7 Tips to Improve Your Personal Online Security
When it comes to online security, it seems like every day there is a new way for attackers to steal your personal information and sell it to the highest bidder. At this point, attacks have gotten so sophisticated and security workarounds so complex that it is not a question of if you will get hacked, but when. With that in mind, here are some tips that you can start using right away to increase your online security. It’s important to note that there is no silver bullet with security, and even if you do everything right, you are only reducing the probability and impact of a data breach.
Check if you’ve already been breached
An important first step in increasing your personal online security is understanding how much of your information is already out there. A great tool for this is haveibeenpwned which allows you to type in your email address and determine if it has been included in any known data breach.
An example is shown below using a gmail account that hasn’t been breached:
Here we have an account that has been breached:
Digging a little deeper we can see the source of the breach and the type of data that was compromised:
With this information, you can identify passwords that have been exposed to ensure that you don’t reuse these passwords in the future.
Use different passwords for different accounts
As you have seen with the above example, it’s very easy to have your email and password combination exposed online. Therefore, it’s important to ensure that you are using different passwords for each service that you use, so that one service getting breached doesn’t unlock all of your accounts to be hacked. While making each password different is a good start, each password should also be distinct to avoid easy guessing.
Important tips to make a strong password are:
- Don’t include your name
- Don’t include your birthday
- Don’t include common passwords
- Make it at least 10–20 characters long
- Make sure to use a combination of letters, numbers, and special characters
Use 2 Factor Authentication (2FA) where possible
2FA is an authentication method that combines 2 out of the 3 possible authentication mechanisms:
- Knowledge (something that you know, for example a password)
- Possession (something that you have, for example a bank card)
- Inherence (something that you are, for example a fingerprint)
The most common form of 2FA is a combination of knowledge and possession. When a user logs into a service using a password (something that they know), a PIN is sent to their phone or email (something that they have). 2FA is a great tool for increasing your online security and should be used on all services that provide it. However, 2FA is not a silver bullet for security, and there are many ways to bypass 2FA.
Be aware of USB Security
There have been a number of USB malware strains targeting offline infrastructure, the most high profile one being Stuxnet, which caused substantial damage to Iran’s nuclear program. One a smaller scale, studies have found that people will plug in USB drives that they find on the ground. USB drives present a big risk and should be taken as seriously as spam emails and suspicious links.
Some tips to improve security around USB drives are:
- Don’t leave USB drives lying around
- Don’t plug in unknown USB drives
- Be careful with any device that you connect to your computer
Be careful when using public WiFi
While public WiFi is a free and convenient way to get online outside of your home or office, it brings with it a host of risks that should be understood to help protect yourself when using it. When on an unprotected public WiFi network, you are vulnerable to eavesdropping attacks where an attacker can get in between your device and the router to see your data. As a result, you should not visit any sensitive websites while on public WiFi, such as banking apps or healthcare accounts.
Another important note about using public WiFi is to ensure that you are connecting to the correct network. There have been cases of attackers spoofing legitimate public WiFi access points (such as malls, restaurants, and airports) and instead hosting their own network allowing them to see all of your data.
Turn off Bluetooth when you’re not using it
Bluetooth is a great tool for connecting headphones, TVs, speakers, and other devices outside of WiFi. However, Bluetooth has also been criticized for its weak security protections and ease of attack. There have been many recent examples of Bluetooth vulnerabilities that exploit the protocol and allow attackers to inject malicious messages to your devices and track your movements. As a result, you should always turn off Bluetooth when you aren’t using it.
Keep track of browser extensions
Browser extensions allow for endless customization and convenience when using modern web browsers. They also provide another risk for users depending on the permissions of the extension and the probability that the provider gets hacked. For example, let’s look at the Honey browser extension, which is used to get deals and coupons on online stores.
When you download Honey from the Chrome extension store, the default settings allow the extension to “read and change site data” on all websites. This allows the makers of Honey to scan the web page for products and then cross reference that with their catalog of coupons to provide users with a good deal. However, in the wrong hands this information could be used to track and sell user data. Therefore, it is recommended to select the “When you click the extension” setting to prevent automatic reading and writing to the website.
Wrapping up
Hopefully you can take a few of these tips and apply them right away to become more secure online. It’s important to remember that you are never fully secure, but following these tips will make you a much harder target for any attackers looking to steal your data.
