The Internet can be a dangerous place for the careless. Land on the wrong website, and you can infect your computer with malicious software that will steal your data or scramble it and demand a ransom for its return. Fill in a username and password in a bogus form, and your digital life can be turned to toast.
As scary as this sounds, if you’re careful, you can surf the Net with a great degree of safety.
Safe surfing starts with your browser.
Two of the most popular ways miscreants prey on browsers are through socially engineered malware and phishing.
Nearly a third of Internet users have been victims of socially engineered malware, according to NSS Labs, an independent testing organization. By using some form of deception, for instance, linking to a rogue website, or opening an infected document, bad actors can manipulate a person to poison their machines with malicious software. Such software can compromise or damage hardware or steal sensitive or information. Ransomware gets distributed this way too.
This form of malware has had wild growth in the last 12 months. It encrypts data on an infected computer or phone so its owner can’t access it. It then demands the owner pay a ransom to make it accessible again.
Phishing is often a prelude to planting socially engineered malware on a machine, but it’s also used to get hold of sensitive data. For instance, you receive an email from your bank asking for your username and password to access your account. Only the email isn’t from your bank but from a phisher masquerading as your bank. And the next thing you know your checking and savings accounts are running on empty.
NSS notes that 2016 saw the reporting of over 145,000 unique phishing campaigns each month. Just as frequent was the discovery of 125,000 phishing websites.
In fact, the situation became so alarming among businesses, which lost $2.3 billion in the last three years to phishing scams, that the FBI issued a special alert on the subject.
1. Use/Install Most Secure Internet Browser
Major browsers offer protection against social engineering malware and phishing, although some offer more protection than others.
For example, in NSS’s latest browser tests, Microsoft’s new Edge browser blocked 99% of the malicious samples thrown at it, compared to 85.9% for Google Chrome and 78.3% for Mozilla Firefox.
3 Best Internet Browsers for Safe Browsing
For several years now, Microsoft has incorporated into its browsers a technology called SmartScreen URL and Application Reputation filtering.
The tech checks the reputation of a URL before it allows it to download into the browser. If the website’s reputation is bad, as would be the case with a phishing website, you’ll receive an alert. You can then choose whether to go to your homepage, a website you’ve been to before, or to be a devil and proceed to the website of ill-repute.
The similar screening happens when you try to download a file from a questionable website. The browser will block the download.
NSS also found that Edge was the quickest to block new social engineering malware taking only 10 minutes. Compare this to four hours, 39 minutes for Chrome and four hours, five minutes for Firefox.
It was also the most effective in addressing “zero day” vulnerabilities. These are flaws exploited for the first time in an attack: 98.7%, compared to 92.8% for Chrome and 78.3 percent for Firefox.
2. Customize Your Security Settings
You can also make a browser more secure by customizing it through its preferences or settings menu. Fiddling with settings, though, can create inconveniences.
For example, shutting off features like “autofill“, which automatically fills forms on web pages, and password storage prevents files from storing data ready for anyone hacking your system to mine it.
On the other hand, the manual filling of forms and typing in usernames and passwords can be a burden.
One option you should definitely turn on, though, is “block pop-up windows” to prevent pesky ads from popping up over web pages you’re visiting. And if your browser supports it, choose the send “Do Not Track” requests with your browsing traffic option to keep marketers from snooping on your Net travels.
Here are step-by-step guides for securing your browsers (i.e. making them less vulnerable).
As with any software, you always want to make sure your browser is up-to-date with the latest upgrades and patches. Many times those patches are created to address new found security flaws in the software. Keeping a browser current is less of a problem than it used to be because now updates are often automated.
3. Use Password Manager (not “AutoFill” options)
Next to your browser, a good password manager has become almost essential for safe surfing. Especially after you turn off the ‘remember passwords and fill forms’ options of your browser.
Features can vary from manager to manager, but they all have one thing in common:
They remember your credentials – username and password – for a website and fill them in when you land on its login page.
That allows you to create unique and secure credentials for every website wanting them without having to commit those credentials to memory. You need only remember one password: the master password for accessing the password manager.
Thousands, sometimes millions, of passwords become compromised every day so password managers can help you avoid the domino effect that occurs when reuseing passwords. Credential thieves can take a set of stolen credentials and plug them into thousands of websites through automation techniques. That done they can crack every site where you’ve reused your password. Using unique passwords reduces the damage that can be done with a single password.
Here are 3 Most Popular Password Managers in 2017
While inserting something new into your web flow may not sound appealing to you, password managers are relatively unobtrusive after installation. Most install in a browser of your choice as a plug-in. There they’ll watch your cyberspace travels. If you’re new to a website, the program will help you create credentials for it. If you’ve been to the site before, the software will automatically fill in your login info. What’s more, most managers will also create a list of sites for which they’ve stored logins that can be quickly accessed from your browser’s toolbar.
