Cybersecurity is a booming industry these days because increasingly we’re witnessing a number of high profile online data breaches.
You can’t trust any company with your personal data either.
Yahoo has so far received the largest data breach in history which it failed to disclose for two years.
In 2014 hackers stole information from at least 500 million users which Yahoo only disclosed in September 2016. Needless to say, cancel your Yahoo account if you have one.
Most people put more and more of their personal information online without giving a second thought to their security.
Some use the same password for every website, open up attachments from unknown emails and use their Facebook or Twitter credentials to sign up to suspicious looking apps and websites.
Privacy online is a complex topic and given that the internet is an ever-evolving technological ecosystem government of all kinds are using technology to track what we search for and the sites we visit.
Responsibility for your online security starts with you
First and foremost you should take responsibility for your own personal online security. Most websites aren’t going to the levels of security to protect your data as much as you can so don’t expect them too.
Take the assumption that there’s a likely chance your information can be hacked. In other words, if you’re not prepared for those business documents, naughty pictures or heated email exchange to go public don’t keep them online.
Nothing online is un-hackable as proven by the ongoing cyber breaches that take place all the time. You’re online security is only as strong as your weakest link.
That said, while you can never have your online security fully locked down, there are a number of steps you can take to mitigate being hacked.
1. Start with your smartphone. Use Apple.
The two main smartphone operating system players are Apple’s iOS and Google’s Android. From a security standpoint Apple wins due to Android being a more open platform meaning rogue apps can make their way into the Google Play store. Apple on the hand controls its entire ecosystem of hardware, software and firmware.
Also Apple’s stance against the FBI to provide access to a locked iPhone demonstrates the company’s approach to security. The FBI did eventually get into the phone using a third-party security company which, again, demonstrates nothing is fully secure but at least Apple didn’t provide the information.
Use Touch I.D
Now that you’re using iOS get accustomed to using Touch I.D, the device’s fingerprint scanner, to access the phone itself and the apps that provide the facility to use it (Google Docs and Dropbox for example).
Despite everyone having unique fingerprints, biometrics still aren’t completely secure (someone could replicate your fingerprint from a glass in a bar for example) but it’s still better than nothing.
Create a longer passcode
The standard iOS passcode length is four digits long but you can change it to include more digits. I currently have mine at six but you can go beyond that to make it more complex with an alphanumeric code.
Activate Find My iPhone
If you lose your iPhone you can login to iCloud from a web browser and click Find My iPhone to locate the phone’s location to the street address. Maybe you left it a friend’s place in which case no problem, but if it’s at an address you don’t know you can erase the contents of the iPhone directly from iCloud so even if they did manage to get into the phone they’d find nothing.
Turn on auto-wipe
In the the Touch ID & Passcode settings you can turn on the ‘erase data’ button which means if someone tries to login into your phone using an incorrect passcode after ten failed attempts the iPhone will automatically erase all the data. Unnerving to some but a necessary step for others.
2. Passwords should be long and complex
The most commonly used passwords are a joke yet people continue to use them because they’re too lazy to create new ones. Hackers have gained access to millions of users’ data because of simply guessing the right password. Using words such as password, open and qwerty or numerical digits like 12345678 means you’re asking to be hacked.
Likewise people use the same password for every site so once a hacker gets access to one of their accounts she knows them all.
Every account you use should have its own unique password which is long and complex using a combination of letters (capped and uncapped), numbers and symbols. Ideally a password should look something like this Xy7q!6aH&Q1TyeiP%dW
Unless you have a photographic memory, remembering passwords of this kind across multiple sites is impossible.
There is another way however. Password manager services like LastPass not only allow you to store your passwords in an encrypted environment but will change the passwords so you don’t even know what they are. It sounds a little unnerving to not know your own passwords to all your important sites but as long as you have the master password to log into your LastPass account you can access and change them anytime.
LastPass works by encryption so they don’t have your stored passwords on their server either.
I use LastPass myself and also pay for the premium version which allows me extra security and access via my iPhone.
If you want to try LastPass sign up to it here I’ll receive a small commission of an increase to my premium account.
