10 Tips for Online Security

Maybe you have an online shopping addiction.

Maybe you order a lot of GrubHub.

Maybe you’re a freelancer.

Maybe you overshare on social media.

The more places you’ve shared your personal information, like credit cards or debit cards, the greater the risk of being affected by a data breach.

A study from ExpressVPN found that 9 in 10 Americans worry about their online privacy and data security.
 
“It has never been more important for anyone using the internet to be cognizant of the threats to their online security and privacy and to take steps to protect themselves. The past year alone has seen data breaches at Marriott, Quora, Google, and Facebook — a stark reminder that we must all take our cybersecurity into our own hands,” says Harold Li, vice president at ExpressVPN.

With the high level of risk that occurs when connecting to the internet, some may argue that it’s best to disconnect completely.

But, that’s not really feasible.

“The key is to remember that whenever you are connected, your data is at risk. That doesn’t mean don’t connect, it means connect wisely — when you benefit and are confident in the security and privacy of the site,” advises Paige Boshell from Privacy Counsel.

Paying attention to where and how you share your information is an important step in protecting your personal data.
 
There are additional steps that you can take to improve the security of your information online:

• Protect your hardware
• Be careful when installing software
• Use a VPN
• Encrypt your storage
• Turn off location services
• Don’t trust companies or social media
• Limit information-sharing and select websites carefully
• Have good passwords
• Use two-factor authentication
• Choose security questions wisely

1. Protect your hardware

Good systems of defense begin with up-to-date and secured hardware.

Nick Kamboj, CEO of Aston & James, LLC, adds, “First and foremost, it is important for an individual to have passwords on their wireless systems or routers to prevent outside nefarious access. Furthermore, it is important for consumers to have firewall appliances (devices such as Barracuda firewalls, that use a combination of software and hardware) to allow for authorized access and prevent unauthorized access as well.”

2. Be careful when installing software

The second line of defense for your hardware is being selective of what you install on it.
 
Nooria Khan, Content Marketing Executive at GigWorker, says, “Never install unauthorized or free security software. Many harmful executable programs and software downloads automatically from the internet. Beware and never be a victim of these malicious softwares.
 
Symantec’s Internet Security Threat Report 2018 found that third-party app stores had 99.9 percent of discovered mobile malware.
 
What are some good places to download apps and programs?
 
Darren Gallop, CEO and co-founder of Securicy, cautions, “Make sure that you install software from reputable vendors. If you decide to install more experimental and less known software, do your research.”
 
Khan notes that these trusted vendors include Google Play and the Apple App Store.
 
“For iPhones and iPads you can only install what’s available in the App Store unless you jailbreak your phone. If you care about security and privacy, don’t jailbreak your phone. Check and make sure that all of the software you have has been updated and is still supported,” Gallop adds. 

3. Use a VPN

A Virtual Private Network (VPN) encrypts internet traffic from your computer or connected device.

Caleb Chen from Private Internet Access, says, “Whenever you visit a website, the website stores your IP address (among other things) and that can be used to identify you. Should the website's data be breached, even if you just have an anonymous email and unique password that can't be tied back to you, your IP address can still be tied back to you unless you change it using a VPN service.”

Antoine Vincent Jebara, CEO of Myki, agrees: “At a macro level, users should encrypt their internet traffic in order to protect themselves from people who might try to intercept it. The best way to do that is to use a VPN which masks the traffic by encrypting it.”

In addition to protecting your privacy in general, VPNs can make accessing public Wi-Fi safer.

Mark Runyon, senior consultant for Improving, says, “It is ridiculously easy for a hacker to intercept login credentials or personal information over Wi-Fi networks. If you tend to work out of the local coffee shop, it’s recommended you get a VPN to secure your traffic.”

4. Encrypt your storage

Just like encrypting data entering and leaving your computer through a VPN provides additional security, any data that you store should also be encrypted.

