Advice to Secure Yourself Online
This post lists 7 easy-to-implement ways to improve your security for email as well as online accounts. Where possible, the guidance includes basic instructions generic to most applications or platforms. The topics are:
- Always check links in emails
- Do not open attachments that you are not expecting
- Do not reuse passwords between accounts
- Use passwords that are hard to guess
- Use MFA/2FA on all cloud-based accounts
- Check your email accounts on https://haveibeenpwned.com/
- Use a password manager
1. Always check links in emails
Whenever you receive an email that contains a link to a website or document, even from a sender that you recognise and trust, always check the link before clicking on it. It is easy to put a link in an email or document that shows a valid website address but actually directs to a different website. A few ways to check this include:
- Right click on the link and select ‘Copy Link Address’ (this may be slightly different in your email client or browser), and then open a web browser and go to Google. Paste the copied link into the Google search bar in the Google page and search. This will bring up results that may give you more information about the authenticity of the link, and allow you to see what the link actually points to
- Hover your mouse pointer over the link (but do not click!), and look towards the bottom of the window you have open (browser or email application). Somewhere you should see what web address the link actually goes to.
2. Do not open attachments that you are not expecting
Always be cautious when you receive an email that includes attachments, even if the email is from someone you know and is about something you are expecting. If possible, download the attachment without opening it and scan it for potential viruses (often right clicking on it will open a menu that will include an option to scan the file with the antivirus that you have installed (you DO have antivirus installed right?).
If the attachment is a Word or Excel document (or equivalent), ensure you do not enable any macros embedded within the document. Point 1 above applies to any links contained within document attachments.
3. Do not reuse passwords between accounts
For convenience and ease of use, many people tend to use the same or similar passwords for most of the sites and services for which they sign up. This is dangerous, as all it takes is for one service or website that you have signed up for to be breached, and your password could be available for purchase by hackers on the web. If you had used the same password for your banking or work logins, they could now access these accounts easily without you knowing. It is often easy to guess the required username based on the username or email address you used to sign up for the service, even if it was your personal email account (how many of you use a variation of your name in your personal email addresses?).
4. Use passwords that are not easy to guess
Trying to come up with passwords that are sufficiently complicated while still being easy for us to remember is a constant struggle. We tend to rely on pieces of information that we will easily remember, such as pet and family names, favourite colours etc. This is helpful for us, but also for hackers! It is very easy these days to work out most of this information from social media, and then use variations on this information to guess our passwords. A simple solution to this is to use a sentence or a few words separated by spaces. This makes it much harder for someone to guess a password like ‘I love fluffy bunnies’ than it is to guess ‘1l0verabbits!’.
5. Use MFA/2FA on all cloud-based accounts
Whenever you use any web-based cloud services (including Gmail, Yahoo, Outlook.com, Dropbox, Facebook etc), always look for and enable the option for MFA/2FA on your login. This is provided by most websites and is easy to set up. All you will need is a mobile number and a mobile phone, and an authenticator app like the Google Authenticator App to provide you with the code needed to log in.
This will prevent anyone from logging into your account even if they manage to get/guess your username and password. An added bonus with some sites is that you will get a notification when someone tries to access your account, making it easy to detect fraudulent login attempts.
6. Check your email accounts on https://haveibeenpwned.com/
This is a free online resource for anyone to quickly assess if they may have been put at risk due to an online account having been compromised or “pwned” in a data breach. It is easy to use:
- Navigate to the above address
- enter your email address into the search bar
- click the ‘pwned?’ button.
The results will show you if your email address (and potentially password used on any indicated services) have been involved in a data breach. If any results are returned, it is a good idea to change the password on that account, as well as any other accounts that may use the same or similar password (see point 3 above).
7. Use a password manager
We all suffer from password fatigue these days, having to remember complicated passwords for many different accounts. The simplest way to address this issue is to use a password manager. One example of these is LastPass.com, which has a free account option. Just make sure that you enable MFA/2FA on this account and use a long password that is not easy to guess! Now you can save all your logins in one place, generate complex passwords for each website that you don’t have to remember, and manage your passwords easily.