10 Steps to Improve your Online Security
Over the last several months, I’ve been adding to this list of security tips that I would give my mom, my friends, and others who ask me for some easy steps to protect themselves online. With COVID-19 confining us to our homes, it might be just the time to refresh some insecure passwords and update our security settings.
1. Update your Privacy and Security Settings
Strengthening security and privacy settings are two ways you can secure and protect personal data on important accounts, from social media platforms to email accounts. I strongly encourage adjusting these settings because it can provide you with control over your personal data and prevent unauthorized access to your account. Below I’ve outlined some ways you can harden your settings for the most common platforms.
Facebook offers a
Privacy Settings and Tools section with different options for locking down your information.
On Twitter, navigate to
Privacy and Safety to protect your tweets from being seen outside your followers.
Instagram offers the most limited security and privacy options compared to other social media platforms. At the very least you can navigate to
Privacy and Security to make your account private to followers only.
Outside of social media platforms, you can also lock down your security settings for email accounts, bank accounts, and many other platforms.
For example, you can access your Google account and walk through the security and privacy settings.
You’ll see a menu similar to the one displayed below.
From this point, you can walk through a Security Checkup, view any recent security events, see which devices are logged into your account, and turn on two factor authentication. Google by default retains a good amount of data on everything you do; I recommend refining privacy settings under their
Data & Personalization tab.
Cash transfer apps, such as Venmo, also provide privacy settings to change all transactions to private. What exactly does that mean? It means the money you send or receive, plus the message, will no longer be visible to anyone who has a Venmo account. Yes, the default is that your transactions are public to the world.
2. Use Two Factor Authentication
Two Factor Authentication requires that you use an additional method to authenticate yourself into a system. First, you may enter your password or use Face-ID but then you’ll also need to respond to a prompt on your phone or touch a physical key. By having multiple ways to authenticate, it prevents an attacker from using only your password to take over your account.
On Twitter, under the
Security tab, you can activate two factor authentication and password reset protection.
On Instagram, under
Privacy and Security, you can enable two factor authentication for your account; however, it is limited to via SMS.
Two Factor Authentication is not only for social media accounts but is equally important for both email and financial accounts.
3. Check for Data Breaches
Have your passwords been leaked in a data breach?
The best free resource to check is HaveIBeenPwned. The website allows you to see if your account has been found in known data breaches. By checking your email addresses in the databases, the website will give you a list of affected accounts. If any of your accounts have been breached, you should change your password and any other passwords that utilize the same, or similar passphrase. For example, an attacker might gain your password from an online textbook rental company and then use the same email/password combination to try and login to your Amazon account. This further reinforces my next two points–create strong passwords but never reuse them!
4. Create Strong Passwords
A strong password needs to be unique and at least 12 characters. Use a mix of characters–upper-case and lower-case letters, numbers, and symbols. One of the more trusted password creation methods is to use a passphrase–a phrase of multiple but uncommon words. Another common approach is to create a personal but unguessable sentence and the use the first two letters of every word. This way, “My favorite place to eat is Briarpatch for their raspberry lemon pancakes,” becomes
MyfapltoeaisBrfothralepa which you can then add some extra numbers and symbols to,
Does this sound hard? Well it is, that’s why I outsource creating passwords to a password manager.
5. Track Passwords in a Password Manager
Password managers have two great functions: (1) they keep your passwords safe and (2) they generate secure passwords to use. Copy + Paste a securely generated password as you make new accounts and they’ll autosave to your password manager. I keep my password manager on my phone and as an extension in my Chrome browser. Now, I only have to remember one password and I can easily access all the others!
6. Actively Monitor your Credit
To stay aware of any use of my name and social security number for loans, credit cards, or other financial accounts, I monitor my credit monthly. A credit monitoring service will watch anything that pops up using your credentials to set up a financial account. That way, I will know if my identity is being used for fradulant activity before the damage is irreversible.
I use Wallethub; it’s free and has a simple interface for viewing current bank accounts, loans, disputed charges, and credit score as many times as needed.
7. Avoid Public WiFi without Protection
There are many articles that address the huge risk of using public WiFi, but what can you do when you are at a coffee shop or airport terminal? Well you can use it, but you need protection via a Virtual Private Network (VPN). VPNs encrypt your network traffic so those on the same public WiFi cannot view the data you are transmitting as you login to your bank account or browse Facebook.
8. Keep All Devices Updated
Do you avoid updates? Sometimes, I do too but the best way to protect your devices is to update them regularly.
Often developers push out updates because they’re constantly discovering and fixing vulnerabilities. The only way to remediate this is to update the software on your devices [do da chrome ting]. So when you see a pop up to update your device, schedule it!
9. Regularly Back Up your Computer
Backing up your computer can protect you from losing files in case of an accident, a hardware failure, or a ransomware attack. The easiest way to do this is by setting up a local agent, such as Google Drive or OneDrive, to sync your file folders to the cloud throughout the day. For larger, more in depth backups, you can consider IDrive or other platforms that specialize in extensive backups. While you’re working on backing up your computer, most providers also offer a solution to backup mobile devices and sync photos to their cloud.
10. Learn How to Avoid Phishing
Phishing scams are the easiest way for an attacker to manipulate you for personal information or financial gain. Be cautious when looking at emails, especially those that appear urgent or have attachments. You should look at the email address it was sent from and the content of message before clicking links or attachments. Google created a phishing quiz to test your abilities for identifying phishing tactics. For more examples of phishing and what to look for, check out this article.
Overall, there are easy things we can all do in our free time to make sure we are secure in our private life.
Disclaimer: These are solely my opinions and do not reflect the opinions of my employer.