Gallop explains, “If someone gets their hands on your computer and its not encrypted, they can access all of your data very quickly. Even if you have a good password on the device. This can even mean accessing stuff you deleted. Yes, even if you wipe your hard drive and sell the computer on Craigslist.”

This encryption prevents stored data from being easily hacked.

“Most modern smart phones are encrypted by default. Check your device and model and OS to see if that is the case with yours. For Macs, you can use a built in tool in system preferences called FileVault. Microsoft devices can be encrypted using bit locker. Do this now. It is free and goes a long way to securing your device,” says Gallop.

5. Turn off location services

Location services let apps, websites, and people know where you are. Unless you want people to be aware of your location, only turn on location services when absolutely necessary.

Boshell counsels “Opt out of and do not consent to location sharing or services unless absolutely necessary and the benefit is high. For weather, maps, search apps, enter your location manually each time. Check privacy policies for how to turn off location tracking. Location history alone is not sufficient.”

6. Don’t trust companies or social media

Some companies are trustworthy, others are not.
 
Monica Eaton-Cardone, owner, co-founder, and COO of Chargebacks911, says, “Fraudsters will design email offers and create fake websites that look very similar to legitimate stores. They do this to ‘phish’ for your financial information, so they can steal from your bank account. Consumers should proceed with caution and use common sense:

• Is the URL misspelled? 
• Is it http and not https? 
• When you Google the site and/or the offer, are people warning you of fraud? 
• Are the images low-resolution? 
• Does the verbiage include spelling errors and grammatical mistakes?
• Is the offer too good to be true? 
• Is it a website that you’ve never visited before? 

These are the telltale signs of a fake online store. Delete the email, and do not submit your financial information. It isn’t worth the risk.”

However, even well-known and highly regarded companies can have poor data privacy practices.
 
Eric Poe, consumer rights activist and COO of the not-for-profit CURE Auto Insurance, explains, “You should not take companies at face value when they tell you your data won’t be sold. Technically, they are telling the truth.They don’t sell your data. They just trade it.
 
For example, GEICO auto insurance trades data for data. The insurance giant barters with third parties to trade their consumer data for discounted rates on services and/or for other consumer data.
 
Most consumers are not aware that this practice exists, and that even asking for a quote, or clicking around to shop for various insurance, inadvertently puts your data on the market. By trading, companies get to maintain they do not sell it.”
 
Carefully reviewing a website’s privacy policy can help you identify trustworthy sites.

Boshell adds, “If they state that the site shares information with third parties for their own use, avoid sharing information with that site. Whenever there is a tracking or sharing opt-out, use it.”

It’s also important to be careful on social media.

“Social media will always be attractive to cybercriminals. According to HuffPost, in the first six months of 2018, 6000 accounts were reported to have been fake and contained suspicious content on Twitter,” says Khan.

7. Limit information-sharing and select websites carefully

The most secure information is the information that has never found its way to the internet.

Jamie Campbell, cybersecurity expert, PhD and MS in Computer Science and founder of gobestvpn.com, advises, “This is going to sound funny but practice abstinence. Don't use social media, don't share your email address, and don't give away your personal data to companies.”

While totally avoiding sharing information on the internet is a great option, it’s not always a feasible option for some, so at least be selective about what information you share and where you share it.

Jebara says, “At a more specific level, users should diligently pick the services that they use in a way that favors services that collect less information about them and puts more value on their privacy. The best way would be to conduct internet searches as follows: 'what is the best ____ that protects my privacy.’ Make sure though that you are not landing on the website of a service provider that is recommending itself. Try to find sources that look objective.”
 
Also be sure that the website is secure before providing any information. All you have to do is check for an “s” that follows “http.”
 
Boshell says “Only give information to a site that has https (found on the far left of the URL) and that you trust. Only give the information that you are required to give and store information at very few, trusted sites. For example, if you make purchases at various sites, use sites that have a PayPal payment option; this means only PayPal has your payment info.”

