Safer Internet Day is today. But, your digital personal and professional world are under attack every day. So, it’s with this in mind, here is the advice I give to loved ones and clients alike when asked about how to protect themselves online.
User Account Management
First and most important is to start with the basic security of your user accounts on your desktop computers, laptops, smartphones and mobile tablets. Actually, anything with a username and password should have it enabled.
It’s convenient to have your devices simply have no password or passcode login, but this compromises your security if or when someone covertly accesses your device or snatches it off your table at a café or restaurant when you least expect it. On Windows, you want to make sure your Windows user account settings are activated and updated with a strong password (see below) and, on Mac OS X, walk yourself through each tab within your Security & Privacy settings in System Preferences (especially File Vault).
Password Managers Are Your Friend
Next, with so much of our world being digital today, passwords have become the banes of our existence. We have passwords upon passwords. And, we simply cannot remember them all. So, we cheat and create a password that we can remember, that’s simple, and we use it for all our online accounts. (In case you can’t tell, I’m metaphorically slapping my forehead.) Let’s change this practice through a simple set of security principles.
One, your username is a kind of password, too. When you enter a username into the field on a website, then another, then another, you get to be known by the username across many services. If your password on one site is compromised on one of these sites, hackers know to start checking other sites for that username. If you use different usernames one each site, you create a far smaller digital persona for hackers to track when the inevitable password hacks happen at Target, Equifax, Yahoo, or otherwise.
N.B. This is tough to avoid when your username is your business email address. But, where you’re required to use your email address as your username, you can use multiple business email accounts across the Web; create one for your important accounts, another for public marketing communications (e.g., those on flyers, postcards and business cards), and perhaps a tertiary one for less secure environments (e.g., Social Media accounts).
Two, the complexity of the password doesn’t make it a strong password as much as the length of the password; choose one that is the maximum length allowed by the service.
Third, you can no longer comfortably rely on your memory now to remember your usernames and passwords if you’re making them different on every site you use. The simple solution is a password manager. Now, you can even use randomized usernames and strong passwords without the need to remember any of them! I recommend LastPass (my preferred password manager) and 1Password to all of my clients, because they are available across all major mobile and desktop operating systems, and they have Web browser extensions.
User Two-Factor Authentication, When Possible
Password hacks happen every day in far more frequency than I believe any analysts and journalists are reporting. The main reason is that these hacks are too small in the eyes of the media to warrant grabbing audience attention. But, make no mistake, your passwords are being reaped from sources without your knowledge and you need to take precautions.
A simple way to do this is use what’s known in the cybersecurity industry as multi-factor authentication (MFA) or two-factor authentication (TFA/2FA). In short, you install a software such as Google Authenticator, Authy or LastPass Authenticator (separate app from LastPass) on your smartphone and/or mobile tablet; there are also physical 2FA devices available if you feel the need for that kind of security. Then, go to Google, Apple, Facebook, WordPress.com, Evernote, and any other online services you use that allow it, and enable two-factor authentication. (Text messaging (SMS) is not a second factor. Phone-based text messages can be easily spoofed or intercepted, so it cannot trusted as two-factor authentication.)
N.B. If you use two-factor authentication, make sure you print (yes, physically print on paper) the backup codes each service will provide to you. Then, secure those in a very safe place (from theft, fire and water damage). If you lose access to your 2FA app and can’t get back into a service, you will need those backup codes.
Enable Your Routers’ Firewalls
One of the most potent ways to stop hackers is to stop them from ever seeing your devices connected to your Internet. The way to do that is through the use of software called firewalls. So, go ahead, enable your routers’ firewalls and browse more securely.
Secure Your Web Browsing on Public Networks
Your next line of defense when you leave the safety of your private office or home network, is browsing and connecting to public Internet connections securely. Start with a virtual private network (VPN), a tool that creates a secure connection between your computer/device and whatever online services you’re connecting to. (My current favorite service is TunnelBear. They have a free monthly plan for light browsing at cafés, and have reasonably priced plans for those who work at coworking spaces and on public networks often.)
Following on the heels of any VPN, that doesn’t fully protect you. You need to actively protect yourself while Web browsing. Simply clicking on anything on the Web is a surefire way to download malicious content and software. Pay attention to every link you click on while browsing when on public networks.
Backup Your Devices (Cloud & External Drive)
Last but not least, you should backup your devices. It’s been discussed ad nauseum on the Web about best cloud backup solutions, external backup hard drives, and strategies for backing up your data. Sadly, small business owners especially are not listening well. Please, please, please backup your data. When you’re on the frontline, I can assure you it’s tough to answer each and every call or email from a business owner who has lost access to data because of ransomware or some other kind of cybercrime. Please don’t become another statistic.
So, that’s it. Six tactics for Safer Internet Day to help you be more secure on a daily basis. Here’s to keeping your digital identity and data safe!
Do you have a question about something discussed in this article about your cybersecurity? Leave a comment below (or click on Contact Us if you’d like to private message us) and we’ll be happy to see if we can help you out.