Cybersecurity 101

It’s almost impossible to imagine life without electronic devices. How would you keep in touch with your friends, listen to music, watch movies or find the information you need without your phone, tablet, or computer? But as essential as your devices are to the way you live, using them can also expose you to serious problems if you’re not following basic cybersecurity rules.

Establish a line of defense by using tools and best practices of online safety to stop hackers, thieves, and others who’d love to benefit by accessing your personal and financial information.

First, make sure your devices have up-to-date antivirus software to protect you from malware. (Note: Viruses are actually not the real problem—it’s thieves after your money and your data.) At the very least, make sure that you’ve installed free antivirus protection from a reputable provider and that you run the software’s updates when they are available.

For most people, though, it’s worth the money to subscribe to security software that protects against spyware, which mines your personal information, and ransomware, which encrypts your files so that they’re inaccessible until you pay money to restore your access.

You may want to go even further to protect your online activity and download a virtual private network (VPN). If you work from home, you may already be using a corporate VPN that links you to your employer’s server. Provided you’re careful to log out when you’re finished, the connection is secure. When you have a VPN service, your data is encrypted by the software, and then is sent through the VPN server before it goes to your online destination. That means it’s extremely difficult to trace that data back to you.

A VPN may be important if you frequently connect to the internet using public Wi-Fi networks, which are notoriously vulnerable to hackers. It should also provide greater protection against having your data sold to the highest bidder by your internet service provider.

Choosing the right VPN can be a little overwhelming. But there are a few practical guidelines that can help you in your search. Choose a provider that’s been around for a while and has a good track record and one that offers a money-back guarantee. Most importantly, keep in mind why you want a VPN: to protect your privacy. Choose a VPN that doesn’t track your internet traffic or sell your data to third parties, which many free VPN services do. It also helps to choose a service with a user-friendly, simple interface and that offers good customer service, preferably with a 24/7 live chat option.

The first line of defense against cyber threats is strictly limiting the personal information you share online, whether it’s a credit card or bank account number, your address, and phone number, or personal information. You also want to be cautious about social media comments that reflect your personal thoughts or that go into detail about your private life. Even though you’re entitled to your opinions, your publicly viewable social media posts could hurt your relationships or even your career. If something that you post on social media is misconstrued, it can be difficult to clarify or apologize and could be used as a mark against you with your current or potential employers. The bottom line is that the more information about you that’s out there, the more likely it can be used against you.

On social media, you can help protect yourself by making full use of the privacy options on Twitter, Facebook, LinkedIn, and the other sites you use, and by always choosing the highest possible privacy settings. Read the descriptions of each option carefully, and turn off access to your identity in as many ways as you can. Here are some more guidelines:

• Restrict who can friend request you on Facebook. This form of caution helps you prevent colleagues and other professional acquaintances from learning too much about your personal life.
• Don’t automatically accept friend requests from people you don’t know. Once you do, your pictures and information that was not public can now be seen by your new friend.
• Protect your tweets and posts from search engines, and only make them visible to your followers. But remember that followers can screenshot what you write, even if they can’t retweet it.
• Don’t link your different social media accounts. When you link accounts, you are sharing your data, especially your personal data, in an exponentially more widespread way. This spread of data makes the job of phishers much easier, as your personal posts may include information about the family, pet names that could be used as passwords, data about where you bank and shop, and other seemingly harmless personal facts that could be used to locate you.
• As a rule, never post anything you don’t want the world to read.

Strong passwords help protect users online, as threats to technology and confidential data become more commonplace.

Password Protection

You should be using strong, unique passwords for each site you’re registered on, especially for sites that provide access to your personal, financial, or other confidential information. If your password is too obvious, it will provide no protection at all. And don’t make the mistake of using the same password over and over. Once an online thief cracks one account, the next step is to try that password for every single account connected with your email address.

To keep multiple accounts secure, you might want to try a password manager. Password managers create complex passwords for your accounts, encrypt them, store them in a vault, and access the one you need to log in to your account. These managers can also protect other digital information, like credit card numbers and PINs. There may be a small annual fee for the service.

Phishing happens when scammers try to install malware on your device so they can steal your information. This practice is widespread and getting more sophisticated. The best protection is to not open any attachments or click on any links that you don’t know for sure are legitimate. In addition to suspicious attachments and links, there are some other telltale signs that an email is a scam, including the use of incorrect company names or URLs, poor spelling and grammar, and a generic greeting rather than your name. Another tip-off is when emails contain urgent calls to action, such as a threat that an account will be canceled or a bill sent to a collection agency.

While it’s completely commonplace to make purchases on your computer or phone, security can still be an issue. You’ll want to look for the security padlock symbol in the URL bar, to the left of the company’s name. To make sure it’s legitimate, click on it to make sure it takes you to a site security certificate. You should also double-check that the URL begins with “HTTPS,” which means the data you send and receive from the site is encrypted.

But what about buying something from a vendor that’s trying to make sales directly on social media? Or a company site that doesn’t seem to have security in place? In that case, if you do decide to go ahead with the purchase, you’re on much safer ground if you’ve established a PayPal account linked to your credit card or bank. The purchase order PayPal sends the seller is encrypted, and the seller has no access to your account number, so it can’t hack your account. Just make sure that when you use PayPal, your security software is up to date, and as always, avoid making financial transactions using public Wi-Fi.