Do you ever wonder how safe you are online? The truth is, it’s almost impossible to tell these days, however, there are a few things that you can do to try and protect yourself. The following is a list of best practices:
- Regularly update your email password
- Avoid using the same password for multiple accounts
- Use anti-virus software
- Be cyber-aware
- Check if your email has been compromised in the past
Regularly update your email password
Your email password should be seen as one of your most sacred of all passwords. Many times the reset process for most websites will run through your email, so, if someone has your email they can get into almost anything. By regularly changing your email password you are limiting the ability of other people to gain access to your email.
Avoid using the same password for all your accounts
This is one habit that we are all guilty of. It’s hard not to use the same password for every website – who can remember 100 different passwords! But really we should not be. If one password is compromised it could lead to all of your accounts being compromised. Hackers regularly use credential stuffing techniques to quickly input compromised credential combinations, email addresses and passwords, into 100’s of common sites. If you are using the same credential combination for many sites they could quickly gain access to them all, automatically!
So, how do we avoid having all our accounts compromised without having to remember 100’s of passwords? Luckily, there are a couple of ways to do this.
One, you could have a single password for low security websites, a single password for medium security websites, and multiple different passwords for your high security accounts. This will take some of the guesswork out of having to remember 100 different passwords because you only have to remember about 4 or 5 passwords. Additionally, you should be able to guess which password it will be based on what sort of website you are logging into.
- An example of a low security website would be subscription accounts to blogs, or memberships to websites such as my subscription to Moz.com. Moz has very little personal information about me and does not contain any of my personal payment details.
- An example of medium security websites would be a website that contains lots of information about you but does not have any payment information. This could be something like Pinterest or Apps on your phone. These platforms have a lot of information about you (name, email address, location etc.) but no credit card information.
- A high security account would be anything that has access to your payment details, more information about you, is connected to other accounts, or could cause significant issues if compromised. This includes accounts like your online banking, email accounts, Amazon account, Facebook account, Google account. website login, etc.
Two, you can use a password generator/storing device on your phone/computer. The encryption and security features of these plugins/apps are a good way to protect yourself from the majority of hackers, however, using these programs can make it very difficult when you need to login on another device. There are hundreds of these apps out there, so I suggest you do some research, read the reviews and decide which one will best suit your needs.
Use anti-virus software
Many people still do not have anti-virus software installed on their computers. Without this software you may be unaware if your computer has been infected with malware (malicious software). Click here to learn more about Malware & How To Protect Yourself From It.
We recommend installing a program to actively defend your computer against malware and a program to scan your computer currently. For scanning your computer we recommend running programs like Malware Bytes or Norton Power Eraser on a regular basis.
If your computer has malware installed your passwords and email could be compromised. If you find any malware on your computer you will need to first remove it and then change your passwords.
A big part of being safe online is just knowing what to look for and being skeptical of the following:
- Never click on links in emails from people you do not know.
- Do not download files from websites you don’t know/trust.
- Check where links are going before you click on them by hovering over them.
- For more information on this technique see our Malware Blog Post.
- If something looks/feels wrong – avoid it!
- If something feels like it isn’t quite right, trust your intuition. As a consumer you shouldn’t ignore red flags.
- Never put your password into a site that you do not trust.
- Check the URLs to make sure that it is actually the site you think it is.
- For example Google.com and ɢoogle.com – the first is the real Google, the second is a spam site that uses a special character that resembles a G to trick users into trusting it.
- Another example that comes up frequently is the letter M being replaced with the letters R & N (Netclimber.com vs Netclirnber.com). On quick glance in the address bar they look very similar.
Check if your email has been compromised in the past
When large companies get hacked (Sony, LinkedIn, etc.) generally all the emails that are compromised make it out onto the internet in lists tens-of-thousands of emails long. As a regular person, unless otherwise notified, you would have no idea that your email and password was included on one of these lists somewhere. Luckily, there are programs that allow you to check if your email address shows up on a data breach list, and if so, which ones. Have I Been Pwned is one such website. You input your email address and it will tell you which, if any, data breaches your credentials were leaked.
If you find your credentials have been leaked I would suggest changing your passwords for all your accounts that use that email address. Going forward, you can check every few months or when news of a big data breach has occurred.
The internet is an amazing place, but we need to be careful with the information we put out there. The first step is education! If you would like some more information about how to stay safe online Contact Us!