The Internet can be a dangerous place for the careless. Land on the wrong website, and you can infect your computer with malicious software that will steal your data or scramble it and demand a ransom for its return. Fill in a username and password in a bogus form, and your digital life can be turned to toast.
As scary as all this sounds, if you’re careful, you can surf the Net with a high degree of safety.
Safe surfing starts with your browser.
Two of the most popular ways miscreants prey on browsers are through socially engineered malware and phishing.
Nearly a third of Internet users have been victims of socially engineered malware, according to NSS Labs, an independent testing organization. By using some form of deception — a link to a rogue website, for instance, or the opening of an infected document — bad actors can manipulate a person to poison their machines with malicious software, software that can compromise or damage hardware or steal sensitive or information. It’s also how “ransomware” is distributed. That form of malware, which has had wild growth in the last 12 months, encrypts data on an infected computer or phone so it can’t be accessed by its owner and demands a ransom be paid to make it accessible again.
Phishing is often a prelude to planting socially engineered malware on a machine, but it’s also used just to obtain sensitive data. For instance, you receive an email from your bank asking for your username and password to access your account — only the email isn’t really from your bank but from a phisher masquerading as your bank and the next thing you know your checking and savings accounts are running on empty. NSS notes that last year, more than 145,000 unique phishing campaigns were reported every month and 125,000 unique phishing websites were discovered with equal frequency. In fact the situation became so alarming among businesses — which lost $2.3 billion in the last three years to phishing scams — that the FBI issued a special alert on the subject.
1. Use/Install Most Secure Internet Browser
Major browsers offer protection against social engineering malware and phishing, although some offer more protection than others.
For example, in NSS’s latest browser tests, Microsoft’s new Edge browser blocked 99% of the malicious samples thrown at it, compared to 85.9% for Google Chrome and 78.3% for Mozilla Firefox.
3 Best Internet Browsers for Safe Browsing
Microsoft has been incorporating into its browsers for several years a technology called SmartScreen URL and Application Reputation filtering. The tech checks the reputation of a URL before it allows it to download into the browser. If the website’s reputation is bad — as would be the case with a phishing website — you’ll receive an alert and be given the choice of going to your home page, a previously visited website or to live dangerously and proceed to the website of ill-repute.
Similar screening is done when you try to download a file from a questionable website. The browser will just block the download.
NSS also found that Edge was the quickest to block new social engineering malware — 10 minutes — compared to four hours, 39 minutes for Chrome and four hours, five minutes for Firefox.
It was also the most effective in addressing “zero day” vulnerabilities — flaws exploited for the first time in an attack — 98.7 percent, compared to 92.8 percent for Chrome and 78.3 percent for Firefox.
2. Customize Your Security Settings
You can also make a browser more secure by customizing it through its preferences or settings menu. Fiddling with settings, though, can create inconveniences.
For example, shutting off features like “autofill” — which automatically fills forms on web pages — and password storage prevents data from being stored in files that can be a goldmine for anyone hacking your system.
On the other hand, manually filling forms and typing in usernames and passwords can be a burden.
One option you should definitely turn on, though, is “block pop-up windows” to prevent pesky ads from popping up over web pages you’re visiting. And if your browser supports it, choose the send “Do Not Track” requests with your browsing traffic option to keep marketers from snooping on your Net travels.
Here are step-by-step guides for securing your browsers (i.e. making them less vulnerable).
As with any software, you always want to make sure your browser is up-to-date with the latest upgrades and patches. Many times those patches are specifically created to address new found security flaws in the software. Keeping a browser current is less of a problem than it used to be because now it’s often done automatically without the need for human intervention.
3. Use Password Manager (not “AutoFill” options)
Next to your browser, a good password manager has become almost essential for safe surfing, especially after you turn off the remember passwords and fill forms options of your browser.
Features can vary from manager to manager, but they all share one thing in common.
They remember your credentials — username and password — for a website and fill them in when you land on its logon page.
That allows you to create unique and secure credentials for every website that requires them without having to commit those credentials to memory. You need only remember one password — the master password for accessing the password manager.
With thousands, sometimes millions, of passwords being compromised every day, password managers can help you avoid the domino effect that occurs when you reuse passwords. Credential thieves can take a set of stolen credentials and plug them into thousands of websites through automation techniques so they can crack every site where you’ve reused your password. Using unique passwords reduces the damage that can done with a single password.
Here are 3 Most Popular Password Managers in 2017
While inserting something new into your web flow may not sound appealing to you, password managers are relatively unobtrusive after installation. Most install in a browser of your choice as a plug-in. There they’ll watch your cyberspace travels. If you’re new to a website, the program will help you create credentials for it. If you’ve been to the site before, the software will automatically fill in your login info. What’s more, most managers will also create a list of sites for which they’ve stored logins that can be quickly accessed from your browser’s toolbar.
4. Use Creativity When You Create Your Passwords
If remembering a lot of passwords is a big chore, then an almost equally taxing task is creating passwords. Password managers can automate that for you, too. You can tell them to create a secure password for you and it’s done instantly. In some managers you can even customize the passwords they create. You can make a password a certain length — 16 characters is recommended, but that may be too long for some websites — as well as if you want it to be a pronounceable, if you want to use numbers, capital letters and special characters or if you want to exclude similar characters like 1 and l or O and 0.
If you go old school and create a password in a form by hand, a password manager can help you there, too, by telling you if your creation is secure or if you’ve already used that password someplace else.
One of the greatest benefits of a password manager is that most of them work across platforms. Whether you’re working on your phone, tablet, laptop or desktop, you always have access to your credentials. That also means you don’t have to type a secure password like F*t5pWU397%6QvAk7K9W on a smartphone keyboard. What’s more, since information is synchronized across platforms, if you make a change in your credentials or add new ones, those changes will be performed across all your devices automatically.
