These days, online safety feels like an overwhelming and complicated endeavor. Whether you’re answering e-mails, browsing the Internet, downloading music or buying things online, it seems like there are dangers everywhere you turn.
You’ve got hackers trying to install keyloggers on your computer, shady characters attempting to intercept your Internet traffic to strip credit card information, and criminals attempting to hack into your bank or Paypal account. With all of these threats, what on Earth is a regular user to do? At times, it almost feels like the threat is so great that the Internet has become useless – a virtual minefield of potential identity theft or computer infection.
Here at MakeUseOf, we’ve focused heavily on security because as online writers that interact with readers on a daily basis, we know that things like email, browser and social network security really matter to people, and that hacking attacks happen often. To help readers stay vigilant, we’ve offered articles like Tina’s important tips on how to secure your Facebook account, Joel’s list of 7 email security tips, and James’ article on securing your website.
These are great posts that focus on individual areas where tightening up security is a very focused activity. You’re locking up the gate on Facebook, or your locking the back door to your private emails. But in general, what can you do right now to try and build a virtual fortress of security on all fronts? How can you be sure that your Internet browsing, email exchanges and your personal files are all secure and private behind double-locked gate of security?
Creating a Virtual Fortress Around Yourself
Most hacking is an opportunistic effort. These are anything from pimply-skinned, teens that are highly skilled at computer programming to well-paid coders that are working for an organized crime outfit. In the majority of cases, they are all looking for an unlocked door.
The problem is that most people don’t know they’ve left a door unlocked. Heck, they don’t even know there’s a lock in the first place. The point of this article is to give you a tour of your virtual house – that computer connected to the Internet that you use all the time – and show you the opened windows and unlocked doors that hackers can uncover and take advantage of.
Encrypting Browser Traffic
The first thing to consider is the area where you likely spend most of your time – browsing. How secure is your Internet traffic when you’re using a browser, and how easy would it be for someone that can intercept that traffic to strip out private information about you?
At the very least, you should make sure that any time you’re making an online purchase, transmitting logon information, or otherwise filling out forms that contain phone numbers, emails or social security numbers, that traffic should always be encrypted. With Chrome, you can do this with the Use HTTPS extension, which I really like.
With Use HTTPS, you can force your browser to utilize encrypted transmission if the site has that option. It gives you a field to test whether the site offers it, and if it does you can add it to the list. You’d be surprised how many sites give you that ability to force HTTPS. Twitter, Facebook, Email and more.
FireFox also offers an add-on called NoScript that does the same thing. Unfortunately, NoScript will break most scripts on sites that you love unless you specifically tell it that it’s okay to run scripts on that site. Remember, the sites you love to read for free exist because of the ads that display, which require scripts to run. So, if you enable NoScripts, please take the time to go into the Options, click on “Whitelist” and add makeuseof.com and all of your other favorite sites to the whitelist.
Then, click on the “Advanced” tab, select the “HTTPS” tab inside of that, and add all of the sites that you want to force encrypted HTTPS communications at all times.
Yes doing this has the potential to slow down the page somewhat, since traffic needs to be encrypted/decrypted, but it also means that should someone try to intercept your Facebook activity or your email exchanges, they’ll have to try and bust through the wall of encryption to see that information. Encryption elevates the required skill of the hacker by a very large factor. For most of the small-time criminals, the payoff isn’t worth the effort – they would instead try to seek out dumber fish.
Connect Your Cellphone to Facebook, Gmail & Twitter
Some alerts are really annoying, like when your buddy Sam breaks 12,000 points on Angry Birds (who cares?), but there are other alerts where you really do want to receive an email. For example, if someone has logged into your Facebook or Gmail accounts from an unrecognized device.
By default, these notifications are turned off. You can go a long way toward staying on top of your account security if you enable those notifications. This would give you time to immediately login and change your password before anyone can get any information about you – or worse, lock you out of your own account.
You can do this easily on Facebook by going into Account Settings, clicking on “Security” in the left navigation bar, and setting “Login Notifications” to either Email or Text messages (however you’d like to be notified).
Google offers a 2-step verification security procedure that lets you connect your Google account to a cellphone number. This is excellent security because no one can make a change to your account password without also having your cellphone in hand to verify that change. You do this by going to Gmail, then going to Settings and the “Accounts and Import” tab. Then click on “Other Google Account settings”.
