A Trusted Friend in a Complicated World

18 Online Security Secrets from Internet Security Experts

Updated: May 06, 2024

Boost your online security—and thwart hackers—with advice from cybersecurity experts.

Hands holding different devices vector illustration
Vectorpower/Getty Images

Protect yourself with better online security

Cybercrime has been thriving globally since the pandemic started, targeting not only businesses but also the public. Online security couldn’t be more relevant in today’s digital world. With threats like phishing, spyware, and computer hacking putting your personal information at risk, simple security measures—like replacing easy-to-guess passwords with good passwords and using two-factor authentication—are a must.

In its 2020 Internet Crime Report, the FBI’s Internet Crime Complaint Center said it receives an average of 2,000 cybercrime complaints per day. The latest annual report from Cybersecurity Ventures estimates that cybercrime will cost the world $10.5 trillion annually by 2025. That staggering figure takes into account a multitude of factors, including stolen money, lost productivity, restoration, and the deletion of hacked data and systems. Learn about Google’s new tool that alerts you when your private information is shared online.

“We all know that having a proactive approach to online security is important. Whether you use your computer or smartphone for business or personal use, you need to stay up-to-date on the latest security tips for staying safe online,” says Anurag Gurtu, chief product officer at cybersecurity firm StrikeReady. To help you do just that, we’ve asked cybersecurity experts to share their top tips for better online security.

illustration of hand and a lock protecting multiple different online devices
sorbetto/Getty Images

What is the meaning of online security?

Online security, or cybersecurity, is a range of preventative measurements we put in place to protect our online activities and transactions. Such tactics range from installing security software to thwart malware and viruses to regularly updating our devices.

Don’t confuse online security with online safety, though. They’re two different concepts, and you need to consider both. Online safety is how we approach safety in the digital space as an individual. By practicing good online safety, you can make sure you don’t fall victim to an online threat or scam.

Illustration of laptop computer and cyber criminal looking for password
RD.com/Getty Images (2)

What is the importance of online security?

Being on top of your cybersecurity game can save you from a lot of sleepless nights. With a good practice in place, you can better protect your user data, including sensitive personal information such as bank details, addresses, credit card information, account log-ins, and more.

Thankfully, as the following tips from industry experts prove, ensuring your online security is easier than you may think. And that means it’ll be harder for hackers to get your data, Google to track you, and bad actors to dox you.

Businesswoman out from a computer with a shield
sorbetto/Getty Images

Set up a firewall

As the first line of defense against intruders and security threats, a firewall acts as a barrier between your computer and the Internet connection by inspecting data coming from the Internet. It can block any suspicious activity or malware (including spyware) that’s trying to get through. “It’s important to have a firewall installed in your system, but you should also ensure that it stays activated all the time,” Gurtu says. “Most operating systems have a built-in firewall, but if you don’t have one, it’s easy to download one.”

To find out if you’re using a built-in firewall, navigate to your security settings and check to see whether the in-built firewall is enabled. If not, you can turn it on. And for additional security, you can download firewall software from a trusted company. Gurtu points to programs from SolarWinds, ManageEngine, Iolo, Norton, and LifeLock.

Two step authentication vector illustration, smartphone and computer safety login or signin
Oleksandr Paltsev/Getty Images

Use two-factor authentication whenever possible

The most secure websites give you the option of enabling two-factor authentication, and you should turn on this feature for any account that holds sensitive information. Providing an additional piece of information beyond your username and password will make your account more secure.

“Whenever you try to log in from a new device or location, a code will be sent to your phone or email address before allowing access,” Gurtu says. “If someone has stolen your password, this will prevent them from getting into your account.” You can also download a type of security app known as a two-factor authenticator, which will provide the code for you.

two hands holding an iPod with a log on screen illustration
Stanislav Potapov/Getty Images

Use strong and unique passwords for all accounts

The name of your favorite football team is super easy to remember, but you may pay for the convenience. “Passwords that are not difficult to remember are also simple to break. A strong password is like a good lock on your door: It keeps the bad guys out,” says Gurtu, who also advises against reusing passwords on multiple sites and recommends changing your passwords regularly.

While you’re at it, make sure your password recovery questions are tough enough. “Unfortunately, these questions seem to come from a standard template known to everyone,” says Ell Marquez, a senior technical trainer at cybersecurity consulting firm Grimm. “What high school we attended and what city we were born in is information commonly shared on social media and in everyday conversations.” She suggests lying in your answers as a form of two-factor authentication that’ll stop hackers in their tracks.

Data hacking, fishing hook, stealing confidential data, personal information and credit card detail
danijelala/Getty Images

Avoid phishing emails and websites

Phishing, one of the most common ways hackers target individuals and businesses, involves sending an email that looks like it’s from a reputable company or a person you know. In reality, it’s designed to trick you into giving out sensitive information, like your bank account info, social security number, or password. “The best way to avoid phishing attacks is to never click on links in emails or messages sent by people you don’t know,” says Gurtu. “If you’re unsure whether a message is authentic, contact the person who supposedly sent it to verify that it was actually from them.”

