Staying Safe Online: A 10 Step Guide To Personal Internet Security
This is a short guide to help you improve your online security. As our lives are becoming more and more dependent on technology, the internet and online services so our responsibility increases to stay safe and protect ourselves and our assets. Take the time to review your personal security setup and make sure that you don’t become the next victim.
Disclaimer: The advice in this guide are recommendations based on my personal experience. I cannot however make any guarantees and I cannot be held responsible for your online security. Always do independent research and use this information at your own risk.
1. Use A Reliable Email Service Provider
Your email account is your unique personal identifier for online accounts. Make sure to use a reliable email service provider to host the email account that you use to create additional account online. I recommend Gmail (free for personal use) or GSuite (premium for business use – previously called Google Apps for Business), but these are not the only options.
2. Always Use Strong, Secure & Unique Passwords
It’s crucial to always use strong and secure passwords for all your online accounts. You can use an app like 1Password or a website like strongpasswordgenerator.com to generate strong passwords. Both these options have password strength indicator to help you craft a strong password. A strong password has 6 to 10 (or even more) characters and includes capital letters, lowercase letters, numbers and symbols. Adding more characters makes the password stronger.
Avoid using names, birth years, brand names or any word in the dictionary. Ideally randomly generate a strong password or create your own using a memory trick. For example use the first letter of each word of your favourite song title and then replace certain letters with numbers and symbols.
Avoid using the same password for multiple accounts. Generate a new password for each account you own.
3. Use A Password Managed App
Use a premium password manager app like 1Password to save, manage and backup your passwords. Do not use free apps and do not save your passwords in your browser (Chrome or Apple Keychain).
After installing a premium password manager app on your devices, make sure to set up the sync and backup features that regularly create encrypted backups of your passwords and saves them to the cloud (for example 1Password syncs your encrypted data to their secure servers.)
1Password also lets you save other sensitive information including credit card details, passport information, and secure notes and files. This app is available on Android, iOS, Windows and Mac OS and syncs across devices for convenience. It also works with fingerprint scanners for convenient access.
Q: What is a password manager app?
An app that lets you save, protect, manage and backup your passwords and sensitive information in an encrypted vault that you access using one single master password. Using an app makes it simple to use strong and complex passwords without needing to remember them all.
4. Activate & Use Two Factor Authorization
Where available make sure to activate and use Two Factor Authorization (TFA). This lets you add an extra layer of security to your accounts. When logging in, in addition to your username and password, you will need to provide a one time pin or password.
Depending on the system you are using this might be sent to your mobile phone or to a TFA app like Google’s Authenticator app.
Google, Dropbox, Dreamhost and Stripe are some examples of online services that currently offer Two Factor Authorization.
Take some time to learn more and activate TFA on your Google account and thank me later. When activating TFA, make sure to save any secret backup codes to your premium password manager app, in case you loose access to your phone and need to unlock an account.
5. Avoid Using Public Computers
Avoid using public computers (found in Internet cafes, backpacking hostels, libraries and airport lounges) to login to your accounts, make purchases or do online banking.
Public machines may contain keyword logging software. This software secretly records your activity including any text and passwords that you type into the keyboard and sends this stolen information to a hacker.
Instead (when possible) rather use your devices.
6. Use A VPN On Public Wifi Networks
Make sure to use a premium virtual private network (VPN) when using your device on public wifi networks including hotels, hostels, airports and malls.
A VPN encrypts and protects your information as it is sent and received from your device to the network. A VPN will also let you connect to the web using your preferred location specific server. If you are travelling for example and you’d like to access a website that is only available in the US, then you can simply connect through a US server to bypass this restriction.
There are many VPN options to choose from. Avoid using a free VPN as these may collect and sell your personal information. I’m currently using VyprVPN by Goldenfrog.
7. Never Click Untrusted Links
Never click on untrusted links in an email, on social media or inside other apps like Skype or Facebook messenger – even if you really really want to.
If you don’t know the sender or if the message seems out of place, then delete it. Instead contact the person using another method/channel and ask them about the link they sent. 9 out of 10 times you’ll find out that their account was compromised and that the email (with the link) was automatically sent out to all their contacts, including you. These automated spam emails are sent out by spam bots, not humans.
8. Only Use Trusted Websites And Apps
When doing your online banking make sure to use the official websites and apps. Also make sure that the website you’re using is encrypted and is using a valid SSL certificate. Make sure the URL is showing https:// instead of http://.
Never access your financial websites (banking, PayPal, Stripe, etc.) by clicking through a link in your email. Always type in the URL or search for the official website on google to make sure you land on the correct site.
Phishing scams can easily link you to a website that on first glance looks identical to the official site.
Also if you are using 1Password, then you can use the browser extensions, which let you login to your favourite websites with a single click after unlocking your vault. Using the browser extensions to login adds an extra security check, because the 1Password app will only automatically fill in your details and login if you are on the website that your access details are linked to.
9. Never Share Your Sensitive Information With Untrusted Individuals or Websites
There are numerous ways hackers try and get your sensitive information – via email phishing attempts, via key logging software and even via the phone.
If someone calls you claiming to be from a financial institution that you’re a client of, make sure that they are in fact who they claim to be. If you are unsure, hang up the phone and contact the company using the official contact channel/phone number to make sure you reach the correct person.
10. Don’t Be Scammed
If it’s too good to be true, it usually is – and it’s most likely a scam.
If you receive an email from a wealthy Nigerian prince that wants to wire you USD $800 000, delete the email and don’t reply.
If someone you know contacts you claiming to need financial help due to an overseas emergency. Contact them directly through a separate channel. You’ll most likely find out that they’re not even travelling.
If a handsome man on a dating site charms you into a cyber relationship and asks you for financial support so he can fly to you to live happily ever after. The man is probably not who he claims to be and he will happily take your donations and never come visit. Don’t get mislead.
As we go deeper down the rabbit hole by integrating our lives with technology and connected services, so it is our responsibility to educate and protect ourselves. Take the time to review your personal security setup and make sure that you don’t become the next victim.
If you have any questions, please don’t hesitate to contact me. If you’d like to be notified when this guide gets expanded/updated, make sure to join our notifications list. Thanks for reading, please take a moment to vote this post up or down – we value your feedback.