In addition to protecting your credentials with encryption, some password managers will give you an additional layer of protection through two-factor authentication. When you try to access your password manager from a new device or browser, after you enter your credentials for accessing the manager, you’re required to furnish an additional piece of information. It could be a number code sent by text message to your phone, a short-lived password emailed to you, an automated phone message or some other authentication method.
Although called password managers, the programs can store much more than login information. They can be repositories for credit card information, financial documents, software licenses, Wi-Fi credentials, addresses and much more. Some websites also offer to store that kind of information for you. That may seem more convenient to you, but the risks you’ll be inviting outweigh that convenience. With a password manager, you’re in control of the security protecting your information. With a website, security is out of your control. Some websites may have Fort Knox security. Others may not. And judging from the amount of user data that’s compromised on a daily basis, the security at many websites is more porous than impervious.
5. Hide Your IP With a VPN
Having a secure browser and a password manager will offer you a measure of security as you cruise the Web, but if you want to take safety up a notch, you might want to consider using a Virtual Private Network service.
VPN services both protect your connection to the Internet by encrypting the data in the connection and hide where you’re connecting to the Net, which protects your privacy.
Encrypting your connection to the Internet is especially important when working on insecure Wi-Fi networks, such as those found in public places like airports, hotels and restaurants. Those networks are insecure because it’s relatively easy for a snoop to intercept traffic on them with a software tool called a sniffer. If your connection is encrypted, whatever traffic captured by such snoops will look like garbage to them.
When you connect to the VPN service you’re subscribing to, your identity will be masked on the Net. That means your Internet Service Provider won’t be able to track your movements online. Your government will also have a more difficult time tailing you. And sites that ordinarily recognize you, such as your bank, won’t know who you are and will ask you to authenticate yourself to them.
There are some hassles to using a VPN, which is why usually only people with an extra need for privacy use them. For example, they can slow down your Internet experience because your traffic may be making more hops to get from point A to point B than it would have if you weren’t using a VPN.
What’s more, a VPN service’s servers can be located all over the world. That can create problems if you use streaming services that have regional restrictions, like Netflix and YouTube. If you’re connected to a VPN server in Tokyo, then to the streaming service it looks like you’re in Tokyo and not in your home or office.
VPN services are offered in both subscription and free offerings. The problem with free services is they have to make their money in some way and more often than not that means selling your data to marketers. So if protecting your privacy is as important as protecting your communication, you may want to avoid free VPNs.
One exception to that rule, though, is the latest version of the Opera browser. It has free VPN services built into it. Although at its core Opera uses the same browser kernel as Google’s Chrome, Opera may not be recognized by some websites. In addition, Opera’s VPN proxies may also be blocked at certain websites, such as Netflix.
Otherwise, Opera’s VPN will do what’s expected from a VPN. It will replace your IP address with a virtual IP address to thwart net trackers. It will allow you to access websites blocked by firewalls or an organization like a school or company. And it can protect sessions at public Wi-Fi spots.
Best Picks for VPN
P.S. Here’s a full list of Best VPN Services (updated for 2017)
6. Confirming Site’s Security (https vs. http)
One way to determine if a site is trustworthy is if it has a green padlock on your browser’s address bar. Not only does that mean that traffic between you and the site is encrypted, but that the domain’s ownership has been validated. While domain validation is useful, it doesn’t say anything about the legitimacy of the owner.
There’s another level of validation for that called Extended Validation. Organizations need to prove their identity and their legitimacy as a business before they can get EV validation, which appears as a green address bar and lock in your browser.
Even if you rigidly follow good security hygiene, some personal information you’ve uploaded to the Internet during your digital lifetime may fall into the wrong hands. If that information is an email address that’s part of a data breach, you can be automatically notified about it via a free service offered by the breach monitoring website Have I Been Pwned.
It’s also a good idea to activate any alerts offered by your credit card providers and banks. Those alerts will keep you notified of various kinds of activity in those accounts so if any of them is compromised, you’ll be able to respond to the situation quickly.
7. Additional Safety Precautions (optional)
Another tool to protect yourself online is an ad-blocker. Ad-blockers are controversial because they staunch the lifeblood of the Internet: advertising. Many media outlets and websites offering free content, tools and services depend on advertising for income. Take away that income and the entire Net economy can be harmed.
Blocking advertising, though, is more than just a matter of convenience or annoyance. Advertising can pose a security threat to you. Bad actors can infect ads that appear on websites with malicious software or spyware and push them to visitors without their or the site operator’s knowledge. Ad-blockers can block those malicious ads, but they also block legitimate ads. There’s no easy solution to that problem, but ad-blockers allow you to exempt sites that you trust from having their ads blocked so they don’t lose their income when you visit them.
Speaking of trusted sites, you can avoid a lot of grief by avoiding questionable sites. Certain categories of sites, for instance, are ripe for picking up infections, such as pornography and file sharing sites.
Typo sites are another category of dubious destinations. Those sites have web addresses that mimic popular websites but have a character or two that’s different. They seek to exploit common mistakes made when typing an URL on a browser’s address bar or make the address pass superficial inspection by a user.
Another way to avoid questionable websites is to never click on links in emails or other messages. If the message appears to be from a trusted source, like your bank, go to the website by typing its URL into your browser or use a bookmark to get there.
The Internet can be a dangerous place, but it can be less so if you take the right steps to protect yourself. As Sgt. Phil Esterhaus used to remind his charges at the end morning roll call in the 1980s cop drama Hill Street Blues, “Be careful out there.”