Another clue an email or QR code is phishing for your data? The link directs you to an unexpected site. “If an app or website redirects you somewhere you weren’t expecting to go, click away immediately,” says Chris Olson, CEO of digital security company The Media Trust. “Today, attackers commonly use malicious redirects to target users across the Internet with phishing attacks, identity-stealing code, and worse.”

(Also learn about the new form of phishing, quishing which is designed to bypass spam filters.)

man exterminating computer virus illustration
sorbetto/Getty Images

Install and always update your antivirus software

Real-time antivirus protection may slow your device a tad, but safety should come before speed, according to Peter Stelzhammer, cofounder of AV-Comparatives, an organization that tests security software. He recommends using an antivirus program but stresses the importance of using the most up-to-date version; it’ll give you improved and additional features to enhance the software’s capability.

“One defining factor for the protection capability of an antivirus program is its continuously updated signature database,” he says. “As new threats emerge, the program recognizes them and can protect against them. In order to do so, always keep the Automatic Updates of your antivirus software turned on.”

illustration of laptop with spy eye icon on the screen, blue background
Jane_Kelly/Getty Images

Install an antispyware program

As the name implies, spyware is sneaky software that lurks on your device, monitors your activity, and collects data like passwords, authentication credentials, and email addresses. “Spyware is designed to collect information from your computer without you knowing about it and often gets installed when you click on a malicious link,” says Gurtu. “The best way to prevent spyware from installing itself is to install an antispyware program that often comes with antivirus software. It runs on your computer and acts as a firewall against the installation of spyware.”

Of course, there’s a chance someone else (an abusive ex, for instance) might install spyware on your device. But an antispyware program can help you spot it. Gurtu recommends running regular scans to ensure your devices are free of any spyware.

illustration of a laptop with a yellow screen connecting to wifi
RD.com/Getty Images (2)

Secure your wireless network

Your home Wi-Fi should always be password protected. “Make sure you have a strong password for your router that is different from the one used for any other devices in your home,” says Gurtu. “Also, make sure the password is separate from the router’s username; this is another common point of entry for hackers.” One could make use of the many password management apps available to store their credentials securely.

But don’t stop there. Be sure to turn on network encryption for your router. Using either WPA or WPA2 encryption will help prevent others from connecting to your network and accessing any personal information stored on your devices.

illustration of encrypted files
Jane_Kelly/Getty Images

Use encryption to keep your data secure

Encryption is a way to scramble information so only people with the right key have access to it. Even if hackers manage to get their hands on your data, they won’t be able to make sense of it without the key. If you have a Windows computer, Gurtu suggests using Microsoft’s BitLocker. If you use a Mac, it’ll have a built-in encryption tool called FileVault. And if you use an iMac Pro or another computer with an Apple T2 chip, your data is automatically encrypted.

Pay attention to online encryption too. “Whenever possible, use sites that begin with “https,” which indicates that the site uses encryption technology to protect its users’ information,” he says. “You should look for the padlock symbol in your browser bar; it indicates whether or not the connection is secure.”

For further security, you can encrypt your phone. “Also consider using encrypted messaging apps,” Gurtu says. “They’re more secure than SMS and many other messaging services. WhatsApp and Signal are two popular examples.”

illustration of open laptop
RD.com/Getty Images (2)

Turn off your Bluetooth when you’re not using it

Bluetooth can wirelessly connect two devices together, such as your smartwatch and your phone, a keyboard and your tablet, or your phone and a speaker. But this convenient feature can attract hackers.

“It’s one of the easiest ways for hackers to break into your phone or computer,” Gurtu says. “It’s not limited to just eavesdropping; hackers can take control of devices connected over Bluetooth too. The best way to protect yourself is by turning off Bluetooth when you aren’t using it.”

illustration of three people sitting on laptops at one long table
sorbetto/Getty Images

Don’t connect to open Wi-Fi

Using public Wi-Fi networks to check your bank account or other personal information is a terrible idea, Gurtu says, as you never know who’s watching.

“If you don’t need Internet access for something critical and time-sensitive, then just wait until you get home, where it’s safe,” he says. “Otherwise, consider using a virtual private network (VPN). It’s a service that lets you send data through an encrypted tunnel across the Internet so nobody can see what you’re doing online or intercept your data.”

illustration of a woman protecting her bank account information
sorbetto/Getty Images

Disable autocomplete

Autocomplete, the function that fills in your information for you when you make a purchase or log into your account, can seem like a helpful and time-saving feature. So it may come as a shock to learn that it’s dramatically increasing your risk of being hacked.

“If someone gets access to your device, they could go on a shopping spree with your stored credit card information, even if they don’t know the actual number,” Gurtu says. “In order to protect your personal information and prevent unauthorized purchases, it is best to turn this feature off.”

illustration of a laptop with an open browser Window and a trashcan for deleting files
RD.com/Getty Images (2)

Clear your browser history regularly

Your web browser stores a lot of information about you, which can be at risk of being stolen, Gurtu says. In order to protect your privacy and increase security, clear cookies and your browsing history every so often. “Remember, a hacker’s goal is to get into your computer so they can see what you’re doing online and collect data on who you are and what you care about,” he says. “That’s why it’s so important to keep them out.”

