You can’t go through the latest news without hearing about some form of online privacy or security breach.
Hacked…breached…phishing…these words can strike fear into the heart of anyone who uses IT and accesses the internet.
And that applies to everyone from an individual who surfs the internet for fun, to a major corporation with a huge online presence.
Some damage might be more severe than others, though it’s all relative depending on your situation.
But for some reason, there is still complacency about the need to take extra measures to protect yourself online.
You wouldn’t allow anyone to go through your most private documents, read your diary or be able to take your bike.
So why is it when most of your life is now online, you do not use the same measures to protect yourself online?
Just follow the advice below, and you will have made a huge difference to your online safety and privacy.
- Use a Password Manager
- Do Not Write Down Your Passwords
- Beware of Free Public WiFi
- Keep Your Software, Programs, Plugins & Apps Updated
- Don’t Click on Suspicious Links in Emails
- Protect Your Emails from Peering Eyes using ProtonMail
- Use DuckDuckGo – A Privacy-Based Search Engine
—
1. Use a Password Manager
Using strong passwords is perhaps the most important part of securing yourself online.
In many cases, weak passwords are one of the main reasons why hackers can access your system
If you think you are being clever making “password” your password, then you are kidding yourself.
Most people would hesitate about using a password manager as you are essentially storing all of your details in one place.
But it is impossible for your brain to be able to remember every single password, for every single website, which is unique and has a combination of small and capital letters, numbers and special characters.
Anything that is better than your memory should be something you are encouraged to use.
Password managers don’t need to be perfect, they just need to be better than *not* using them which they unequivocally still are https://t.co/nVG5G6RAWx
— Troy Hunt (@troyhunt) April 1, 2017
The main password manager of choice that I use is LastPass.
Related Article: Why is Password Manager & Why You Must Use it?
2. Do Not Write Down Your Passwords
I tweeted a while back at my shock that this product actually exists:
This book should be banned. You can’t possibly think this is better than a password manager https://t.co/GJQ5ZPbVgu via @troyhunt pic.twitter.com/8xGHR9dfFk
— Ahmed Khalifa (@IamAhmedKhalifa) April 4, 2017
That’s like having a tag on your keychain that states your address, because you know, just in case someone has found your house key and wanted to return it.
Or will they?
Unfortunately, not everyone is that honest if they have access to something that is considered to be private.
It’s not just about that journal above. Don’t write it anywhere.
Don’t write it down in a notepad and hide it.
Don’t write it on a sticky note.
Even worse, don’t write it on a sticky note and then stick it on your monitor.
Why? Why would you do that?!
You wouldn’t write down your PIN and stick in your wallet, would you?
Just don’t write it down.
Please.
^ Return to top
3. Beware of Free Public WiFi
Where there is free WiFi, people tend to flock.
Especially if you are abroad, have run out of internet data, or don’t want to pay for extra data.
Like a moth to a light bulb, we are drawn to anywhere with free WiFi at a time of need.
And I’m not any different.
But when you start sharing private information such as your login details over public WiFi, you are inviting other sophisticated hackers to see your details thanks to the public WiFi.
So just to clarify, there are huge dangers to using public WiFi.
But what can you do to prevent this?
First of all, do not use password-free WiFi. You risk being the wounded animal surrounded by hyenas waiting for you to fall into the trap.
Once you start typing your login details, you are exposed.
Those public venues with password-protected WiFi are slightly better, but not when their password is pretty weak.
Too many times their password tends to be the name of the company.
You may as well just not bother having a password in the first place.
But if you must use public WiFi, password-protected or not, the best way to protect yourself is to use Virtual Private Network (or VPN).
In the most basic form, a VPN allows you to hide the location of your IP address when you are accessing websites, which consequently protects you from snooping hackers.
Sure there are free VPNs out there, but when something is free, you are paying for it somehow, like lack of security.
So my advice is to simply either pay for a premium VPN or don’t use one at all.
My current VPN of choice is NordVPN, which I use on my desktop, laptop, tablet and mobile when accessing public WiFi.
Even if you are carrying out sensitive acts such as digital banking and online payments, it is recommended that you use a VPN for extra protection.
^ Return to top
4. Keep Your Software, Programs, Plugins & Apps Updated
Another very common reason why hackers have success with accessing other devices is simply because you have not carried out any updates.
