Update 11/14/2017: This guide is now out of date. Please see our new, comprehensive guide.
The internet can sometimes be a scary place, where hackers steal hundreds of millions of passwords in one swoop, or cause large-scale blackouts. The future is probably not going to get better, with real-life disasters caused by internet-connected stuff, smart house robots that could kill you, flying hacker laptops, and the dangers of hackers getting your genetic data.
Advertisement
But here's the good news. There's actually no need to be scared. Hacking and data breaches are real, growing dangers, but there are basic steps that can keep you generally safe on the internet, and we're going to tell you what they are.There are a few things you need to know before we get into the details of this guide. First, there's no perfect security. If someone is really out to hack you, and they have the resources to do so, they will. Second, the most important thing to think about when thinking about staying secure online is something you probably haven't thought about before, and that is what data you're trying to protect and from whom. In hacking lingo that's called "threat modeling."No one security plan is identical to any other. What sort of protections you take all depend on who may try to get into your accounts, or to read your messages.Is your threat an ex who might want to go through your Facebook account? Then making sure they don't know your password is a start. (Don't share critical passwords with people, no matter who they are; if we're talking Netflix, make sure you never reuse that password elsewhere.) Are you trying to keep opportunistic doxers from pulling together all different types of personal information on you, such as your birthday, which in turn can be used to find other details? Well, keeping an eye on what sort of stuff you publish publicly on social media would be a good idea. And two-factor authentication (more on that below) would go a long way to thwarting more serious criminals.
THREAT MODELING
Advertisement
But, overestimating your threat can go the other way: if you start using custom operating systems, virtual machines or anything else technical when it's really not necessary (or you don't know how to use it), you too can suffer. At best, even the most simple tasks might take a while longer; in a worse scenario, you might be lulling yourself into a false sense of security with all sorts of gadgets and gizmos, while overlooking what actually matters to you and your particular threat.With that in mind, here's a few basic things you can do to prevent the most common threats online.
KEEP YOUR APPS UP TO DATE
Advertisement
PASSWORDS
Advertisement
TWO-FACTOR AUTHENTICATION
Advertisement
But apart from the trick of getting a new SIM card, these are attacks that are not trivial to pull off, not just because they might requires specific hardware like Stingrays, but also because they are relatively expensive. So, realistically, though, for the vast majority of people, SMS 2FA is still a robust security measure that does what it's designed to do: add an extra layer on top of your password that might get phished or otherwise stolen.You could, if the website allows it, use another 2FA option that isn't SMS-based, such as an authentication app on your smartphone (for example, Google Authenticator), or with a physical token like a Yubikey. If that option is available to you, it's great idea to use it. But it would be foolish to disregard SMS 2FA altogether, especially if you're not under targeted attack.2FA is a great way to make it nearly impossible for average cybercriminals to break into your most important accounts. You can check out all the services that offer it and how to turn it on here.
DOs & DON'Ts
Advertisement
Do use some simple security plugins: Sometimes, all a hacker needs to pwn you is to get you to the right website—one laden with malware. That's why it's worth using some simple, install-and-forget-about-it plugins such as adblockers, which protect you from malvertising threats presented by the shadier sites you may wander across on the web. (We'd naturally prefer if you whitelisted Motherboard since web ads help keep our lights on.)Another useful plugin is HTTPS Everywhere, which forces your connection to be encrypted (when the site supports it). This won't save you if the website you're going to has malware on it, but in some cases, it helps prevent hackers from redirecting you to fake versions of that site (if there's an encrypted one available), and will generally protect against attackers trying to tamper with your connection to the legitimate one.Do use VPNs: If you're using the internet in a public space, be it a Starbucks, an airport, or even an Airbnb apartment, you are sharing it with people you don't know. And if some hacker is on your same network, they can mess up with your connection and potentially your computer.Don't overexpose yourself for no reason: People love to share pretty much everything about their lives on social media. But please, we beg you, don't tweet a picture of your credit card, for example. More generally, it's a good mindset to realise that a post on social media is often a post to anyone on the internet who can be bothered to check your profile, even if it's guessing your home address through your running routes on a site like Strava, a social network for runners and cyclists.
Advertisement
Personal information such as your home address or high school (and mascot, which is a Google away) can then be used to find more information via social engineering schemes. The more personal information an attacker has, the more likely they are to gain access to one of your accounts. With that in mind, maybe consider increasing the privacy settings on some of your accounts too.Don't open attachments without precautions: For decades, cybercriminals have hidden malware inside attachments such as Word docs or PDFs. Antiviruses sometimes stop those threats, but it's better to just use commons sense: don't open attachments (or click on links) from people you don't know, or that you weren't expecting. And if you really want to do that, use precautions, like opening the attachments within Chrome (without downloading the files). Even better, save the file to Google Drive, and then open it within Drive, which is even safer because then the file is being opened by Google and not your computer.Do disable macros: Hackers can use Microsoft Office macros inside documents to spread malware to your computer. It's an old trick, but it's back in vogue to spread ransomware. Disable them!Do back up files: We're not breaking any news here, but if you're worried about hackers destroying or locking your files (such as with ransomware), then you need to back them up. Ideally, do it while you're disconnected to the network to an external hard drive so that even if you get ransomware, the backup won't get infected.
Advertisement