As a cybersecurity strategist, I’m committed to helping people protect themselves, their families, and their businesses from cybercrime and malware. Here are my top recommendations for staying safe online.
Block ads and trackers
To safeguard your privacy and security, you should block ads and trackers while browsing the Web. Ads can and have been used to deliver malware to unsuspecting users, including through legitimate websites like The New York Times. To protect yourself from malvertising, you need to block ads.
Although publishers don’t like it, blocking ads is both ethical and necessary. The best way to support journalists and artists who are doing good work is to subscribe or contribute to their tip jar. Most publications either sell subscriptions or take donations — or both.
The best way to block ads at home is by setting up a $35 Raspberry Pi microcomputer to run Pi-hole, a network-wide ad blocking utility. To set up a Pi-hole, you’ll need some technical expertise. If you’re not familiar with the basics of networking, you may want to ask a knowledgeable friend for help.
You can also block ads at the browser level by installing uBlock Origin, which its developer calls a spectrum blocker because it can block more than just ads. It’s available for Mozilla Firefox, Apple Safari, and all Chromium-based browsers, including Google Chrome, Vivaldi, Opera, and Microsoft Edge.
Installing uBlock Origin is easy and doesn’t require any technical expertise. It’ll start working right away, offering you essential protection.
There are also browser add-ons specifically designed for blocking ads on Facebook (FB Purity) and webmail services (Webmail Ad Blocker).
Another tool for blocking trackers is Privacy Badger, offered by the Electronic Frontier Foundation. You can run these in addition to uBlock Origin.
A better approach is to disable it by default, but whitelist sites that you trust. You can do this with a tool like NoScript Security Suite for Firefox (also available for Chrome and Chromium-based browsers).
Configure automatic backups
It’s essential that you protect your data with automatic backups. That way, if something happens to your device (it goes missing, it’s stolen, it’s seized at the border, it burns up in a fire, the storage medium goes kaput) you’ve still got your data. Backing up manually every now and again is not sufficient; you need automatic backups to ensure the integrity your data.
All of your backups should be encrypted to protect your privacy and security.
I recommend Backblaze for backing up personal computers.
If you are a small business owner, I recommend CrashPlan for your computers.
If you’re an iOS user, you can back up automatically to iCloud. Google has a similar service called Android Auto Backup, but be aware that it does not backup some types of data, like text messages.
To supplement your automatic over-the-air backups, you can also periodically make manual backups. The most complete backup solution for Android is Titanium, but it requires that your device be rooted. You can create a complete backup of an Android device without rooting using the Android SDK. Both options require some technical knowledge.
Encrypt your devices
For your protection, all of your devices should be encrypted, whether they are running Windows, Mac, iOS, Android, or a GNU/Linux distribution. Encryption renders the data on the device unreadable by an unauthorized party.
Each operating system has a different system for whole disk encryption.
- In Windows, it’s called BitLocker.
- In macOS, it’s called FileVault.
- Most GNU/Linux distributions support LUKS.
Recent iOS and Android devices have encryption turned on by default.
If you have an older device, check to see if encryption is enabled.
Passwords: You need a manager!
Use a password manager to securely store and generate all your passwords.
A password manager is an application or software program that acts as a bank/safe/repository for your passwords, which, combined with your usernames or your email address, serve as the credentials for the accounts you have with countless companies and online services.
I recommend Dashlane, as does The Washington Post.
Why use a manager like Dashlane? Because that way, you don’t have to worry about coming up with passwords for all the accounts you have anymore. Nor will you need to remember them. Your password manager will do this for you.
Chances are, you already have many accounts and many of them are accessed with passwords you’ve re-used. Migrate to a password manager to become more secure online and protect your privacy.
Dashlane’s desktop application has a useful feature that tells you how many times you’ve reused a password across different services, so you can prioritize which accounts to change the passwords for first.
In addition to storing passwords in Dashlane, you can also store secure notes, payment methods, and contact information.
