What if I told you that you could dramatically improve your online security right now? No technical support. No computer science degree.
Just you.
Right now.
Would you believe me? Would you even listen?
These days, the dangers lurking online are a greater threat to our personal and financial well-being than ever before. Keeping yourself and your data safe from hackers is becoming more and more difficult, even as a greater share of our lives (and our money) is spent online.
All this was true before a global pandemic turned Amazon into your go-to marketplace for everything.
Your online security should be a top priority. Unfortunately, it can seem like a lot to deal with. Fortunately, there are some basic things you can do to limit your risks.
10 Useful Ways You Can Boost Your Online Security Yourself
The most effective ways to improve your online security generally involve helping you get the most out of the tools you already have or adding that one tool you really need, starting with…
1. Use a Password Manager
Anything that can be password protected should be password protected.
Period. Oh, and turn on Multi-Factor Authentication while you’re at it.
You might feel comfortable leaving some of your personal devices or accounts without a password, but you shouldn’t. Any access to your accounts or devices can allow an experienced hacker to completely avoid your online security systems.
Having re-used or weak passwords only provides slightly more protection than having no passwords.
Your passwords also must be effective. They need to be strong and unique. You wouldn’t want the same key that opens your car door to also open your front door and your safe deposit box. You really wouldn’t want that same key to be used by dozens of other people in your neighborhood to do the same thing.
So why do it with your devices and online accounts? Use a password manager like 1Password or Last Pass to keep your passwords organized and to generate unique, complex passwords for new accounts. Password managers can even evaluate the passwords you’re already using. And for those of you who think your current password system works just fine, thank you, you’re wrong.
Taking it a step further: Use Multi-Factored Authentication in your logins, and use passphrases where allowed – they’re considerably more secure.
2. Close Old/Unused Accounts
Your old and unused accounts, the ones you never closed, are a treasure trove of personal information, and a major online security vulnerability. And that’s not only if the companies keeping those accounts are hacked.
The existence of unused accounts means companies have personal information about you, and many of those companies sell that data. Furthermore, if the company does get hacked, financial information, purchase histories, private conversations, and old login emails and passwords (that you might currently be using elsewhere) could all be accessed.
Step 1: Clear and Close
Go through your old accounts and remove all the saved information, particularly payment information. Thenclose the account permanently. That should be the last step necessary, but thanks to the corporate need to hoover up and store all the data, more steps are required.
Step 2: Follow up (Repeated monthly, for as long as you can bear it)
Make the company confirm that your account and data has been deleted. Check the company’s data retention policy and reach out to them directly to make sure that they don’t keep the data stored from closed accounts in the same place as open accounts. The fewer accounts you have that could be swept up in a cyberattack, the better your overall online security will be.
Even better, many companies extend the rights granted to citizens of the EU and California to everyone, meaning you can ask them to delete all the information they have on you (with certain limits).
Taking it a Step Further: Find out if your accounts have been included in any of the massive data dumps by hackers by visiting https://haveibeenpwned.com.
3. Use a VPN
One of the best ways to protect your information online is to only use a secure internet connection.
Public WiFi, or any other wireless network that you or your company do not directly control, is not a secure connection to the internet, and is a threat to your online security. Furthermore, your ISP is virtually guaranteedto be selling your information if it’s not hidden.
So only connect to public/unknown WiFi through a Virtual Private Network (or “VPN”). A VPN essentially acts like a tunnel for your data, connecting your computer (or mobile device) with the VPN’s servers, encrypting everything you send and receive. Since the data is encrypted, anyone snooping on the public wifi network would be unable to access your data. (Although, admittedly, there are limitations.)
There are many VPN options available, and most are inexpensive and quite easy to use. Among the best available are Private Internet Access (or PIA) (affiliate link), ExpressVPN, and Nord VPN (affiliate link).
From left to right, Nord VPN, ExpressVPN, and PIA.
Ultimately, anytime you’re using an unsecured internet connection, you should be using a VPN.
Taking it a Step Further: Certain VPNs also have blocking features that limit the ability of websites to track and advertise to you – both of which improve your online security.
4. Disable Bluetooth When Not in Use
Bluetooth connections are amazing and convenient. They also provide hackers with an unprotected way into your devices. On the bright side, most threats exploiting Bluetooth connection systems are dependent on your Bluetooth connection being active.
To improve your online security: turn off your Bluetooth when you’re not using it. Bluetooth attacks rely on the permission process that is the very backbone of Bluetooth. By exploiting that system, hackers can get around many other security features or systems on your device.
So when not in use, your Bluetooth should be turned off. Not in invisible mode or undetectable mode. Literally OFF.
If you needed any added incentive, researchers have actually been able to turn an iPhone on by accessing Bluetooth, although only in very specific conditions.
5. Keep Secret Question Info Secret
We share a ton of information online, especially on social media. But providing a public biography of ourselves to our friends and family inadvertently creates a roadmap for hackers to follow. Our social profiles contain tons of information hackers want, from our shopping patterns to potential password ideas.