3. Use two-factor or two-step authentication where available
If your login details are compromised hackers can in theory access your most important accounts but not if you have two-factor/two-step authentication set up.
Two-factor and two-step basically mean that there is a second step required to login to an account after giving the username and password. This second step can be in the form of sending a text message with a unique code to the user’s phone or using an authenticator like Google’s Authenticator app which produces a limited time unique code.
The big social media platforms, email providers and other security sensitive sites offer this so if you have yet to set it up it you’d be wise to do so.
The more layers of security you can add to your online login details the safer you will be.
4. Use email wisely
Depending on how sensitive your emails are you may want to consider using a more secure alternative to the most popular providers like Gmail and Hotmail.
Switzerland based ProtonMail is one such service that provides end-to-end encrypted email so they (or anyone else) cannot read your emails. Something which Gmail and Hotmail do not do.
ProtonMail is not without its problems however and in 2015 received a DDoS attack by hackers holding them to ransom. They’ve since claimed that they are now protected against further attacks.
If you need a temporary email address then Hide My Ass is a decent option.
5. Protect yourself in social media
If you’re still using social media for personal gratification and to fill a void, firstly you need to stop. Secondly, people who do that are typically over-sharers of information.
They tend to share where they live, when they’re away from home, their age, family details, where they work, likes, dislikes and a whole host of information that allows unscrupulous people to put together a comprehensive profile of them that can be used for fraud or hacking purposes.
Social media has provided people the ease in which to connect with others in a global environment. Some people forget however that because the internet is global anyone, anywhere can gain access to their lives.
As a rule of thumb;
- Don’t over-share personal information
- Lock down accounts that aren’t used for business promotion (Snapchat for example)
- Remove unused apps from Facebook and Twitter that could gather information
- Delete any social accounts that you no longer use
- Use two-factor authentication (see above)
- If you have your own domain like a blog URL protect it with a domain privacy service
- If you have a blog ensure that your security is tight
6. Ensure your wifi is secure
Using wifi – and especially public wifi – can be a security risk. Read this article where a hacker mimics a coffee shop’s wifi to steal login details from various customers.
If you can tether from your phone you should always do that when you’re away from your home wifi. Logging onto public wifi, even if you’re using a reputable source, doesn’t come without its risks.
7. Protect your computer
Make sure your computer is password protected. Adding a password will at the very least buy you time should your computer be stolen.
Encrypt your hard drive. If you’re a Mac user then your iMac/Macbook will come with FileVault which encrypts your hard drive as soon as your Mac is shut down. Only when an authorised person logs into it again do its contents become unlocked.
You can also find your Macbook via the Find my iPhone settings (confusing!) in iCloud which gives you the ability to erase all of its contents remotely if you want to.
Hackers can and do get access to people’s computers remotely and can access both the webcam and microphone without the user knowing. That’s why Mark Zuckerberg covers his and if you’re worried about people snooping perhaps you should too.
Here’s my webcam cover which you can buy on Amazon.
Webcam cover after watching what spying software is capable of. Sound investment. pic.twitter.com/lzrqOORkfP
— Stephen Davies (@stedavies) January 21, 2016
8. Improve your browsing game
If you browse sensitive information you will be better off using Tor which makes it almost impossible for anyone to track your browsing activity. Tor (which stands for The Onion Network) is slow and quite cumbersome to use but it stops websites from discovering your physical location and your identity (to a point). It’s also used as a gateway to the Dark Web where guns and drugs are abound.
If like most people you just want to add an additional layer to stop advertisers and websites to collect information about you you can use a Chrome browser extension such as Ghostery. This allows you to block all kinds of trackers in one full swoop.
Also use the HTTPS Everywhere extension which encrypts your browsing making it harder for people to snoop.
Staying secure online is an ongoing effort
We know that governments around the world are spying on people and tracking their online movements.
We know that corporations can’t be trusted with our personal information to either keep it safe or let us know when it has been compromised.
We know that people are being jailed because they are releasing information about these things.
Staying secure online is an ongoing effort.