When it comes to personal online security, advice is tricky. A lot of it sounds good in theory, but how much of it actually works as intended? Some oft-repeated wisdom is tried and true while others are just cyber security myths.
According to recent research by Google, security experts have fundamentally different approaches to online security than average Web users. These differences not only include habits and behaviors, but mindsets and attitudes as well.
Want to stay safe online? Then forget everything you know about online security because it's time to be retrained in the right patterns. Here's what the experts actually do.
Keep Software Updated
Installing software updates, using password managers, and employing two-factor authentication are all top choices for experts while remaining much lower priorities for non users.HT: Ars Technica
Would it surprise you to know that the #1 practice shared amongst security experts is staying on top of software updates? Most non-experts focus more on antivirus, encryption, privacy -- and we'll cover all of that later -- but so many folks forget that software updates are crucial.
Why?
Because even though these past few years have really highlighted the dangers of social engineering, the truth is that most security breaches are effected through software vulnerabilities and loopholes (and these breaches are called exploits).
Ever wondered why applications keep asking you to update, update, update? Sometimes those updates are there to push new features, but many times they exist to patch vulnerabilities that weren't discovered until recently.
Updating your software (and in the case of certain gadgets, updating your firmware!) protects you from those who might exploit open vulnerabilities on your system.
Use Strong & Unique Passwords
Password managers change the whole calculus because they make it possible to have both strong and unique passwords.HT: Tom's Hardware
A bad password is only slightly better than having no password at all. It lures you into a false sense of security and makes you forget that weak passwords are easy to crack. For a password to be effective, it has to be both strong and unique.
A strong password is at least 8 characters long, doesn't contain any words you'd find in a dictionary, does contain several special characters (e.g. !@#$%^&*), and uses a mixture of uppercase and lowercase letters.
A unique password is one that you use for one and only one account. That way if one account is breached, your others stay secured. Would you ever use the same exact key for your car, your house, your mailbox, and your safe deposit box?
The problem is that memorable but secure passwords are hard to manage, especially if you commit to never repeating a password. So, use a password manager!
When it comes to passwords, only 24% of non-experts polled said they used password managers for at least some of their accounts, compared to 73% of experts.HT: Information Week
A password manager remembers your account credentials so you don't have to. When you need to log into a website or a program, the password manager will fill in the relevant details for you. It's safe and convenient. A win-win.
There are several different password managers available these days, and even more if you count password managers on Android. To get started, check out our guide to password management.
Enable Two-Factor Authentication
Many popular websites and services support two-factor authentication. This means that even if someone is able to get your password, they won’t be able to log into your account.HT: Laptop Mag
Two-factor authentication is any authentication method that requires two different authenticating credentials. For example, a password would be one kind of factor while facial recognition could be a second factor. Only with both are you granted access.
Today, most services that offer two-factor authentication (not all do, unfortunately) will require a password and a verification code that gets sent to you by email or by SMS. In order to break into your account, someone would have to crack your password and intercept the verification code.
Needless to say, everyone should use two-factor authentication!
It stands to reason that if updates, password managers, and two-factor authentication are top priorities for security professionals, they should be top choices for amateurs as well.HT: Ars Technica
Check Links Before Clicking
"Think before you link." In other words, think about it before you click that link.HT: Roger Thompson
How many times have you clicked on a link that looked legitimate only to arrive at a website full of distasteful ads and malware warnings? Unfortunately, it's pretty easy to disguise a malicious link as a proper one, so be careful when you click.
This is particularly important for emails because a common tactic used by phishers is to recreate emails from popular services (like Amazon and eBay) and insert fake links that take you to pages that ask you to sign in. By logging in, you've actually just given them your account credentials!
Hint: Learn how to check the integrity of a link before clicking. Also, stay extra safe with these important email security tips.
Another link-related risk is the shortened URL. A shortened URL could take you anywhere and it's impossible to decipher the destination just by reading the URL alone, which is why you should always expand a shortened URL to see where it leads before clicking on it.
Browse HTTPS Whenever Possible
Encryption of data. Though it is important for companies to protect their data from outsiders, it is also important to protect it inside the network.HT: Novell
Encryption is extremely important and you should be encrypting all of your sensitive data whenever possible. For example, encrypt cloud storage files in case they get hacked or leaked and encrypt smartphone data so nobody can snoop on your communications.
And while privacy is important, there are other reasons for digital encryption besides it. But for web security advocates, one of the more effective steps is to use HTTPS whenever you can.
Hint: Not sure what that is? Read our HTTPS overview and why it matters.
Stop Sharing Personal Information
Don't post any personal information -- your address, email address or mobile number -- publicly online. Just one piece of personal information could be used by a complete stranger to find out even more.HT: Tom Ilube
Posting your personal information online can have serious repercussions. You'd be surprised by how much people can find out about you even from a single breadcrumb or two. Most of the time it doesn't lead anywhere, but sometimes it can ruin your life.
There's a process called doxxing (or doxing) whereby people will scour the Internet for your personal information and eventually have enough puzzle pieces to determine who you are, where you live, who your family members are, where you work, and more.
It's scary enough on its own, but when you combine it with something serious like a death threat or a prank call to 911 that screams were heard in your house, it becomes more than just a fairy tale of stalkers and inconveniences.
Ignore Anything "Too Good to Be True"
If it sounds too good to be true, it is probably not true. No one wants to send you $5 million. You are not the millionth visitor to the website. You are not a winner ... and the Pretty Russian Girl who wants to be your friend is probably not pretty and not even a girl. She doesn't want to be your friend ... she wants your money.HT: Roger Thompson
The problem with "too good to be true" is that it usually indicates deceit or fraud, as is the case in a lot of eBay scams, Craigslist scams, and even apartment scams. Few things on the Internet are ever perfect.
You can take the risk if you want to, especially if you can eat that potential loss without flinching, but the general rule of thumb is to ignore it if you can't find "the catch". If you can't find a catch, then the catch is likely you.
Scan For Malware Regularly
Among respondents who are not security experts, 42% consider the use of antivirus software to be among the top three things one can do to stay safe online. Only 7% of the security experts polled believe that.HT: Information Week
Would you believe that only 7% of security experts bother using antivirus software? Sounds crazy, doesn't it? Is antivirus software really that bad? It depends on your criteria.
Non security experts listed the top security practice as using antivirus software ... One likely reason explaining the divide over use of antivirus software is that security experts are more likely than non experts to use a non-Windows operating system. So while it may be tempting to interpret the results as showing experts think AV isn't an effective security measure, that's not automatically the case.HT: Ars Technica
Antivirus software should be seen as backline defense, as more of a last resort than a primary shield. Even the best antivirus programs are far from perfect, so it's more effective to focus on proper security habits.
In other words, security experts know how to keep themselves secure, so they don't really need that last line of defense. On the other hand, the average user doesn't know how to practice safe security habits, so antivirus is good to have.
This is the only tip where we recommend that average users deviate from the experts: they don't need antivirus software, but you and I do! Don't forego it. You never know when it'll save you.
Are you a security expert or an average user? What techniques do you use to keep yourself safe online? What other tips would you add to this list? Share with us in the comments below!