In a world where everything is connected to the internet and all of the data you could possibly want is at your fingertips, it is even more important to stay safe online and use some of the basic techniques listed below to do so.
First, the basics:
- If it looks fishy or too good to be true, it likely is. Do not submit your information to the website requesting it. Perform some basic research before posting data to the website. This can include search engine queries of “domain.com + scam” or something similar. If you’re technical in nature, looking at the WHOIS for the website may be beneficial. While more and more registrars are including WHOIS privacy by default, it is no longer acceptable to say if a domain is hidden behind a private WHOIS entry, it is not safe. The registration date of the domain may provide some clues into the history of the site.
- Use social media wisely. Keep your profiles locked down to friends only. Do not post that you are on vacation, going away for the weekend, etc. This invites those friends you may have added to your feed when you played Farmville back in the day to know more about your plans. Related, keep on top of your friend’s list and who is following you.
- Stay off free public WiFi. If you absolutely need to connect, do not send any personal information or credentials over that network.
All the tips and services/software mentioned below are free to use (to a certain extent).
Tips for Social Media Accounts:
- Review your friend list. Ensure that you know and trust the people you are friends with on the site.
- Keep your information private. You do not need to announce to the world that you moved, have a pet, your birthday, etc. Consider using a service such as Jumbo Privacy to assist with this, which can block trackers, delete old posts, etc.
- Post sparingly, or after the fact. For example, if you had an amazing vacation in England, post the pictures after you arrived home. The bonus in this is that you spend more time in the moment actually enjoying it, instead of wasting time on social media sites posting the perfect picture.
Tips for Payment Processing Sites:
- If a site gets compromised and your payment details are leaked, you run the risk of fraud and financial hardship. Consider using virtual cards that are locked to a single retailer (check with your financial institution if that is offered) or use a service such as Privacy to generate virtual cards that can limit spending and be locked to specific vendors. This way if you get charged by a retailer and did not expect it, you will know exactly which retailer the issue arose with and can then dispute it.
- Consider locking your credit file, if you can, with the three major credit bureaus. While it is not perfect, it can help prevent fraud on your credit report.
Tips for Account Creation:
- Consider using a domain that you own or plus addressing with GMail (or other service providers, if offered) when creating a new account. For example, if your first name is James, your login to Amazon could be firstname.lastname@example.org. The plus in the email address is ignored by some email providers. Alternatively, if you own a domain, you can use email@example.com for Amazon.
- Keep your passwords unique, and preferably your usernames too. Password reuse is one of the worst things for your personal security. If a single site is compromised, your entire online presence could be compromised if the same password was reused on other websites. There are numerous password managers that sync between browsers and your phone to generate unique passwords. This way, you do not need to remember the 32-character string. 1Password, LastPass, and Bitwarden are just a few. Alternatively, use the first letter of a phrase as your password. An example is: This is how I stay secure online! I do not reuse any one of my passwords. (TihIsso!IdNra1omp.)
- Use MFA wherever it is possible. Many of the same password managers allow for MFA to websites within the app. Avoid SMS and email MFA requests if the site allows it. Even if your account is compromised with the username and password, this can prevent an attacker from fully logging in as they will not have the MFA code.
- Consider not using the correct answers to the security questions asked of you on the website. For example, “What is my favorite ice cream flavor?” could have an answer of “Sunflower”, which might just be your favorite flower. Often on social media and other sources online, we willingly and unknowingly give this information up without thinking of the possible repercussions of doing so.
- Consider virtual phone numbers, so long as that virtual number belongs to you. Remember that deleting that number in the future would open an avenue of compromise for an attacker if the attacker was able to gain control over that phone number.
- Search for your name in multiple search engines to see what the internet knows about you. If possible, opt out of those sites sharing your personal information. If you are unsure how to do this or would rather pay a reputable service to complete this for you, check out Abine’s DeleteMe. Remember, not all search engines are created equal and each one will have different results.
- For the more technical crowd, consider routing your DNS traffic through NextDNS.io which gives an administrator (you) the ability to block specific trackers on the web. Tired of seeing those creepy ads following you around? This may help, in addition to an AdBlocker.
- Consider turning off precise phone location on your mobile device browser(s). Your search results will be impacted slightly in doing so, but you can always get around this by appending the city name to the query. For example, instead of “restaurants near me”, you can type “restaurants in Seattle, WA”.
In the end, being safe online comes down to your own personal hygiene and keeping your data secure to the best of your ability. While you cannot control third-party services security practices, there are ways to stay safe while still enjoying and making use of the World Wide Web.