computer to run programs.
You can give your computer virtual machine capabilities so it will emulate another computer system that is different from your own. Let’s return to the banking example.
Do all of your banking in a VM machine using a locked-down browser. An attacker would have to work a lot harder to access this information than if you were using the same browser for your banking and all of your other accounts.
If you have an email attachment that looks suspicious but you want to open it, open it in a VM. If it is malware, then the worst it will do is infect an empty VM with nothing valuable in it. But make sure to keep that file away in the VM and away from your main desktop.
Conceal Identities with Browsers
Before we mentioned that DuckDuckGo is a great option to keep your browsing history private.
Another way to hide your activities online is to use Tor. It conceals your identity by using encryption that scrambles your data transmissions. It will send all traffic between different nodes so the origin can’t be detected.
And since your information will be passing through all of these random Tor services, it won’t be tied to your IP address.
Maintaining Your Online Safety
Maintaining your online safety is key to keeping all of your information private and ensuring that your identity is protected.
Once you have mastered these online safety tips, you can rest assured that no one will be able to access your sensitive data.