4. Use Creativity When You Create Your Passwords
If remembering a lot of passwords is a big chore, then creating passwords is just as taxing. Password managers can automate that for you, too. You can tell them to create a secure password for you and it’s done in an instant.
In some managers you can even customize the passwords they create.
You can make a password a certain length. The recommended length is 16 characters. But that may be too long for some websites. You want it to be pronounceable when using numbers, capital letters and special characters. Or if you’re excluding similar characters like 1 and l or O and 0.
If you go old school and create passwords in a form by hand, a password manager can help you there too. It’ll tell you if your creation is secure or if you’ve already used that password someplace else.
One of the greatest benefits of a password manager is that most of them work across platforms. Whether you’re working on your phone, tablet, laptop or desktop, you always have access to your credentials. That also means you don’t have to type a secure password like F*t5pWU397%6QvAk7K9W on a smartphone keyboard.
What’s more, with information synchronized across platforms your devices will do an automatic updated when you either change your credentials or add new ones.
5. Hide Your IP With a VPN
Having a secure browser and a password manager will offer you a measure of security as you cruise the Web, but if you want to take safety up a notch, consider using a Virtual Private Network service.
VPN services both protect your connection to the Internet by encrypting the data in the connection and hide where you’re connecting to the Net, which protects your privacy.
Encrypting your connection to the Internet is especially important when working on insecure Wi-Fi networks, such as those found in public places like airports, hotels and restaurants. Those networks are insecure because it’s quite easy for a snoop to intercept traffic on them with a software tool called a sniffer. With an encrypted connection though, snoops capturing your data will see only garbage.
When you connect to the VPN service you’re subscribing to, it masks your identity on the Net. That means your Internet Service Provider won’t be able to track your movements online. Your government will also have a more difficult time tailing you. And sites that would ordinarily recognize you, such as your bank, won’t know who you are and will ask you to authenticate yourself to them.
There are some hassles to using a VPN, which is why usually only people with an extra need for privacy use them. For example, they can slow down your Internet experience because your traffic may be making more hops to get from point A to point B than it would have if you weren’t using a VPN.
What’s more, a VPN service’s servers are likely to be located all over the world. That can create problems if you use streaming services that have regional restrictions, like Netflix and YouTube. If you’re connected to a VPN server in Tokyo, then to the streaming service it looks like you’re in Tokyo and not in your home or office.
VPN providers offer their services in both subscription and free offerings. The problem with free services is they have to make their money in some way. More often than not that means selling your data to marketers. So if protecting your privacy is as important as protecting your communication, you may want to avoid free VPNs.
One exception to that rule, though, is the latest version of the Opera browser. It has free VPN services built into it. Although at its core Opera uses the same browser kernel as Google’s Chrome, some websites may not recognize Opera. In addition, Opera’s VPN proxies may also be blocked at certain websites, such as Netflix.
Otherwise, Opera’s VPN will do what’s expected from a VPN. It will replace your IP address with a virtual IP address to thwart net trackers. It will allow you to access websites blocked by firewalls or an organization like a school or company. And it can protect sessions at public Wi-Fi spots.
Best Picks for VPN
P.S. Here’s a full list of best VPN services (updated for 2018)
6. Confirming Site’s Security (https vs. http)
One way to determine if a site is trustworthy is if it has a green padlock on your browser’s address bar.
Not only does that mean that traffic between you and the site is encrypted, but that the domain’s ownership has been validated. While domain validation is useful, it doesn’t say anything about the legitimacy of the owner.
There’s another level of validation for that called Extended Validation. Organizations need to prove their identity and their legitimacy as a business before they can get EV validation. This appears as a green address bar and lock in your browser.
Even if you’re rigid about following good security hygiene, some personal information you’ve uploaded to the Internet during your digital lifetime may fall into the wrong hands. If it’s an email address that’s part of a data breach, you can get an automatic notification via a free service offered by the breach monitoring website Have I Been Pwned.
It’s also a good idea to activate any alerts offered by your credit card providers and banks. Those alerts will keep you notified of various kinds of activity in those accounts. Then, in the event of a compromise, you can respond to the situation at once.
7. Phishing Emails and Tips to Avoid Them
No doubt think you know how to spot a phishing email. But do you?
Phishing emails get an average click rate of about 10 percent or higher, according to a report released last month by Wombat Security Technologies.
And there’s a lot of them. If you don’t click on one, you might well click on the next one.
Diligent recently published the results of a survey regarding which phishing emails people were most likely to click on.
More than 68 percent of people would click on an email if it looked like it came from someone they know. And 61 percent would click on an email that referred to social media, such as one saying “Did you see this pic of you? LOL.”