This could be any of the below:
- Your Windows, iOS or any other operating system on your desktop, laptop, tablet or smartphone
- The programs you have installed or downloaded on your desktop or laptop
- The apps you have downloaded on your devices
- Your WordPress software, themes and plugins
- Browser extensions and add-ons
- And any other online tools
As well as improving functionalities, introducing new features, improving speed, battery life, etc., another main reason for the updates is for security reasons.
Some are minor; others are major.
Let’s be clear – there is no such thing as 100% secure tools.
But it’s important to make it as difficult as possible for the hackers by securing yourself as much as possible.
Behind the scenes, developers are constantly working hard to fix any security loopholes they or someone else have discovered.
But it is up to you to make sure that you have updated them.
There has been evidence that older versions of a particular tool have been the cause of hacks because the developers are not continuously keeping on top of it.
And users who are using these discontinued/unmaintained tools run the risk of having security loopholes on their devices and websites.
In fact, Wordfence carried out a survey in 2016 where the top reasons for a site being hacked are because of plugins which could be abandoned by developers and/or not updated by site owners:
So stay on top of your updates.
^ Return to top
5. Don’t Click on Suspicious Links in Emails
You would probably think twice about replying to an email from a prince who has cash lying around and needs to transfer it to you.
But hackers are becoming more and more sophisticated about encouraging you to click on a link which takes you to a fake version of a popular retailer, e.g. Apple or Amazon.
Below is an example of how sophisticated phishing efforts are getting with some more examples here.
Just discovered this on an external site. On the left we have a phishing portal, on the right the real deal! #phishing #ScamAlert #Apple pic.twitter.com/nkkjK5So2P
— Jason Murray (@_JasonMurray) February 1, 2017
In some cases, if you have entered your details on a fake website, your login details have been compromised.
In other cases, if you click on a link within those emails, you have been compromised and gave access to the hackers.
It doesn’t matter how quickly you close the browser, run an anti-virus or shut down the computer.
It is too late.
If that has happened to you, you are best off getting an expert to help you or follow some professional guidelines.
These include:
- changing your passwords asap
- checking your bank account for fraudulent transactions
- if necessary, blocking your credit cards
But when you receive any emails which ask you to click on a link, think about whether it’s genuine or not.
For example, check the email address from the sender of the email. More often than not, the sender will not have a familiar @[brand].com such as @apple.com or @amazon.co.uk.
If you are on a page which asks for your login details, check the address bar. Is the URL correct and does it have HTTPS?
If you have received a message from a courier or retailers stating that your order has been cancelled, delivered or made, has it really?
You are probably asked to click on a link to “check” your order.
Instead of clicking on the link within the email, it is best to click on the spam icon at the top of your email or block that email.
^ Return to top
6. Protect Your Emails from Peering Eyes using ProtonMail
You probably didn’t realise it, but someone or something is reading your emails right now.
Yep, while you are reading this, your sent and received emails are being read to help gather as much data about you as possible.
What’s the purpose of this?
Your personal information is used to create adverts and make money out of your online behaviour.
Gmail is the main culprit of this:
Somewhat worryingly, even Google has made it clear that you shouldn’t expect privacy when sending to or from Gmail.
Even if you are not keen on changing your email address, it’s worth considering registering your name at ProtonMail.
For those who don’t know, ProtonMail was founded by 3 CERN scientists in Geneva, Switzerland and provides an end-to-end encrypted email account.
With the increase in awareness of privacy, more people are avoiding the popular email platforms in favour of those which focus on privacy.
You are likely to find your name being available, which is a rarity nowadays if you are used to the likes of Gmail, Hotmail/Outlook and Yahoo.
But on top of that, you can rely on ProtonMail to provide an encrypted and fully secure email service.
^ Return to top
7. Use DuckDuckGo – A Privacy-Based Search Engine
Out of all the recommendations mentioned above, this one is probably the most difficult.
Avoid using Google.
Don’t get me wrong, Google is incredible.
The products that they have built, the branding, their community, their creativeness and their initiatives.
You can’t fault them – they have built a hugely successful business.
But the price of using their search engine for free is that they gather data about you in return.
It might sound innocent, but there is a very good chance that Google knows more about you than you think.
