The internet may not be as scary as your mother warned you, but danger indeed lurks in many dark corners of the web.
From nearly harmless occurrences like receiving spam mail to potentially life-altering predicaments like identity theft, the internet is swarming with innovative scams.
Staying safe in the digital world isn’t too complicated, but it includes a more nuanced approach than merely avoiding sharing your credit card info with random strangers you meet on social media.
A security breach is even more complicated if it hits your business. In that case, you should know, or at least have people who know how to implement a cybersecurity incident response plan.
Today, I’ll discuss the most important strategies everyone should apply when using the web, whether for work, school, or leisure. Let’s jump right in.
1. Know a Spam Email When You See One
Not all emails are created equal. Some are important, some less so, and some are just written to trick you into giving your money or important information.
Your email provider likely has some spam filters in place. They’re pretty good at weeding out the obvious spam mail (putting it into your spam folder or blocking it on the spot), but they’re not infallible.
Hence, spam mail may still end up in your inbox. That’s why it’s crucial to know the difference between legitimate and spam e-mails.
FBI’s Internet Crime Complaint Center (IC3) recorded about $3.5 billion in losses to individuals and businesses in 2019 alone, with the majority of complaints being related to phishing (attempting to obtain your valuable info through psychological manipulation techniques known as social engineering).
Younger users are especially vulnerable to these kinds of attacks, so you may consider using an iPhone parental monitoring app to make sure your kid isn’t falling for any of the popular web scams.
Here are the two types of potentially dangerous emails that may end up in your inbox:
1. The “419 fraud”, commonly known as the Nigerian Prince scam.
These come in many forms, but almost all of them include a promise of a huge sum of money landing in your bank account if you just take care of some transfer costs.
Scammers get creative with the backstory – sometimes the money’s coming from an imprisoned Nigerian prince, and other times it’s an inheritance from a multi-millionaire who just happens to be your long-lost uncle.
No matter how tear-provoking the story is, remember that there’s no easy money (even online). If it sounds too good to be true, it likely isn’t.
2. “Spoofing”, or mails (and sites) that mimic legitimate businesses.
These can be tricky to recognize. Spoof emails may look like legit emails from businesses like Instagram, Netflix, or PayPal, asking you to take actions like changing your password or updating your payment information.
That’s why you should always make sure that the sender’s email address is legitimate (you can do this by googling the address) before clicking on anything in the email.
It’s a big red flag if the email came unexpectedly and refers to an activity you don’t recognize.
In short – never click on links placed in strange-looking emails, never open suspicious attachments, always check the domain from which the mail is sent, and pick up nuances in language that tickle your internal BS detector.
2. Create Stronger Passwords
Are you one of the millions who used “123456” as (a poor excuse for) a password?
Or perhaps you, like 67% of millennials, use the same password across multiple accounts?
Using weak passwords or repeating passwords across platforms is a surefire way to get your accounts broken into.
Luckily, there are two ways to prevent this:
1. Create stronger passwords
You can make your passwords longer than 8 characters, combine lower and upper case letters, include numbers and special characters, and avoid using obvious data like your birthplace and pet’s name in the password.
Making your passwords as random as possible will make it harder to guess even through social engineering.
That’s why it’s a great idea to use strong password generators, that you’ll store in a password vault application.
2. Use unique passwords across sites
You don’t have to remember them all. Use a simple notebook, a spreadsheet, or a password manager to help you keep track of your login information safely.
3. Use Two-Factor Authentication For Most Valuable Accounts
Even the strongest passwords can fail as a security measure.
That’s why many websites (especially financial services) require you to set up two-factor authentication.
The two-factor authentication system adds an extra step to the login process.
Apart from your username and password, you may need to type in a passcode sent to your phone or email, a fingerprint scan, or a security question only you would know the answer to.
Sometimes, you may even have a physical device like a USB drive that you need to insert to log in.
Two-factor authentication makes it harder for hackers to log into your account because it adds another layer of security to your account information.
4. Update Your Devices and Computer Programs Frequently
Device updates can be a drag – but they’re there for a reason. Don’t brush off updates, whether they’re on your phone or PC.
Whether you use Windows, Mac, Linux, Android, or iOS, the companies that manage these operating systems continuously work on finding and fixing potential security holes.
The security fixes, along with bug patches and feature updates, are dispatched to end-users (you and me) through updates. They make your devices less vulnerable to attacks from viruses and hackers.
Besides, very few operating systems require you to install antivirus programs these days. Windows has Windows Defender built-in, while Mac computers have XProtect, but it’s always good to get something better (I use Kaspersky Security Cloud).
Regular updates ensure your antivirus database is up to date and ready to protect you from the newest threats that circulate around the web.
And if you installed your preferred antivirus program on your device, make sure you turn on automatic updates!
5. Turn Creating Backups Into An (Automated) Habit
If you’ve ever heard of ransomware attacks, you probably understand the importance of keeping your data safe.
Ransomware is a special type of virus that encrypts your data so that you can’t access it unless you pay money (ransom) to get a key that unlocks and restores your files.
That’s pretty scary, whether you work as a freelancer, in a company, or you’re a student.
Even if you don’t get a ransomware attack, there’s always the possibility your devices will fail and just shut down forever.
The best way to keep your data safe is to have a backup ready.
In fact, several types of backups are recommended – especially those that aren’t connected to the web (like on your external hard drive).
Some cloud services may even offer immutable (a backup that can’t be modified) storage for your data.
You can choose the frequency you update your backups. I do it once a month, but people and companies with a lot of sensitive data should do it much more often.
Always look for an automated way to get your backups ready – set reminders or use the auto-update function that’s available on many services.
6. Only Buy Stuff Through Secure Websites
Whenever you make a purchase online, you need to connect your payment services, credit cards, or bank accounts to websites and payment gateways.
Better make sure the places you give this sensitive info are trustworthy.
Besides checking if the company you’re buying from is legit, you also need to make sure their website is secure.
Luckily, there’s a very simple way to do this: check out the URL of the site for the SSL certificate.
If the website address starts with https: – the site is secure. That means that it encrypts your data, making it harder for cybercriminals to obtain.
If the site address starts with http: (without the S – which stands for secure), or it’s marked with a padlock icon – the site doesn’t follow the worldwide security protocols and you might be better off taking your business elsewhere.
You wouldn’t walk down the street with your bag open – so don’t make your data easily available to criminals on the web either.
Avoiding spam, unsafe sites, and viruses may be tricky, but it’s not hard when you educate yourselves and only click on trustworthy links.
If you want to share any internet safety advice I overlooked, please do so in the comments below! Stay safe!