People who got an email that looked like an invitation to access a shared file on a service like Dropbox clicked in to it 38 percent of the time.
Other successful phishing emails were ones that told users that they had to do something. Instructions/information such as:
- Needing to secure their account
- Needing a new social media login
- Have a court appearance – the court notice being in the attachment
- Were due a tax refund
According to Diligent, 156 million phishing emails get sent every day, and 16 million of them aren’t detected by spam filters.
So what happens if you click on the link, or open the attachment? You get malware that’s what.
More than 90 percent of phishing emails carry ransomware. These are programs that infect your computer and encrypt all your files. The hackers then ask you to send them money to get your files back — but there’s no guarantee that they’ll keep their promise. Well they are criminals after all!
Last year, ransomware hackers took in more than $1 billion from victims.
You can also get infected by malware that spies on everything you do, including the passwords that you type into your online banking site. Other malware takes over your computer and uses it to send out more spam. That slows down your computer with the potential to get you into trouble with your Internet service provider.
Tips for Recognising Phishing
- Spelling or grammar mistakes. Real companies hire copy editors to check their emails before they go out.
- It doesn’t use your name.
- It’s from someone you don’t know, or it refers to a transaction that is unfamiliar to you.
- It asks for your personal information.
- It seems too good to be true. Or too bad to be true.
- The tone is urgent or even threatening.
- The return address of the email or the URL of the link doesn’t look right. For example, instead of taking you to MyBank.com, it goes to MyBank-this-is-real-we-swear.com.
- It asks you for money or a donation.
- It’s as vague as it can be, and it wants you to click on a link or download a file to find out more.
With the constant growing rate of cyber crimes and online scams, people lose billions and many people have lost their identity.
This guide will help you avoid the following:
- Identity Theft
- Credit Card Frauds
- Phishing Emails
- and more.
We’ve pointed out 14 ways to keep your online activity super-secure. At the end of the article, we’ve reviewed some IT industry experts who give good insight to the future.
8. Download Software From Trusted Sources
The Internet is awash with different kinds of software that you can download and install on your computer. Keep in mind that not all downloads are equally trustworthy.
An approved software update for your operating system (usually Windows or macOS) is sure to be safe to install. On the other side of the spectrum, a download from a cheap-looking website that promises to clean up the files on your computer is one to stay away from.
Look to download commercial apps bought from secure sites and free apps from sites with a good reputation (such as Tucows and ZDNet, as well as official resources such as the Mac App Store). If you’re unsure about the origin of any piece of software, don’t download or install it. Look it up on the web and check for reviews and blog posts about the software from reputable sources. It doesn’t take long to tell whether a piece of software is genuine and trusted by the web community.
9. Avoid File-sharing Sites and Torrenting
Sites used to back up and synchronise your files are generally fine to use, and are much safer than many people might think. But places where you’re active in sharing content with others, file-sharing sites for e.g., have the potential to compromise your computer. This is because such sites often deal in the sharing of files that aren’t intended for sharing.
These files might be films, software or other content that has some commercial, copyrighted value. Someone looking to gain control of others’ computers could easily share some rogue software – called malware. This would allow them access to your machine if it were to run on your system.
Be careful, then, whenever using a service like this. It should go without saying that following copyright laws in your country is a sensible thing to do!
10. Turn on Two-Factor Authentication Whenever Possible
Many of the most websites most critical to our lives: online banking websites, Gmail, Facebook etc. offer two-factor authentication.
This means that, if someone looks suspicious in any way they’ll step in. So should it appear that you’re logging in from a computer in China, and you’ve never used that particular computer before, and also you’ve never even left your home town – well, alarm bells will ring and they’ll intervene. For example, the bank might send a one-time code to your phone, or send a code to you by email.
Unless the hacker also somehow got into your email or your phone, they’ll be locked out of your account.
And if you ever lose your password, or someone tries to hijack your account, you can go through the second authorization method to reset your password and get your account back.
But two-factor authentication isn’t automatic. You have to give your cell phone number to your bank and you have to enable the two-factor with Google and Facebook.
If you haven’t done it yet – now is the time.
According to the Pew survey, of 16 percent of respondents said their email accounts had been taken over. While 13% said this had happened to one of their social media accounts.
Here are the instructions for the most popular services:
11. Change Your Passwords After a Breach
Speaking of changing your passwords after a breach – you should do that.
According to the Pew survey, 64 percent of Americans have personal experience of a major data breach.
If you’re one of them, or suspect that you are, go and change your passwords. Start with your most important sites: banking, credit cards, and shopping sites. Then move on to your favorite social media sites.
Chances are you can’t even remember all the places where you have an account, right?
Go back to the previous step and install a password manager.
