Online security is a booming industry these days as we witness an increasing number of high profile online data breaches.
You can’t put the security of your personal data in the hands of another company either.
Yahoo has so far received the largest data breach in history which it didn’t disclose for years. Every single Yahoo account – all 3 billion of them – were hacked.
Names, email addresses and passwords were all obtained by the hackers. Needless to say, at the very least change your Yahoo settings or cancel your account altogether.
Many people are putting their personal information online without giving a second thought to their security.
Some use the same password for every website, open up attachments from unknown emails and use their Facebook or Twitter credentials to sign up to suspicious looking apps and websites.
Privacy online is a complex topic and the internet is an ever-evolving ecosystem so it’s important to stay up-to-date on how to protect yourself and at the very least know what the latest scams are.
Responsibility for your online security starts with you
First and foremost you should take responsibility for your own personal online security. Don’t depend on the website, social platform or app to look after your data. You must play a part too.
Take the assumption that there’s a likely chance your information can be hacked. In other words, if you’re not prepared for those business documents, naughty pictures or heated email exchange to go public don’t keep them online.
Nothing online is un-hackable as proven by the ongoing cyber breaches that take place all the time. Your online security is only as strong as your weakest link.
That said, while you can never have your online security fully locked down, there are a number of steps you can take to mitigate being hacked.
Start with your smartphone. Use Apple.
The two main smartphone operating system players are Apple’s iOS and Google’s Android. From a security standpoint, Apple wins because Android is a more open platform which means rogue apps can make their way into the Google Play store. Apple, on the hand, controls its entire ecosystem of hardware, software and firmware.
Apple’s stance against the FBI to provide access to a locked iPhone demonstrates the company’s approach to security. The FBI did eventually get into the phone using a third-party security company which, again, demonstrates nothing is fully secure but at least Apple didn’t provide the information.
Use Touch I.D
Now that you’re using iOS get accustomed to using Touch I.D, the device’s fingerprint scanner, to access the phone itself and the apps that provide the facility to use it (Google Docs and Dropbox for example).
Despite everyone having unique fingerprints, biometrics still aren’t completely secure (someone could replicate your fingerprint from a glass in a bar for example) but it adds an extra layer to help mitigate security risk.
Create a longer passcode
The standard iOS passcode length is four digits long but you can change it to include more digits. I currently have mine at six but you can go beyond that to make it more complex with an alphanumeric code.
Activate Find My iPhone
If you lose your iPhone you can login to iCloud from a web browser and click Find My iPhone to locate the phone’s location to the street address. Maybe you left it a friend’s place in which case no problem, but if it’s at an address you don’t know you can erase the contents of the iPhone directly from iCloud so even if they did manage to get into the phone they’d find nothing.
Turn on auto-wipe
In the Touch ID & Passcode settings, you can turn on the ‘erase data’ button which means if someone tries to login into your phone using an incorrect passcode after ten failed attempts the iPhone will automatically erase all the data.
Unnerving to some but a necessary step for others.
Passwords should be long and complex
The most commonly used passwords are predictable yet people continue to use them because they’re too lazy to create new ones. Hackers have gained access to millions of users’ data because of simply guessing the right password. Using words such as ‘password’, ‘open’ and ‘qwerty’ or numerical digits like 12345678 means you’re asking to be hacked.
Likewise, people use the same password for every site so once a hacker gets access to one of their accounts she knows them all.
Every account you use should have its own unique password which is long and complex using a combination of letters (capped and uncapped), numbers and symbols. A password should look something like this Xy7q!6aH&Q1TyeiP%dW
Unless you have a photographic memory, remembering passwords of this kind across multiple sites is impossible.
There is another way, however.
Password manager services like LastPass not only allow you to store your passwords in an encrypted environment but will change the passwords so you don’t even know what they are.
It sounds a little unnerving to not know your own passwords to all your important sites but as long as you have the master password to log into your LastPass account you can access and change them anytime.
LastPass works by encryption so they don’t have your stored passwords on their server either.