Turn on multi-factor authentication (MFA/2FA)
Multi-factor authentication is the best insurance policy for protecting yourself against your credentials being phished/stolen (or seized by the authorities) and used for unauthorized access to your accounts.
If you own and use a debit card, then you’re already familiar with the concept of multi-factor authentication, also known as two-factor authentication.
Picture yourself in your favorite grocery store the last time you went shopping and paid with a debit card. Remember checking out? When you went to pay, you inserted your card into the reader and then entered your personal identification number, or PIN, into the reader to approve the transaction. The card was your first factor and the PIN was your second factor. Your bank or credit union only authorized the transaction after both factors were presented.
Your debit card (hopefully with a chip embedded) is something you have and the PIN is something that you know. The two factors provide better security of your personal funds. Your card can’t be used for purchases or ATM withdrawals until both factors are presented.
Multi-factor authentication works the same way.
Suppose you’re tricked into handing over the credentials to your email, as John Podesta was. If multi-factor authentication is turned on, the username and password aren’t enough to get the bad guys in.
Most major online services now support MFA/2FA. The best second factor is a hardware based key like the YubiKey; the second best factor is an authenticator app like Authy, available for iOS and Android. Some services don’t yet support either of these methods, and instead ask you to provide your mobile number as your second factor. However, that’s not secure. Use an authenticator app or hardware key whenever possible.
Freeze your credit file
You should freeze your credit file to prevent criminals from fraudulently opening accounts in your name. It’s free to do, but a bit cumbersome, because you have to put in a request with each of the credit bureaus.
Do this for yourself and then make sure each member of your family does it, too. It’s one of the most important things you can do to protect yourself.
Don’t let the bureaus charge you money for this service. Freezing your credit is free. The bureaus would rather you give them money to “lock” your credit file, which is the same thing as freezing it. Don’t give them a dime. Make the bureaus abide by the federally-mandated requirement that lets you freeze your credit without paying.
- Freeze your credit file with TransUnion
- Freeze your credit file with Experian
- Freeze your credit file with Equifax
- Freeze your credit file with Innovis
You will need to provide your Social Security Number to freeze your credit.
Should you need to apply for an auto loan, home mortgage, or credit card, you can temporarily unfreeze your credit file to enable a legitimate financial institution to run a credit check on you prior to deciding whether to extend credit. Ordinarily, your credit should be frozen.
Note that freezing your credit file does not prevent you from using your existing credit cards and lines of credit.
You should also request one of your three free credit reports at the end of April, the end of August, and the end of December each year. (In accordance with federal law, you’re allowed one free report per year from each of the three major agencies, and if you request them at fourth month intervals, you’ll be able to keep a better watch on your credit file.)
Use a VPN when connected to public Wi-Fi
If you must connect to an open, public wireless network while out and about, you should use a virtual private network to secure your session.
A virtual private network (VPN) is an essential tool to protect yourself from electronic eavesdropping. Wikipedia has a good primer on how VPNs work:
A virtual private network extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.
That One Privacy Site maintains an exhaustive comparison of VPN providers.
All reputable VPN providers charge for their services. Don’t bother with a free VPN service like Hotspot Shield; those are usually ad-supported or have restrictions. (Hotspot Shield has also had security issues.)
Mullvad scores well in the TOPV comparison and is a good choice if you’re looking for a reputable VPN provider.
You should have a VPN subscription and you should choose a provider before you travel away from home or work. Many VPN providers have mobile and desktop applications to make initiating a secure session very painless.
Help encrypt the World Wide Web by making sure any websites you’re responsible for are only available over HTTPS [HyperText Transfer Protocol Secure]. Modern HTTPS is implemented through a protocol called Transport Layer Security (TLS). You can test whether your websites are properly secured by using a tool called Hardenize. If your host can’t or won’t help you deploy HTTPS correctly without charging you money, it’s time to look for a new one.
As a user, you can help encrypt the web by installing HTTPS Everywhere, a browser add-on. HTTPS Everywhere will force connections between your device and websites that support HTTPS to be secure.