This takes you to your Google Accounts settings page. There, click on Security. If you’ve never been here before, you’ll notice it’s probably OFF. Just click on Edit and enable 2-step verification.
The process is really fast and painless. Just type in the phone number of your home phone or cellphone number (preferably cellphone, so you can verify changes from anywhere). Choose whether you want to perform account change verifications by text message or voice call, and you’re done!
You can connect your cellphone to your Twitter account for text notifications for account changes by making sure to add your phone number to your account. Do this on the Twitter website by going to “Settings”, and then clicking on “Mobile” and filling in your phone number. Click “Activate phone” and you are now protected.
Keep Your Email Address & Phone Number Off The Internet
Another huge mistake that’s also very common is when people post an email on the Internet that is a regular home or work email. This is the fast-path to a constant stream of not only spam email ads, but worst of all phishing email attacks.
Hackers scour the net for email addresses to add them to their “target” email lists. You can avoid this by either using a throwaway account that you use for nothing other than receiving emails from a certain web contact page or sign-up form. If you do have to use your actual email, at least don’t make it look like an actual email address – post it as something like yourname-at-yourwebsite.com on your contact page.
The same goes for your real phone number. Your email address, phone number and mailing address should be nowhere near the Internet. Those details are a fast track to tracing your physical location, your background, your education, your employment, and on and on.
If you need to receive phone calls from your website visitors, sign up for a Google Voice account, and then use that as the contact point for online visitors.
Google Voice is nice because you can listen to the message right from your browser and then just delete it if you’re not interested. Or, give them a call back – but the caller can’t do a reverse lookup on a Google Voice phone number to learn more about you.
Use a Well Encrypted Password Manager
If you’re the type of person that has over a dozen accounts with different passwords and you use a paper notebook or a text file to store all of your account passwords, please do yourself a favor and install an encrypted password manager right now. Take the advice of MUO writers and readers and go for LastPass, since it often makes the top of every password manager list. It’s so easy to use. Visit a site where you need to sign in, LastPass will ask you if you want to save that login.
You can organize passwords by group, add notes, have it autofill or autologin for you – but best of all the passwords are stored behind an encryption algorithm and a single difficult password.
That means you remember one single password, and that’s it. Throw those little scraps of paper away. Better yet – shred them.
Lock Sensitive Digital Data on Your USB
Before I get to passwords (which have to be covered eventually), it’s important to decide where to put those documents and files that do contain your personal details. Digital tax returns, insurance documents, school records – they all need to be saved, but they all contain your social security number, contact info, and sometimes even your credit card numbers.
Ideally, you would store those files on a device or computer that isn’t even on the Internet. But since that’s not always possible, you could at least create a locked, encrypted drive on your USB drive using software like Rohos Mini Drive. Rohos comes highly recommended by Mark, and it’s also been recommended at MUO answers by Tina and others. You can use it even if you don’t have admin rights on the computer you’re plugging the drive into.
To set up the encrypted, secure digital partition, just download and install Rohos Mini Drive portable and put the .exe file on your USB drive. Run it to create an encrypted, password protected disk on your USB drive.
Now, when you run the portable .exe on your USB stick, it’ll open up the drive. All you have to do is click on the red “import file” icon to bring files into your protected drive, or the green “export file” to get it out. You should never have to use the export, because you can open the files from right inside the drive if you have the password.
The beauty of this is that your data files will be in a USB drive which you can store off of the Internet most of the time. The only time it’s connected to your computer is when you need those sensitive files. This will drastically reduce the chances of someone getting into your computer, and discovering that information. If it’s not there, it can’t be stolen. Anyway, you do have a good antivirus installed, right?
How’s That Password?
So, a strong password is also at the center of this. Your password manager tool needs a good password, for starters. Your encrypted USB drive needs one too. My rule of thumb is to think of a nursery rhyme with at least 15 words. Use the first letter of each word, capitalize the first or last, replace certain letter O or I with zero or ones, and add a special character at the end, like an exclamation point.
It’s really, really easy to remember, and you’ll have a 15 digit password that will be nearly impossible to crack – even if they know the nursery rhyme you chose.
So, have you ever tried any of these security tips? Do you have other ways that you fortify your online presence? Share your feedback and your own tips in the comments section below!
Image Credit: Cannon in Castle via Shutterstock