12. Consider Using Credit Monitoring
Another thing that the criminals will do if they get access to your personal information is open new accounts in your name. You never see these statements because you don’t know that the accounts even exist. Well not until you start getting hounded by collection agencies and discover that you’ve no longer got a credit rating.
Lucky then that protecting against this is very easy. And free.
You might have heard that you’re allowed one free report a year from each of the credit monitoring services, so you haven’t bothered with it.
Now, there several free options out there will let you check your credit report any time you want, for free, without any damage to your credit rating. And they’ll also send you an alert if anyone tries to open a new credit account in your name.
Capital One and Discover Card both offer free online credit monitoring.
My personal favorite service is Credit Karma, and another popular option is Credit Sesame.
13. Consider Using Extra Anti-Virus Protection & Lock Your Screen
By now you should have the idea that NOT clicking on phishing emails is your first line of defence.
But what happens if you do, and the malware starts invading your computer or smartphone?
With luck you have anti-virus in place to catch it.
I use Avast, and there are several others from very reputable companies that don’t cost you any money.
You can get the antivirus software for your smartphone, too. Yet, according to Pew, only 32 percent of people have it.
Another way to protect your computer or mobile device is to turn on password or PIN or fingerprint locks.
According to the Pew survey, 28 percent of smartphone owners don’t use a screen lock or other security feature to limit access to their phone.
Most people don’t secure their laptops either. It’s simple enough for a thief to grab your device and walk off with it and all the data in it. If you’ve got it set up with automatic logins to your financial sites, email or social media accounts, you’re even more vulnerable.
Do you have a camera on your computer? I keep a Post-It over mine, and Facebook’s Mark Zuckerberg uses a piece of tape. It’s a quick and easy fix. I’m happy knowing that some stranger isn’t watching me picking spinach out from between my teeth.
Because of the large number of breaches in the news recently, people are more aware of cybersecurity issues than ever before, said Pew’s Rainie.
“But in their day-to-day life, they don’t act as if it’s a central concern,” he said. “It’s a paradox.”
14. Be Prompt about Updating Your Operating System and Software
When a company discovers that there’s a security problem in its software, it sends out an update.
Some programs do automatic updates, without asking permission. But many operating systems and applications ask first.
Most people don’t approve the update right away. Given the choice, only 32 percent of people opt to have their apps update themselves on an automatic basis. Of the rest, 38 percent run the updates when it’s convenient, and 10 percent never install app updates at all.
When it comes to major updates, like the phone operating system, 42 percent wait until it’s convenient, according to the Pew survey, and 14 percent never update it.
That’s a problem. When hackers find out that there’s a security vulnerability, they rush out to take advantage of it before everyone upgrades. The longer you take, the more at risk you are.
So why don’t people update right away?
“It might be strictly a matter of convenience and control,” said Pew’s Rainie. “Some people think, I want to do updates in my own time. Or, I don’t want to burn through to my data cap.”
15. Use Reputable Shopping Sites
Most brand-name e-commerce sites, like Amazon, have good security systems in place and are happy to refund your money if something goes wrong.
Scammers still pop up though promising goods that they don’t deliver. Check the ratings and customer reviews before making a purchase.
As an extra precaution, if you pay with a credit card, you can also have them reverse the charges if it turns out that there’s a problem.
16. Don’t Use Unsecured WiFi
Most wireless routers – the devices that share the Internet signal around your home or office – will be set to use a form of encryption that needs a password to let you connect to the WiFi network. Although this is a pain, it’s a safe way to ensure you’re not making it easy for others to join your wireless network. Not doing this would mean they might be able to gain un-authorised access to any of the computers or devices on the network.
When you are out of the home or office, you might connect to a public WiFi hotspot. These often have their own joining criteria (a need to register or enter a password, for example), but some WiFi networks are completely open. Connecting to such networks is usually a bad idea. It’s best to pick a secure network instead or to rely on your device’s own connection to your mobile operator.
17. Back Up Your Data
While it’s crucial to keep your computer protected from the outside world, it’s important to remember that you keep data – that’s files, documents, pictures, music, videos – for a reason: to use them. The last thing you want is for the hard disk inside your computer to fail and for you to lose any or all that precious information. So, what to do? The best course of action is to put in place a backup routine. That means finding a way to copy your information to a safe place so that you don’t rely on your computer’s hard disk alone.
You can make your backups to an external hard disk, such as one connected to the computer via a USB cable.
More and more people are now turning to cloud backups. Cloud backups give you a secure way of transferring data over the Internet to a service such as Dropbox.
For the best protection, use a combination of physical and cloud backups. Doing so will mean your data should be safe even if a disaster were to strike. A service such as Acronis may suit you if you wish to go for the hybrid backup route.