I use LastPass myself and also pay for the premium version which allows me extra security.
Use two-factor or two-step authentication where available
If your login details are compromised hackers can, in theory, access your most important accounts but not if you have two-factor/two-step authentication set up.
Two-factor and two-step basically mean that there is a second step required to login to an account after giving the username and password. This second step can be in the form of sending a text message with a unique code to the user’s phone or using an authenticator like Google’s Authenticator app which produces a limited time unique code.
The big social media platforms, email providers and other security-sensitive sites offer this so if you have yet to set it up you’d be wise to do so.
The more layers of security you can add to your online login details the safer you will be.
Use email wisely
Depending on how sensitive your emails are you may want to consider using a more secure alternative to the most popular providers like Gmail and Hotmail.
Switzerland based ProtonMail is one such service that provides end-to-end encrypted email so they (or anyone else) cannot read your emails. Something which Gmail and Hotmail do not do.
ProtonMail is not without its problems however and in 2015 received a DDoS attack by hackers holding them to ransom. They’ve since claimed that they are now protected against further attacks.
If you need a temporary email address then Hide My Ass is a decent option.
It’s too easy to share personal information on social media and a lot of us do it.
Sharing where you live, when you’re away from home, your age, family details, workplace, likes, dislikes and everything else is all too easy in the age of over-sharing.
This information can be used by unscrupulous people to create a comprehensive profile of you that can be used for fraud or hacking purposes.
As a rule of thumb:
- Don’t over-share personal information
- Lockdown accounts that aren’t used for business promotion (Snapchat for example)
- Remove unused apps from Facebook and Twitter that could gather information
- Delete any social accounts you no longer use
- Use two-factor authentication (see above)
- If you have your own domain like a blog URL protect it with a domain privacy service
- If you have a blog ensure that your security is tight
Ensure your wifi is secure
Using wifi – and especially public wifi – can be a security risk. Read this article where a hacker mimics a coffee shop’s wifi to steal login details from various customers.
If you can tether from your phone you should always do that when you’re away from your home wifi. Logging onto public wifi, even if you’re using a reputable source, doesn’t come without its risks.
Whenever I’m using my laptop from a public place I use tethering on my phone. I pay extra for it in my plan but it’s worth the peace of mind.
Protect your computer
Make sure your computer is password protected. Adding a password will at the very least buy you time should your computer be stolen.
Encrypt your hard drive. If you’re a Mac user then your iMac/MacBook will come with FileVault which encrypts your hard drive as soon as your Mac is shut down. Only when an authorised person logs into it again do its contents become unlocked.
You can also find your MacBook via the Find my iPhone settings in iCloud which gives you the ability to erase all of its contents remotely if you want to.
Hackers can and do get access to people’s computers remotely and can access both the webcam and microphone without the user knowing. That’s why Mark Zuckerberg covers his and if you’re worried about people snooping perhaps you should too.
Here’s my webcam cover which you can buy on Amazon.
Webcam cover after watching what spying software is capable of. Sound investment. pic.twitter.com/lzrqOORkfP
— Stephen Davies (@stedavies) January 21, 2016
Improve your browsing game
If you browse sensitive information you should use the Tor browser which makes more difficult for hackers to track your browsing activity.
Tor is slow and cumbersome to use but it stops websites from discovering your location and identity (to a point). It’s also used as a gateway to the Dark Web where guns and drugs abound.
If like most people you want to add an additional layer to stop advertisers and websites collecting personal information you can use a Chrome browser extension such as Ghostery. This allows you to block all kinds of trackers in one fell swoop.
Also, use the HTTPS Everywhere extension which encrypts your browsing making it harder for people to snoop.
Staying secure online is an ongoing effort
Staying secure online requires you to keep up-to-date with the latest scams and surveillance techniques and how to protect yourself from them.
The responsibility lies with you and while sites like Facebook take security seriously you are still the sole person to ensure your data stays protected.
As we increasingly use the internet to run all aspects of our lives – shopping, working, dating, communicating etc – staying secure requires an ongoing effort.
These eight tips will help.