Why is is that many computer users do not take better care of their systems security-wise? I think the main reason for that is that security does not matter for as long as you are not attacked or encounter situations where you need better security. When that happens, it is often too late and while many Internet users learn from this, it is still fair to say that security is something that many users ignore for the most part.
Many may have an antivirus solution installed because all the magazines and sites tell them that this is important, but it usually does not get farer than this.
I'd like to present to you 5 tips that help you stay safe on the Internet. Some recommend software programs or browser extensions, while others explain key security concepts that you can use to make sure you are safe. Feel free to add your own recommendations in the comment section below.
I'm not telling you to install antivirus solution A or B, or that you need a bi-directional firewall, or need to scan your system from time to time with a rootkit scanner. No, the most important tip is to keep your system up to date. This includes Windows Updates that get released on the second Tuesday of every month. Make sure you install them when they are released, and not days, weeks or months later (unless you know what you are doing).
But updating does not end there. You also need to make sure that your programs are up to date, especially those that you use to connect to the Internet, web browsers for instance, but also programs that may embed plugins into those browsers, like Adobe with its Flash Player.
Some programs come with options to install updates automatically, while others require you to download and install updates by yourself.
I recommend to activate automatic updates in Windows and in your browser of choice. It is also useful to stay on top of Flash and Java updates, and updates for other browser plugins you are using.
To find out which you are using, enter about:plugins in Firefox or Opera, and chrome://plugins/ in Google Chrome. For Microsoft's Internet Explorer, it is complicated.You need to open the Windows Registry Editor and look under the following keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
Some web browsers inform you if plugins need updating. You can visit Mozilla's Plug-in Check site to test if plugins in your browser need updating. Note that this may not work in all browsers.
2. Know Internet addresses
Sounds easy but is something that most users do not pay attention to. The Internet address, or website address or url, determines the site you are connected to. What you need to understand is that https is better than http, and that finance related sites, like your bank's website, payment processors and the payment section of shopping sites, need to display https in front. You also need to make it a habit to check the web address.
You can also click on the icon in front to get additional information in your browser.
Link checking is important. This is done by hovering your mouse cursor over a link to read the web address it links to. Browsers and other programs usually display link destinations then, which you should make use of to make sure a link leads to the correct destination and not a phishing or fake site.
If you are unsure, enter the address manually instead in your browser or contact the support of the site to find out if the mail is legit or not.
3. Pick secure unique passwords
A password like Dallas or 123456 is easy to remember, but what you need to consider is that it is also easily guessable. You need to select secure unique passwords whenever you sign up for a service.
Secure means that it needs to have a decent length, 12 to 16 characters is a good start, that it is diverse, meaning that you need to mix letters, numbers and special chars if allowed by the site. Since it is quite difficult to remember passwords like V34cy_dsf23$s23, especially if you have dozens or more of those, it is advised to use a password manager. You can use an online password manager like Last Pass for that, or a desktop password manager like the excellent KeePass.
These programs not only save your passwords and usernames, they also include password generators which simplifies the generation of secure passwords.
Unique on the other hand means that you should not use the same password on more than one sites. The only exemption that I'd make here is if the account is not personal, e.g. you have signed up for a site to watch videos there but have not entered any personally identifiable information.
Do not write those passwords down physically, save them in unencrypted form on the computer, or tell them to anyone you know or do not know.
4. Use disposable mail / a second mail account
You do not and should not sign up for all services with your main account. One option that often makes sense is to create a second email account and use that account exclusively for sign ups on sites that are not overly important to you. While you might want to sign up with your real email address on your University's student site, you should prefer a secondary address for social networking sites, news sites, blogs, gaming sites and more or less all other sites on the Internet.
Why? This is more of a "we sell your email address and profile information" kind of thing that it is a potential security hazard. Still, if you do not want to be swarmed by spam, use a secondary address or disposable email.
Disposable email addresses basically let you create email addresses on the fly that have a limited lifespan. The idea is to sign up using one, get the confirmation email, click on the link, and never use that email address again. Pretty handy huh?
They are not useful for all types of sign ups though. Anyone with knowledge of the email address you signed up with can for instance request a password reset for your account. The email goes directly to the disposable email provider where anyone with knowledge can access it and reset your password. When that happens, it is usually only a matter of time until your account gets hijacked.
In short: they are very good when you need to sign up to a site to access contents. As soon as you reveal personal information, it is better to use a secondary email account for sign up.
5. Use common sense
A Nigerian prince wants to give you 10% of his 10 billion Dollar stash but requests that you send him money first so that he can make the transfer? A women emails you that you never heard of before and claims that she wants to have sex with you? An Iraqi war veteran stumbled upon a ton of Gold and needs logistics to transport it out of the country?
Those email messages and a lot more are common. Spammers try a lot to get you on the hook. Even if you would not fall for those examples, there are others that you may. Examples of this are information about a package that a service like UPS tried to deliver but could not, a Casino that is offering you free spins, or someone who claims to have made millions with a simple Internet site (and wants to sell that secret to you for $10).
A rule of thumb is that you should not open attachments of emails where the sender is not known to you. I do not open emails from businesses that I do not have a relationship with.
But common sense is also important when you are browsing the web. Congratulations, you are the 1,000 visitor, you have won an Apple iPad. Bogus messages are all around you, and it is best to ignore them all instead of falling pray to people who just want your data so that they can sell it to the highest bidder.
Common Sense should probably have been number one of the list
Anything that I missed that you'd like to add? Leave a comment below, I'd love to read your suggestions.