How to protect yourself online
Breaches happen every day. Nearly everyone’s data has been involved in a breach at this point (in fact, you can check if yours has been here). Security isn’t easy, and it often isn’t convenient.
So, how do you protect yourself online without having to remember a million impossible passwords? This is an (actually) easy to implement guide, which is the digital equivalent of locking your house when you leave. Implementing these steps won’t make you hack-proof (just as locking your house won’t make your house burglar-proof) but it will make you much safer online, and it won’t make your digital life any harder than carrying keys makes your day-to-day life. The only caveat I’ll add here is that not all the tools I’m recommending are free. They are relatively low cost, and I’ll include links to free alternatives as well, but the large benefit of the paid tools are that they are extremely convenient to use (especially in comparison to the free tools). I’ve found that the convenience of these tools makes you more likely to start (and continue using them) which is why I recommend them.
So how do you get started?
- Set passwords on all your devices (laptops, phones, tablets, routers, etc.). For any devices which still have default passwords enabled, change them (think about your wifi router, a home camera system like Amazon’s Blink, or a smart TV).
2. Buy a Password Manager. Password managers let you create one ‘master password’ and then securely store (and generate) your strong, unique passwords for each account. They give you the security of having separate passwords for every account, but the convenience of only having to remember one password. I love 1Password ($3/month) as it has an app and a browser extension (therefore it can autofill your passwords for you across apps and devices), but KeePass is a secure free option. Password managers also allow you to securely store all kinds of information such as insurance numbers, bank account data, etc. Think of it as the digital equivalent of having a fire-proof box with all your important documents (sorry mom, I still don’t have one. I have a password manager though!) Setting it up the first time (and putting all your accounts and passwords into it) is a giant pain. So go do it now. Seriously, I’ll wait.
3. Go back and do step 2. At least put your bank and credit card accounts, email accounts, and social media into your new password manager. Spend 5 minutes a day adding new accounts to your password manager. Over time, it will save you a significant amount of time and stress. Why? Often when passwords are leaked in a breach, hackers will use something called ‘credential stuffing’. That means they will take that password and plug it into an automated tool which will try using it in as many accounts as possible. If all your accounts have the same password, either your accounts could get breached, or you have to change ALL of your passwords every time you hear about a new breach. Skip the stress and get a password manager (also, set up (free!) alerts here so you know when your account data has been leaked).
4. Update EVERYTHING. Don’t click postpone or ignore on those pop up updates. Software updates are most often released in response to reported security vulnerabilities. Leaving your devices unpatched can leave them vulnerable to attack.
5. Limit the number of internet-connected devices you have. Think before purchasing devices with internet connectivity. Is an internet connected kettle worth the potential security vulnerabilities (spoiler alert: it usually isn’t.)? Internet of Things devices are rarely updated and generally aren’t designed with security in mind. That means they’re often riddled with vulnerabilities and if they’re on your home wifi network, can leave hackers an easy way in.
6. Avoid connecting to free wifi hotspots. Free wifi hotspots are often targeted by hackers and can put you at risk of MitM attacks (Man in the Middle Attacks, where a hacker spies on your internet traffic, and may even modify it without you knowing). If you can’t avoid connecting to these hotspots, buy VPN service.
7. Buy a VPN service. A VPN (virtual private network) provides online privacy and anonymity. This can protect you, even when you connect to public wifi hotspots. Personally, I use NordVPN (~$3/month) which you can install it on multiple devices, enable automatic connection (so as soon as you connect to the internet you are automatically connected to the VPN), and select which country you want your traffic to come from. The TOR browser is a free service, however it is less convenient, and can slow down your connection speed.
8. Enable Multi-Factor Authentication (MFA, or 2FA for 2 Factor authentication) on your primary email account. This means that even if someone has your password, they can’t access your account. Multi-factor authentication requires that you have two things to login: something you know (your password) and something you have (a code from an SMS, a code from an app like Google Authenticator, or a hardware key like YubiKey). A hardware key is best, followed by an app, followed by SMS (which is still better than nothing). If you’re feeling really motivated, also do so on your other accounts, but at least do so on your most important accounts. For a full list of websites which support 2FA, check here.
9. Use an end to end encrypted chat function. That means that no one should be able to read your messages without physically taking your phone or breaking the encryption (both difficult to do). iMessage, WhatsApp, Wickr, and Signal are all free options, and facebook messenger is secure if you choose the ‘secret’ option when starting a chat. Personally, I highly recommend Signal, as it’s open-source, free, and not owned by any major tech companies.
10. Finally, be careful online. Be wary of clicking links from unknown senders (in strange social media requests, texts, or emails), avoid running programs like Adobe Flash (which is notoriously insecure), and avoid websites which might give you malware (adult video streaming sites are often loaded with malicious content, as are free streaming or download sites). Think before you click!
At the end of the day, don’t overthink it.
Want to learn more? Check out these guides for the truly paranoid.
