Boost your online security—and thwart hackers—with advice from cybersecurity experts.
18 Online Security Secrets from Internet Security Experts
Updated on May 06, 2024
Protect yourself with better online security
Cybercrime has been thriving globally since the pandemic started, targeting not only businesses but also the public. Online security couldn’t be more relevant in today’s digital world. With threats like phishing, spyware, and computer hacking putting your personal information at risk, simple security measures—like replacing easy-to-guess passwords with good passwords and using two-factor authentication—are a must.
In its 2020 Internet Crime Report, the FBI’s Internet Crime Complaint Center said it receives an average of 2,000 cybercrime complaints per day. The latest annual report from Cybersecurity Ventures estimates that cybercrime will cost the world $10.5 trillion annually by 2025. That staggering figure takes into account a multitude of factors, including stolen money, lost productivity, restoration, and the deletion of hacked data and systems. Learn about Google’s new tool that alerts you when your private information is shared online.
“We all know that having a proactive approach to online security is important. Whether you use your computer or smartphone for business or personal use, you need to stay up-to-date on the latest security tips for staying safe online,” says Anurag Gurtu, chief product officer at cybersecurity firm StrikeReady. To help you do just that, we’ve asked cybersecurity experts to share their top tips for better online security.
What is the meaning of online security?
Online security, or cybersecurity, is a range of preventative measurements we put in place to protect our online activities and transactions. Such tactics range from installing security software to thwart malware and viruses to regularly updating our devices.
Don’t confuse online security with online safety, though. They’re two different concepts, and you need to consider both. Online safety is how we approach safety in the digital space as an individual. By practicing good online safety, you can make sure you don’t fall victim to an online threat or scam.
What is the importance of online security?
Being on top of your cybersecurity game can save you from a lot of sleepless nights. With a good practice in place, you can better protect your user data, including sensitive personal information such as bank details, addresses, credit card information, account log-ins, and more.
Thankfully, as the following tips from industry experts prove, ensuring your online security is easier than you may think. And that means it’ll be harder for hackers to get your data, Google to track you, and bad actors to dox you.
Set up a firewall
As the first line of defense against intruders and security threats, a firewall acts as a barrier between your computer and the Internet connection by inspecting data coming from the Internet. It can block any suspicious activity or malware (including spyware) that’s trying to get through. “It’s important to have a firewall installed in your system, but you should also ensure that it stays activated all the time,” Gurtu says. “Most operating systems have a built-in firewall, but if you don’t have one, it’s easy to download one.”
To find out if you’re using a built-in firewall, navigate to your security settings and check to see whether the in-built firewall is enabled. If not, you can turn it on. And for additional security, you can download firewall software from a trusted company. Gurtu points to programs from SolarWinds, ManageEngine, Iolo, Norton, and LifeLock.
Use two-factor authentication whenever possible
The most secure websites give you the option of enabling two-factor authentication, and you should turn on this feature for any account that holds sensitive information. Providing an additional piece of information beyond your username and password will make your account more secure.
“Whenever you try to log in from a new device or location, a code will be sent to your phone or email address before allowing access,” Gurtu says. “If someone has stolen your password, this will prevent them from getting into your account.” You can also download a type of security app known as a two-factor authenticator, which will provide the code for you.
Use strong and unique passwords for all accounts
The name of your favorite football team is super easy to remember, but you may pay for the convenience. “Passwords that are not difficult to remember are also simple to break. A strong password is like a good lock on your door: It keeps the bad guys out,” says Gurtu, who also advises against reusing passwords on multiple sites and recommends changing your passwords regularly.
While you’re at it, make sure your password recovery questions are tough enough. “Unfortunately, these questions seem to come from a standard template known to everyone,” says Ell Marquez, a senior technical trainer at cybersecurity consulting firm Grimm. “What high school we attended and what city we were born in is information commonly shared on social media and in everyday conversations.” She suggests lying in your answers as a form of two-factor authentication that’ll stop hackers in their tracks.
Avoid phishing emails and websites
Phishing, one of the most common ways hackers target individuals and businesses, involves sending an email that looks like it’s from a reputable company or a person you know. In reality, it’s designed to trick you into giving out sensitive information, like your bank account info, social security number, or password. “The best way to avoid phishing attacks is to never click on links in emails or messages sent by people you don’t know,” says Gurtu. “If you’re unsure whether a message is authentic, contact the person who supposedly sent it to verify that it was actually from them.”
