10 Steps to Improve your Online Security

Thu, Jun 4, 2020 7-minute read

Over the last several months, I’ve been adding to this list of security tips that I would give my mom, my friends, and others who ask me for some easy steps to protect themselves online. With COVID-19 confining us to our homes, it might be just the time to refresh some insecure passwords and update our security settings.

1. Update your Privacy and Security Settings

Strengthening security and privacy settings are two ways you can secure and protect personal data on important accounts, from social media platforms to email accounts. I strongly encourage adjusting these settings because it can provide you with control over your personal data and prevent unauthorized access to your account. Below I’ve outlined some ways you can harden your settings for the most common platforms.

Facebook offers a Privacy Settings and Tools section with different options for locking down your information.

img

On Twitter, navigate to Settings > Privacy and Safety to protect your tweets from being seen outside your followers.

img

Instagram offers the most limited security and privacy options compared to other social media platforms. At the very least you can navigate to Privacy and Security to make your account private to followers only.

img

Outside of social media platforms, you can also lock down your security settings for email accounts, bank accounts, and many other platforms.

For example, you can access your Google account and walk through the security and privacy settings.

You’ll see a menu similar to the one displayed below.img

From this point, you can walk through a Security Checkup, view any recent security events, see which devices are logged into your account, and turn on two factor authentication. Google by default retains a good amount of data on everything you do; I recommend refining privacy settings under their Data & Personalization tab.

Cash transfer apps, such as Venmo, also provide privacy settings to change all transactions to private. What exactly does that mean? It means the money you send or receive, plus the message, will no longer be visible to anyone who has a Venmo account. Yes, the default is that your transactions are public to the world.

2. Use Two Factor Authentication

Two Factor Authentication requires that you use an additional method to authenticate yourself into a system. First, you may enter your password or use Face-ID but then you’ll also need to respond to a prompt on your phone or touch a physical key. By having multiple ways to authenticate, it prevents an attacker from using only your password to take over your account.

On Facebook, under Settings, you can activate two factor authentication and alerts for any logins on unrecognized devices.

img

On Twitter, under the Security tab, you can activate two factor authentication and password reset protection.

img

On Instagram, under Privacy and Security, you can enable two factor authentication for your account; however, it is limited to via SMS.

Two Factor Authentication is not only for social media accounts but is equally important for both email and financial accounts.

3. Check for Data Breaches

Have your passwords been leaked in a data breach?

The best free resource to check is HaveIBeenPwned. The website allows you to see if your account has been found in known data breaches. By checking your email addresses in the databases, the website will give you a list of affected accounts. If any of your accounts have been breached, you should change your password and any other passwords that utilize the same, or similar passphrase. For example, an attacker might gain your password from an online textbook rental company and then use the same email/password combination to try and login to your Amazon account. This further reinforces my next two points–create strong passwords but never reuse them!

4. Create Strong Passwords

A strong password needs to be unique and at least 12 characters. Use a mix of characters–upper-case and lower-case letters, numbers, and symbols. One of the more trusted password creation methods is to use a passphrase–a phrase of multiple but uncommon words. Another common approach is to create a personal but unguessable sentence and the use the first two letters of every word. This way, “My favorite place to eat is Briarpatch for their raspberry lemon pancakes,” becomes MyfapltoeaisBrfothralepa which you can then add some extra numbers and symbols to, 78Myfapltoeais*Brfothralepa.

Does this sound hard? Well it is, that’s why I outsource creating passwords to a password manager.

5. Track Passwords in a Password Manager

Password managers have two great functions: (1) they keep your passwords safe and (2) they generate secure passwords to use. Copy + Paste a securely generated password as you make new accounts and they’ll autosave to your password manager. I keep my password manager on my phone and as an extension in my Chrome browser. Now, I only have to remember one password and I can easily access all the others!

Two well-known password manager options are LastPass, which is free, and 1Password which is subscription based.

6. Actively Monitor your Credit

To stay aware of any use of my name and social security number for loans, credit cards, or other financial accounts, I monitor my credit monthly. A credit monitoring service will watch anything that pops up using your credentials to set up a financial account. That way, I will know if my identity is being used for fradulant activity before the damage is irreversible.

I use Wallethub; it’s free and has a simple interface for viewing current bank accounts, loans, disputed charges, and credit score as many times as needed.

7. Avoid Public WiFi without Protection

There are many articles that address the huge risk of using public WiFi, but what can you do when you are at a coffee shop or airport terminal? Well you can use it, but you need protection via a Virtual Private Network (VPN). VPNs encrypt your network traffic so those on the same public WiFi cannot view the data you are transmitting as you login to your bank account or browse Facebook.

Personally, I’ve used both CyberGhost and TunnelBear as a VPN. These are both paid subscriptions; however, I find it worth the price. If you are looking for a free VPN here is a list to consider.

8. Keep All Devices Updated

Do you avoid updates? Sometimes, I do too but the best way to protect your devices is to update them regularly.

Often developers push out updates because they’re constantly discovering and fixing vulnerabilities. The only way to remediate this is to update the software on your devices [do da chrome ting]. So when you see a pop up to update your device, schedule it!

9. Regularly Back Up your Computer

Backing up your computer can protect you from losing files in case of an accident, a hardware failure, or a ransomware attack. The easiest way to do this is by setting up a local agent, such as Google Drive or OneDrive, to sync your file folders to the cloud throughout the day. For larger, more in depth backups, you can consider IDrive or other platforms that specialize in extensive backups. While you’re working on backing up your computer, most providers also offer a solution to backup mobile devices and sync photos to their cloud.

10. Learn How to Avoid Phishing

Phishing scams are the easiest way for an attacker to manipulate you for personal information or financial gain. Be cautious when looking at emails, especially those that appear urgent or have attachments. You should look at the email address it was sent from and the content of message before clicking links or attachments. Google created a phishing quiz to test your abilities for identifying phishing tactics. For more examples of phishing and what to look for, check out this article.

Overall, there are easy things we can all do in our free time to make sure we are secure in our private life.

Disclaimer: These are solely my opinions and do not reflect the opinions of my employer.