Jebara agrees: “Most importantly, do not provide services with data that you feel is overly personal or unnecessary for the service to be able to fulfill its role. For example, a website that recommends interesting books does not need your home address in order to do that. If asked for it without a specific reason, keep the field blank. If filling the field is mandatory, try to look for alternative services that do not ask for data that they can't justify the need for,” he says.

In addition to being highly scrupulous with the information you provide and what companies you provide it to, it’s a good idea to pay attention to your credit score and even lock your credit reports.
 
Runyon says, “Contacting the major credit reporting agencies (Experian, TransUnion, and Equifax) to put a lock on your requests of your data can greatly deter identity theft. No one can trash your credit by taking out a loan or applying for a credit card in your name without your authorization to unlock your credit file.”
 
You can also check to see your data exposure on the dark web to get a better sense of what you need to secure.
 
Gallop explains, “Most people who are active online have already had their data stolen and are completely unaware. Thankfully there are services out there that tell you if your data is out there on the dark web. This one is a great option: https://haveibeenpwned.com. It’s free and if you sign up, it will actually let you know if in the future it finds you in newly discovered breaches.”

8. Have good passwords

Jack Bedell-Pearce, Managing Director of 4D Data Centres, says, “Nowadays, it’s not a matter of if your data will be stolen but when and how well prepared you are for that.”

The best way to prepare?

Robert Meyers, CISM, CIPP/E, FIP, Director of Systems Architecture at Managed Solution, warns, “The only thing you can do to reduce your risk of being affected by data breaches, is to minimize the impact on you as much as possible. Most breaches will still occur, but if you limit use of single passwords and limit to using trusted sites only, you can minimize the impact on you.”

It’s also important to use passwords only once.

Boshell says, “Don’t reuse passwords. Many older passwords have been breached. Multiple use passwords increase your risk — if one is breached, they are all breached.”

The more complicated a password, the harder it is to break.

Runyon adds, “Regardless of how secure you think your passwords are, they probably aren't. In my mind, computer generated passwords are the only truly secure passwords you can have.”
 
Passwords can be hard to remember, so password managers are helpful in generating and storing secure passwords.
 
Bedell-Pearce says, “Always use a Password Manager such as LastPass or Dashlane and make sure each site has a unique random password — that way if one site gets hacked and you lose your password, it won’t be the same one for your gmail account.”

9. Use two-factor authentication

Two-factor authentication allows you to download an app to your phone that can be used to verify an approved sign-in for an account.

Runyon advises, “Two factor authentication adds a second layer of authentication after a valid user name and password entry. Sometimes this takes the form of a code sent to your phone and other times you'll use an authenticator app on your phone which generates the code. If given the choice, the authenticator app should always be your go to since the code is sent over an encrypted channel. You will frequently see two factor authentication used on banking, email, healthcare, web hosting and sites requiring a higher degree of security.”

10. Choose security questions wisely

Just as it’s important to set a secure password, it’s equally important to determine good security questions.
 
Boshell says “Use security question answers that only you will know and that are not independently available, i.e., through a social media site.”

If you’ve shared a lot of information on social media, then get rid of it.
 
Ian McClarty, President and CEO of PhoenixNAP Global IT Services, encourages, “Remove as much public info as possible, i.e., date of birth on Facebook, favorite vacation spots, etc. These are all typical password reset questions someone can use to get into your accounts.” 
 
If that task is daunting, there’s another simple solution:

“In terms of account recovery, lie when setting up security questions. A lot of these answers can easily be researched, therefore pick a name that is memorable for you and use that to throw hackers off,” says Patricia Vercillo, Vice-President of Operations of The Smith Investigation Agency and the Smith Training Centre.

Whether you choose to lie, be highly selective, or remove data from social media, these actions will help keep your online accounts and presence secure.
 
“Remember the bad guys are processing millions of records, obscure your info enough that it won’t show up as a credible attack vector,” McClarty says.
 
Part of making your identity hard to track involves creating a recovery email address, so “It's also a good idea to avoid any connection to your identity when creating account recovery email addresses,” adds Vercillo.
 
Following these steps will help you stay safe on the internet and limit the effect of data breaches on you.