The shadow of 2017’s big data breaches have scarcely passed, and already another internet security scandal is shaking the world: Cambridge Analytica’s alleged misuse of vast troves of Facebook user data. With governments struggling to manage the damage, many people are wondering: is it still possible to protect data online?
Long-term solutions are still far off, but individual users can put themselves in a much safer position by merely avoiding these most common internet security mistakes.
1) Bad password habits
The best way to design a password is to respond to the methods criminals use to crack them open.
The first method is cracking passwords based on personal information. Details like birthdays, children’s or pets’ names, and favorite celebrities often figure in passwords or security questions. Criminals try to find this information to crack accounts open.
The second method is called brute force, though it often employs somewhat complex algorithms. Criminals use programs that draw on commonly used words from known languages in “dictionary attacks.” These programs also test common variations, such as letters replaced by numbers or symbols. Combined with other algorithms, these can crack even long passwords reasonably quickly.
A good password should combine letters, numbers, and symbols—but not in ways that these patterns could easily be guessed.
You’ll need more than one strong password. Other bad password habits are reusing passwords and storing them in insecure places (e.g., post-it notes). For more information, check out these common password security myths.
2) Clicking suspicious links
Phishing and its offshoot, spear-phishing, have made a comeback in recent years. All too often, people end up victims to these methods because they click on suspicious links without taking proper precautions.
You should never click an attachment or link, especially via email or instant messenger, without first verifying what it’s about. This may seem like common sense, but many people are in the habit of opening attachments and links as soon as they appear in their inbox.
For links involving financial transactions, you can reduce risk by accessing the site directly (i.e., type it in your search bar or look it up) instead of through a link. If a URL is shortened, use a link preview to verify its authenticity before clicking.
3) Delaying or ignoring updates
Too often, people assume antivirus programs are a one-and-done deal. They install them and then forget about them.
On the contrary, security software is only as good as its last update. Virus definitions have to be kept up-to-date with the latest threats, which can change a lot—even in a week.
Similarly, significant updates to operating systems or firmware shouldn’t be ignored either. They may not seem directly related to security, but they often involve reducing known security vulnerabilities. Make sure your mobile device, laptop and computer, and any other device that is connected to the internet are running on the latest software.
4) Posting too much, too openly
As soon as information is posted online, it becomes a risk. Users never have full control of anything once it’s in cyberspace, so the less you upload, the better.
Of course, in today’s age, it’s nearly impossible to avoid posting online altogether; after all, social media is how we stay in touch with friends and family, consume our news, and watch amusing cat videos. But be mindful of what you’re posting (vacation dates, birthdays, pictures of your kids, etc.), and make sure your account is private so that only your friends can see your posts.
When uploading important information or discussing confidential matters online, be sure to use an encrypted platform on a secure connection, such as a Virtual Private Network, or VPN.
5) Neglecting the fine print
Perhaps the most significant problem is that people simply don’t take a healthy interest in matters of internet security. It’s best to assume that online, everyone else is looking out for themselves—and this will often be at your expense.
As such, it’s good to treat everything with some skepticism. Read the fine print in the terms of service and end-user license agreements (as boring as this may be) and assume they might pull a fast one over you. You need to understand what personal data they will store and how your data will be used. Check your various apps’ privacy settings, too. When reading emails, be suspicious of the contents and links. And when perusing internet security advice, look for additional sources to corroborate the info you’re reading.
When in doubt, take a proactive approach to your online privacy and security: you can use a virtual private network (VPN) to encrypt your data, conceal your IP address, and gain more control over your internet use.