Among the worst online security vulnerabilities lurking in your social media profiles: answers to your password recovery “secret questions.”
Review your social media profiles and make sure that only those you want to be able to see your information can do so. Although Twitter only has two privacy settings (Yes and No, essentially), Facebook, Instagram, LinkedIn, and most others have more granular settings. However, even with your privacy settings engaged, you should still remove any information that answers or provides clues to any password recovery “secret question” you use.
And never share personal information on any kind of “blockchain” system or message board. Because, as Ron White says, “stupid is forever.”
Unsure what security questions you’ve chosen? Time to reset some passwords, and the security questions while you’re at it!
Taking it a Step Further: To prevent someone from using your own personal information against you, make up responses to the secret questions that are either fake or are actually the answer to a different question.
6. Use a Separate Recovery Email
Among the biggest prizes for a hacker is access to your personal primary email account. Why? Because that’s where almost everyone has password change or recovery emails sent to if they forget.
The hacker wouldn’t even NEED the answers to your security questions!
For most people, their primary personal email address is the only one they actually use. it seems like the logical choice to link to when opening new accounts. Problem is, since you use that account so much, it’s pretty easy for anyone to get it if they want. Heck, you give it away to almost anyone you interact with online.
This might seem obvious, but knowing your email account name is the first step in being able to hack it. By creating an email account solely for receiving password recovery emails, and never for other communication, you’ll eliminate a major vulnerability and boost your online security.
Taking it a Step Further: Your password recover email address username should be something other than your name – or anything like it – so it can’t be easily guessed.
7. Review Bank Statements Regularly
Among the best possible news to get after learning that your identity’s been stolen is that you won’t be responsible for what was taken. There really aren’t too many other situations where you get robbed, and as soon as the robber leaves, someone walks up behind you and stuffs cash in your pocket.
For identity theft victims, it may not feel quite that good, but it certainly helps control the panic.
Unless you forget to notify your bank in time.
Guess what – if you have bank statements mailed to you, the law says that banks are allowed to assume that you read them. In most situations, you only have 60 days to notice a problem. After that, the bank has no obligation to help you.
Taking it a Step Further: Look for the small transactions – you may not find outright identity theft, but you might discover you’re being charged small amounts for things you didn’t buy!
8. Secure Your Router
Even if you’re vigilant about using a VPN and limiting your web browsing while on Public WiFi, don’t forget about your wireless router. It will serve as the lynchpin of your online security.
Your home router is the crossroads for all the data into and out of your home. Personal emails, credit card and banking transactions, and all other online interaction that happens while you’re using WiFi.
Routers are also the most frequently exploited device in cyberattacks targeting Internet of Things devices.
So make sure your router is as secure as possible. Turn on automatic updates. Check the administrative dashboard (or mobile app for newer routers) and make sure the firmware is up to date. Turn off any plug-and-play features you don’t use. Set up a strong password. If you have a “Guest” login, it needs to have a password as well.
Also, make sure your router is using the latest security protocols available.
Taking it a Step Further: Make your router invisible by turning off the SSID (Service Set Identifier).
9. Don’t Click on Links – Retype Them
By now, we’ve all received a suspicious email asking us to click a link for some reason or another. Those suspicious ones stand out.
The good ones don’t.
Whether the links themselves contain malware or happen to direct you to a page asking for login credentials, clicking the wrong link can be an online security catastrophe. Most organizations and companies that hackers impersonate in these emails have policies in place to never send you links via email.
And yet, on average 3-4% of people who receive a phishing email will click on it. They believed it was legitimate.
For the sake of your online security, avoid the problem altogether: don’t click on the link.
Open up your web browser, and re-type it. That way, you avoid the possibility that the link you’ve been sent may misdirect you to a very convincing-but-fraudulent site.
Taking it a Step Further: The same is generally true for information over the phone – if you didn’t initiate the call, confirm nothing, provide no information. Instead, hang up and call them back.
10. Don’t Ignore the Obvious
Most breaches in your online security do not come with a ransom note (or other obvious sign), and thus may be difficult to detect. However, there are often other indicators that something is amiss:
- Toolbars in your web browser you never added.
- A sharp increase in pop-up windows.
- Your system running considerably slower.
- Friends and family telling you that they’ve been getting emails or social media friend requests from you at an odd rate.
There are a lot of signs that you’ve been hacked.
If something about your system or experience feels off, you should consider, and in some cases assume that your accounts or computer has been compromised. Don’t ignore your instincts. In 2018, nearly 70% of discovered data breaches had been ongoing for at least one month when detected. (That number has decreased in the years since, but a significant reason is because the hackers publicly announced the breach.)
Failing to act on what were obvious indicators of a hack (in hindsight, at least) was a major reason why.
In The End…
Our lives are spent, in considerable portion, online. Social media, online purchasing, email communication, remote work… it all involves connection. It only makes sense that we take a more central role in our own online security. The best place to start is by doing the little things. They’re the most important, and they’ll cost you (almost) nothing.