Another clue an email or QR code is phishing for your data? The link directs you to an unexpected site. “If an app or website redirects you somewhere you weren’t expecting to go, click away immediately,” says Chris Olson, CEO of digital security company The Media Trust. “Today, attackers commonly use malicious redirects to target users across the Internet with phishing attacks, identity-stealing code, and worse.”
(Also learn about the new form of phishing, quishing which is designed to bypass spam filters.)
Install and always update your antivirus software
Real-time antivirus protection may slow your device a tad, but safety should come before speed, according to Peter Stelzhammer, cofounder of AV-Comparatives, an organization that tests security software. He recommends using an antivirus program but stresses the importance of using the most up-to-date version; it’ll give you improved and additional features to enhance the software’s capability.
“One defining factor for the protection capability of an antivirus program is its continuously updated signature database,” he says. “As new threats emerge, the program recognizes them and can protect against them. In order to do so, always keep the Automatic Updates of your antivirus software turned on.”
Install an antispyware program
As the name implies, spyware is sneaky software that lurks on your device, monitors your activity, and collects data like passwords, authentication credentials, and email addresses. “Spyware is designed to collect information from your computer without you knowing about it and often gets installed when you click on a malicious link,” says Gurtu. “The best way to prevent spyware from installing itself is to install an antispyware program that often comes with antivirus software. It runs on your computer and acts as a firewall against the installation of spyware.”
Of course, there’s a chance someone else (an abusive ex, for instance) might install spyware on your device. But an antispyware program can help you spot it. Gurtu recommends running regular scans to ensure your devices are free of any spyware.
Secure your wireless network
Your home Wi-Fi should always be password protected. “Make sure you have a strong password for your router that is different from the one used for any other devices in your home,” says Gurtu. “Also, make sure the password is separate from the router’s username; this is another common point of entry for hackers.” One could make use of the many password management apps available to store their credentials securely.
But don’t stop there. Be sure to turn on network encryption for your router. Using either WPA or WPA2 encryption will help prevent others from connecting to your network and accessing any personal information stored on your devices.
Use encryption to keep your data secure
Encryption is a way to scramble information so only people with the right key have access to it. Even if hackers manage to get their hands on your data, they won’t be able to make sense of it without the key. If you have a Windows computer, Gurtu suggests using Microsoft’s BitLocker. If you use a Mac, it’ll have a built-in encryption tool called FileVault. And if you use an iMac Pro or another computer with an Apple T2 chip, your data is automatically encrypted.
Pay attention to online encryption too. “Whenever possible, use sites that begin with “https,” which indicates that the site uses encryption technology to protect its users’ information,” he says. “You should look for the padlock symbol in your browser bar; it indicates whether or not the connection is secure.”
For further security, you can encrypt your phone. “Also consider using encrypted messaging apps,” Gurtu says. “They’re more secure than SMS and many other messaging services. WhatsApp and Signal are two popular examples.”
Turn off your Bluetooth when you’re not using it
Bluetooth can wirelessly connect two devices together, such as your smartwatch and your phone, a keyboard and your tablet, or your phone and a speaker. But this convenient feature can attract hackers.
“It’s one of the easiest ways for hackers to break into your phone or computer,” Gurtu says. “It’s not limited to just eavesdropping; hackers can take control of devices connected over Bluetooth too. The best way to protect yourself is by turning off Bluetooth when you aren’t using it.”
Don’t connect to open Wi-Fi
Using public Wi-Fi networks to check your bank account or other personal information is a terrible idea, Gurtu says, as you never know who’s watching.
“If you don’t need Internet access for something critical and time-sensitive, then just wait until you get home, where it’s safe,” he says. “Otherwise, consider using a virtual private network (VPN). It’s a service that lets you send data through an encrypted tunnel across the Internet so nobody can see what you’re doing online or intercept your data.”
Disable autocomplete
Autocomplete, the function that fills in your information for you when you make a purchase or log into your account, can seem like a helpful and time-saving feature. So it may come as a shock to learn that it’s dramatically increasing your risk of being hacked.
“If someone gets access to your device, they could go on a shopping spree with your stored credit card information, even if they don’t know the actual number,” Gurtu says. “In order to protect your personal information and prevent unauthorized purchases, it is best to turn this feature off.”
Clear your browser history regularly
Your web browser stores a lot of information about you, which can be at risk of being stolen, Gurtu says. In order to protect your privacy and increase security, clear cookies and your browsing history every so often. “Remember, a hacker’s goal is to get into your computer so they can see what you’re doing online and collect data on who you are and what you care about,” he says. “That’s why it’s so important to keep them out.”
Since it’s practically impossible to do an anonymous search without tracking, it’s a good idea to periodically delete the “My Activity” in Google too.