And that’s why I use DuckDuckGo, which has been my homepage for a number of years and my number 1 choice of search engine.
Their focus is privacy-based searches:
- they don’t store your personal information
- they don’t follow you around with ads
- they don’t track you, regardless of whether you are in private browsing mode or not (you are not really private in incognito)
If you think they are not popular, think again as they have recently reached 10 billion private searches…and counting.
I can’t claim to say that I don’t use Google at all.
Their search engine is useful for certain SEO tasks, hacks or to find content ideas.
Google Analytics is my number one analytic tool, while Google Docs and Sheet are incredibly useful for collaborative work.
And I even use their G-Suite to link the customise company email to Google’s products.
So it’s difficult to stay away from them – I admit.
But I have reduced the number of times I use their search engine.
It doesn’t mean that they know nothing about me. But it does mean they know a heck of a lot less about my personal life, and that’s better than before.
Related Article: Why I Use DuckDuckGo as My Main Search Engine of Choice?
Round-up of All Tools
So just to round it all up, below is a list of tools that I have mentioned above:
- Password Manager (I use LastPass)
- VPN Provider (I use NordVPN)
- ProtonMail
- DuckDuckGo
—
One of my favourite excuses for anyone who doesn’t care about protecting themselves online is this:
“I don’t have anything to hide”.
If you have heard that, I always reply the same way:
“OK, can you write down your email address and password for me?”
They will always reply “No!” to which I always reply:
“But I thought you said you’ve got nothing to hide. You were happy and quite relaxed about anyone gathering data about you and happy for them to access it, but not me?”
More and more of your life is going online, so it only makes sense for you to start taking online security and privacy very seriously.
And even if you don’t follow the advice or use all of the tools above, at least don’t do anything crazy like writing down your passwords.
If you did, burn it. Throwing it in the bin will not be enough.
How secure are you online? Do you take it seriously? If not, why not?
I would love to hear what you think in the comments section below.
Related Article: How to Make Your WordPress Site More Secure & Beat the Hackers?
Ahmed Khalifa
Latest posts by Ahmed Khalifa (see all)
- ‘The Obstacle is the Way’ Book Review [Video] – How You Could Look at the Obstacles in Your Life - 25th December 2019
- ‘Tools of Titans’ by Tim Ferris – Book Review [Video] - 26th November 2019
- ‘Atomic Habit’ – Book Review on How to Create Good Habits & Remove Bad Habits - 5th October 2019
Thanks for the VPN recommendation. That’s something I’m definitely interested in.
I remember hearing that you need to have passwords at least 12 characters long to be safe.
I can’t remember if you went to WordCamp London this year, but Chris Wiegman had a good talk on privacy and security. It will be on wordpress.tv, and you can read the slides here: https://chriswiegman.com/2017/03/wordcamp-london-2017/.
Thanks for sharing that, and I’m glad you like the VPN recommendation.
Most of my passwords are at least 15 characters long and when you use password managers, it’s easier to do that (combined with using different characters, numbers, etc.)
VPN is a must these days no body afford to get their personal, financial or corporate accounts compromised. I prefer using dedicated ip by purevpn for extra stability and authentication for accessing my private accounts using the same ip location every time.
Thanks for your comment Nick.
It’s a no-brainer to use a VPN in situations where you don’t have control over your internet connection, like the public WiFi at a cafe or library. The thought of not using one and then accessing private accounts is a scary thought.
NordVPN is the one that I use too! Have you seen it’s just received a badge as a fastest vpn in 2018 https://vpnpro.com/blog/speedtest-recommended-nordvpn/. I guess we made the right choice. Also, I’ve recently started to use passwords manager, oh what a relief. Thanks for the tips, I think it’s very important to spread the word about online security and privacy.
Thanks Samuel. I’m glad I’ve done my research and chosen NordVPN in the end. And it’s very wise of you to use a password manager too. It’s an essential part of your toolbox.
Totally agree that best way to protect yourself is to use VPN, you should definitely avoid using public wifi without it. I am also using Nordvpn, it works perfectly on my computer and phone, and I don’t need to worry about connecting to public wifi in a coffee shop or university, I believe that it is a must have security app.
I’m glad you agree Niko. I would definitely be worried if anyone suggests that it’s safe and fine to connect to a public WiFi.
It’s just too risky.