Since it’s practically impossible to do an anonymous search without tracking, it’s a good idea to periodically delete the “My Activity” in Google too.

illustration of an open laptop with an updating screen
RD.com/Getty Images (2)

Keep all your systems up-to-date

Using the Internet is a risky business. It connects your computer to what Stelzhammer calls the “widest network there is”—the World Wide Web. “Since the World Wide Web is a very dynamical space, operating systems permanently adapt to threats by releasing updates and patches that fix the eventual bugs, glitches, or vulnerabilities that can prove to be exploited as security holes.”

In other words, stop ignoring those security updates! Download them when they pop up on your device, set up auto-update, or go to your computer settings and download the latest system updates.

illustration of a man baking up computer data to the cloud, yellow background
sorbetto/Getty Images

Back up your data on a regular basis

“Backup is essential in case of data loss caused by malware attacks or malfunctions,” says Stelzhammer. “Operating systems will attempt to recover system data through features such as System Recovery [on Windows], but this procedure does not cover files or third-party software.”

He suggests backing up your computer either through a third-party device, such as a mobile hard drive or USB drive, or via a network in a remote location under a verified and secure server. Create a backup at least every three months or with every change made to critical data.

illustration of laptop with shut down screen, red background
RD.com/Getty Images (2)

Shut down when you’re done using your computer

By spending more time online, many people leave their computers or phones connected when they are not using them. But Stelzhammer says this practice has its downside: It makes the device more susceptible to attacks. For better online security, shut down your computer when you’re done using it.

“As a supplementary protection measure, turning the device off practically cuts off the potential attackers,” he says. “Be it spyware or botnets [networks of malware-infected computers] that use your computer to reach other victims in the network, they cannot act without an active connection.”

illustration of an internet search page with a magnifying glass and lock
Meeerkat/Getty Images

Consider virtualization software for more secure browsing

Think of virtualization software as a virtual operating system on your computer. By running programs like VirtualBox and VMware, you get an additional security layer for any web activity that makes you nervous, such as visiting an unfamiliar site or opening a dubious attachment. The extra protection will make it harder for bad actors to gain enough of your info to do something like steal your identity.

“These programs allow you to run a second, isolated operating system on top of your main one without having to reboot your computer every time you want to switch between them,” Gurtu says. “That way, if an attacker manages to gain access to your browser through an exploit, they won’t have access to anything else on your machine.”

illustration of a laptop with personal profiles, yellow background
sorbetto/Getty Images

Be careful when you disclose information online

Social media is a great tool, but Gurtu advises keeping some of your posts private. You don’t want to give out too much information online—you never know who’ll see it and use it against you. “Never disclose credit card numbers, bank account details, or other sensitive information over the Internet, unless you have verified that the company requesting it is genuine,” he says. “This also includes over email—never send payment or account details via email because it’s too easy for a hacker to intercept them.” Next, read about how your Instagram account can be hacked by a scammer.

illustration of old electronics in a garbage can, red background
jabkitticha/Getty Images

Act responsibly when disposing of your old computer

You have a new computer—exciting! Just be sure you’re careful when getting rid of your old machine. Stelzhammer says that people have a tendency to forget about their old device once they bring home a new, more powerful computer. Before deciding on the fate of your old computer, make sure you save all the information you might need from the hard drive and store it on a secondary storage device.

Then it’s time to wipe the machine of your personal information. Remember, your old hard drive stores passwords, account data, address books, license keys for software programs, and personal, financial, and medical information.

“Keep in mind that deleting the files or formatting the disk does not erase the actual data on the hard drive,” he says. “It just removes the link to the bits and pieces of information scattered on the drive. These bits and pieces can still be reunited, using various recovering tools, to rebuild the data and make it readable again.”

Here are his recommendations for wiping your old computer clean:

  • Use a disk-wipe utility program. Choose software that wipes and overwrites data many times. This method makes that data virtually impossible to recover. Overwriting destroys the data but allows the hard drive to be reused, and it’s currently the only known method of doing so.
  • Degauss the hard drive. This process, which demagnetizes your hard drive, is a good option if you can’t access the hard drive via the operating system but know that critical, important, or sensitive data is still stored on it. It’s a powerful data wipe method—and the quickest—but it renders the disk unusable. So before you buy a hard drive degausser, be sure you’re ready to part with the hard drive permanently.
  • Physically destroy the hard drive. You can render a hard drive unusable by removing it from your computer and physically destroying it. Try wiping the disk before destroying it, if possible.

Once you’ve put these tips to good use, find out what hackers can do with just your cell phone number—and what to do about it. Plus, learn the steps to take if you’ve been hacked on Instagram or Facebook.