Skip to main content

How do security experts keep themselves safe online?

How do security experts keep themselves safe online?
(Image credit: Shutterstock)

With hackers seemingly lurking around every corner of the Internet, how do you keep yourself safe online? We turned to the experts to find out. In this guide, we’ll explore six tips that security experts recommend to keep yourself safe online. 

How does your cybersecurity stack up? Let's hear from you
Take our short survey on Cybersecurity and you could win an Amazon Kindle Fire tablet plus three Cybersecurity eBooks courtesy of ESME.

1. Don’t wait to install updates 

Have you been snoozing that system update for several months now? Taking the time to install the update is one of the simplest and most effective precautions you can take to protect yourself against a hack. Often, software developers are pushing out updates primarily to patch vulnerabilities that hackers could exploit rather than to introduce some exciting new features.

If you’re still not convinced that software updates are worth your time, you only have to look back to the WannaCry ransomware attack in 2017. This virus propagated through a flaw in Microsoft’s operating system—a flaw that Microsoft had already identified and issued a software patch for in a system update. More than 200,000 computers were infected by WannaCry, all of them because Microsoft’s system update hadn’t been installed. (Two years later, there are still an estimated 1.7 million unpatched computers and WannaCry continues to cause infections.)

2. Only connect to secure networks 

Cybersecurity experts are quick to warn about the danger of public WiFi networks. When you connect to unsecured WiFi, anyone in range of your signal can get in between your computer and the router—what’s known as a man-in-the-middle attack. Instead of sending your browser requests and data directly to the router, you’re really sending them to an attacker.

Man-in-the-middle attacks aren’t just an issue for your computer, either. If you have a mobile device, its signal can also be intercepted when you connect to a public WiFi network.

If you have to use public WiFi, you have a few options. The first is to stay away from transmitting any secure information. That means no online shopping (which requires that you enter your credit card and possibly a username and password) and no logging into your bank account. The second option is to use a VPN, which can encrypt your data before it leaves your computer in the first place.

Another good practice when connecting to public WiFi is to make sure that file sharing is off. This is a simple step to make sure that no attacker can connect to your computer via the network.

3. Use a password manager 

Reusing passwords is common practice, but you won’t find any security experts doing it. That’s because the first thing a hacker does when they get hold of one of your passwords is to try it on your bank account, your credit card accounts, your email account, and more. If you reuse passwords, a single leak—perhaps one that you have no control over, like from a hack on a company you have an account with—can expose all of your online accounts.

The best way to avoid this problem is to create a unique password for every online account. Of course, you’ll need some help to remember these dozens of unique passwords. That’s where a password manager comes in.

Password managers are typically very secure and most come with a password generator to help you create stronger passwords. At the end of the day, you’ll only need to remember two passwords—one for your computer login and one for the password manager. These should be multi-word phrases that can’t be easily guessed or brute-forced.

4. Think before you click 

Did you receive an unusual email with a link in it? Think carefully before you click. Phishing schemes often include a link that will take you to a compromised website, where malware can be downloaded onto your computer without your knowledge. Attachments can be just as dangerous since even seemingly innocent documents can contain hidden malware.

There’s no magic formula for deciding whether an email is legitimate or not. Even if it seems like it comes from someone you know, there’s no guarantee that their email account hasn’t been hacked. Get in the habit of inspecting links and attachments before you click on them. When in doubt, email the sender back to confirm their authenticity.

Of course, if an email asks you for sensitive personal information, that’s a major red flag. You should never share your credit card information, social security number, or account passwords over email. Legitimate businesses will never ask for this data over email.

5. Install antivirus software 

Security experts also recommend using antivirus software to protect your computer. Many new software packages use artificial intelligence to flag never-before-seen code as malware based on its similarity to known malicious code. That gives you a leg up in the fight against attackers if you do accidentally navigate onto a compromised website.

That said, antivirus software isn’t a cure-all for malware. Experts note that it’s less effective than installing software updates at preventing hacks, and it won’t always be able to save you if you download malware after clicking on a link in a suspicious email.

6. Turn on two-factor authentication 

More and more online services are offering two-factor authentication as an extra measure of security when you log into your account. If it’s available, opt in. Turning on two-factor authentication can prevent an attacker from getting into your account even if your password has been compromised.

However, security experts warn that two-factor authentication is a measure of last resort. For it to be useful, the leaked password must be limited to accessing that single account—meaning you need unique passwords for every account, and therefore a password manager.

Practice safety while planning for the worst 

While cybersecurity professionals point to these six practices as some of the best ways to stay safe online, they’re also quick to point out that these security measures aren’t bulletproof. They may keep your identity from being stolen, but even if you follow all the guidelines there’s no guarantee that a malicious attack won’t slip through to your phone or computer. Thus, it’s important to always keep backups of all your files in case an attack succeeds.