Keep all your systems up-to-date
Using the Internet is a risky business. It connects your computer to what Stelzhammer calls the “widest network there is”—the World Wide Web. “Since the World Wide Web is a very dynamical space, operating systems permanently adapt to threats by releasing updates and patches that fix the eventual bugs, glitches, or vulnerabilities that can prove to be exploited as security holes.”
In other words, stop ignoring those security updates! Download them when they pop up on your device, set up auto-update, or go to your computer settings and download the latest system updates.
Back up your data on a regular basis
“Backup is essential in case of data loss caused by malware attacks or malfunctions,” says Stelzhammer. “Operating systems will attempt to recover system data through features such as System Recovery [on Windows], but this procedure does not cover files or third-party software.”
He suggests backing up your computer either through a third-party device, such as a mobile hard drive or USB drive, or via a network in a remote location under a verified and secure server. Create a backup at least every three months or with every change made to critical data.
Shut down when you’re done using your computer
By spending more time online, many people leave their computers or phones connected when they are not using them. But Stelzhammer says this practice has its downside: It makes the device more susceptible to attacks. For better online security, shut down your computer when you’re done using it.
“As a supplementary protection measure, turning the device off practically cuts off the potential attackers,” he says. “Be it spyware or botnets [networks of malware-infected computers] that use your computer to reach other victims in the network, they cannot act without an active connection.”
Consider virtualization software for more secure browsing
Think of virtualization software as a virtual operating system on your computer. By running programs like VirtualBox and VMware, you get an additional security layer for any web activity that makes you nervous, such as visiting an unfamiliar site or opening a dubious attachment. The extra protection will make it harder for bad actors to gain enough of your info to do something like steal your identity.
“These programs allow you to run a second, isolated operating system on top of your main one without having to reboot your computer every time you want to switch between them,” Gurtu says. “That way, if an attacker manages to gain access to your browser through an exploit, they won’t have access to anything else on your machine.”
Be careful when you disclose information online
Social media is a great tool, but Gurtu advises keeping some of your posts private. You don’t want to give out too much information online—you never know who’ll see it and use it against you. “Never disclose credit card numbers, bank account details, or other sensitive information over the Internet, unless you have verified that the company requesting it is genuine,” he says. “This also includes over email—never send payment or account details via email because it’s too easy for a hacker to intercept them.” Next, read about how your Instagram account can be hacked by a scammer.
Act responsibly when disposing of your old computer
You have a new computer—exciting! Just be sure you’re careful when getting rid of your old machine. Stelzhammer says that people have a tendency to forget about their old device once they bring home a new, more powerful computer. Before deciding on the fate of your old computer, make sure you save all the information you might need from the hard drive and store it on a secondary storage device.
Then it’s time to wipe the machine of your personal information. Remember, your old hard drive stores passwords, account data, address books, license keys for software programs, and personal, financial, and medical information.
“Keep in mind that deleting the files or formatting the disk does not erase the actual data on the hard drive,” he says. “It just removes the link to the bits and pieces of information scattered on the drive. These bits and pieces can still be reunited, using various recovering tools, to rebuild the data and make it readable again.”
Here are his recommendations for wiping your old computer clean:
- Use a disk-wipe utility program. Choose software that wipes and overwrites data many times. This method makes that data virtually impossible to recover. Overwriting destroys the data but allows the hard drive to be reused, and it’s currently the only known method of doing so.
- Degauss the hard drive. This process, which demagnetizes your hard drive, is a good option if you can’t access the hard drive via the operating system but know that critical, important, or sensitive data is still stored on it. It’s a powerful data wipe method—and the quickest—but it renders the disk unusable. So before you buy a hard drive degausser, be sure you’re ready to part with the hard drive permanently.
- Physically destroy the hard drive. You can render a hard drive unusable by removing it from your computer and physically destroying it. Try wiping the disk before destroying it, if possible.
Once you’ve put these tips to good use, find out what hackers can do with just your cell phone number—and what to do about it. Plus, learn the steps to take if you’ve been hacked on Instagram or Facebook.
Sources:
- Anurag Gurtu, chief product officer at StrikeReady
- Ell Marquez, senior technical trainer at Grimm
- Chris Olson, CEO of The Media Trust
- Peter Stelzhammer, cofounder of AV-Comparatives
- National Crime Agency: “Beware fraud and scams during Covid-19 pandemic fraud”
- Cybersecurity Ventures: “Cybercrime to Cost the World $10.5 Trillion Annually by 2025”
- FBI Internet Crime Complaint Center: “Internet Crime Report 2020”
