Back to List

Best Practices for Online Security

John Ptacek John Ptacek  |  
Jan 05, 2017
With the news full of journalist, politicians, celebrities and other people having their email and phone accounts hacked, it is a constant reminder that we should be vigilant about protecting ourselves online.
While no one can ensure you are 100% safe from online hacking, we have a bunch of steps for you to keep yourself secure in an increasingly hostile digital world.
Different Passwords - First and foremost, use a different password for sites you visit. When 116 million LinkedIn accounts were hacked in 2012, those users’ email address and passwords eventually ended up online in 2016. Users who use the same password on LinkedIn as their Gmail account quickly found themselves vulnerable.
Password Pattern - I try and use a pattern for all the sites I visit that makes each sites password, pretty unique. What does this mean? I will use a base password that has both numbers and special characters, for example, Justin20!^Bieber. I will then append a set of characters for the website I am visiting. For example, the first two letters of the domain or the first two vowels of the site. So my password for Google, taking the first two vowels from of oo, would be Justin20!^Bieberoo. You can develop your own password pattern, and then use it where applicable. Don’t be like me though and tell people your pattern!
Change Your Password - If a site gets hacked and no one tells you until three years later, that is bad. You can decrease the chances of hackers changing. Every year as you kick off your New Year’s resolutions, include changing your password for sites that are important; such as mail, phone accounts and banking.
Password Manager - There is a lot mental energy expended remembering all of these passwords, even with a pattern. A password manager is a highly recommended approach to dealing with the deluge of passwords we are confronted with.
In general, password managers have plugins that can be used in browser that automatically fill in username and passwords at websites. On mobile platforms, you are prompted via the app to provide a username and password.
Password managers will also generate unique passwords for sites that are highly randomized such as, 7?@W^(+56KsYu8. This level of complexity is hard for hackers to try and crack.
Popular passwords manager include LastPass and 1Password. LastPass recently allowed their free version to connect. Highly recommended.
Update software - It doesn’t matter how complex or strong your passwords are if you are running software that has security flaws that hackers can readily take advantage of. PCs running a 5 year old version of Adobe Flash are going to be open to hackers looking for information.
To alleviate this run modern versions of software. This includes latest versions of Windows 10 (upgrade from Windows XP people!) and MacOs. Make sure you are using an evergreen browser, such as Chrome, Opera, FireFox or Microsoft’s Edge browser. If you are using outdated software, be sure to upgrade.
Is this a real issue? In 2016 hackers used zero day vulnerabilities in Flash, Windows, MySQL, iOS (your Apple iPhone’s operating system) and more. Quickly upgrading your software once vendors have resolved the issue is paramount to protecting yourself.
Two Factor Authentication - An excellent way to improve your online security is use Two Factor Authentication. Two Factor authentication essentially involves two things; a thing you know (such as a password) and a thing you have (such as a phone). Software vendors like Google, MIcrosoft and Apple support two factor authentication, which essentially requires you to provide a password when you log on, and then a number generated by an authentication application on your mobile phone (or another device like a RSA token generator). You can also setup applications to say that a device is trusted (like a home PC), which requires a token to be entered once a month or so.
In these scenarios, even if a hacker has a password to your email, they are required to enter in a token that is running on your mobile phone. In this scenario, if a hacker knows your password and has your phone, you are already in a bit of trouble :)
How serious is this? During the 2016 US Thanksgiving weekend, Google was warning prominent journalists that their accounts were under phishing attacks. Their recommendation, two factor authentication. At a minimum, keep email addresses associated with banking accounts, health and brokerage accounts secure with this approach!
Be Wary of Public WiFi - Public WiFi can be problematic for security conscientious folks. If you are sitting at a coffee shop and doing online banking, it is possible that others on the network could be reading packets on the network and reading confidential information. To bypass this, you can use VPNs when connecting to encrypt traffic or use SSL as identified below.
HTTPS Everywhere - In examples where you are concenred about Public WiFi, or even your work or home network, you can do your best to ensure you are running HTTPS, which is the encrypted version of web page traffic. If you click on an article at, people can read the content of the page. If you read an article at, it becomes much more difficult for people to read the content of the page.
Why is this important, especially for public pages that everyone can read? Two reasons, first, if you are reading information at sites that can provide information about your, for example, WebMd articles, you may not want that available (obviously, in most cases, the not encrypted URL will provide an idea of the content). Second, for public pages that are not encrypted, the pages can be changed and updated to try and get information about you. For example, if someone intercepts an HTML page from, they could inject a snippet of HTML that asks you to enter your email address and password to google. At that point, game over.
So, if you think clicking around the Internet and changing the link to HTTP sounds like a huge pain, you are 100% correct. Thankfully, most major browser vendors have plugins that will do this automatically. I recommend people use HTTPS Everywhere from the Free Software Foundation. They have plugins for Chrome, FireFox, Opera, etc.
If you want to read more about why encrypting the Internet is important, read this. It is becoming more and more important, so much so that Google is giving higher rankings to secure pages over non encrypted pages.
Protecting yourself on the Internet is becoming more and more important to our connected digital lives. Hopefully the above tips provided you some ideas you can use to increase your security in the online world.


Love our Blogs?

Sign up to get notified of new Skyline posts.


Related Content

Blog Article
10 Actions Mid-Sized Businesses Should Take Because of GDPR and CCPA
Jeremiah RobinsonJeremiah Robinson  |  
Apr 11, 2019
If you own a business or manage an IT or marketing department with an online presence or a mailing list, the new privacy laws passed in Europe and California will almost certainly affect you, and sooner than you may think. Following is a brief summary of our understanding of the laws, along...
Blog Article
​Viewing Application Roles from Azure Active Directory
Steven NelsonSteven Nelson  |  
Jun 07, 2016
If you have used the Azure Active Directory service in your application, then you have probably realized that it lacks the ability to see application roles assigned to users.  At the present time, the Azure Active Directory service must be configured using the classic Azure portal (https...
Blog Article
Walkthrough: Email Message Encryption Using Office 365 and Exchange Online
Andrew SchwalbeAndrew Schwalbe  |  
Aug 24, 2015
Updated: 8/9/18 Microsoft recently updated Microsoft Office to their Office 365 Message Encryption (OME), specifically with how it relates to Azure RMS. This greatly simplifies the ability to send an encrypted email from within the Outlook desktop application. If you implemented a process like...
Blog Article
That Conference – Day 2 Takeaways
Chris PlateChris Plate  |  
Aug 13, 2015
I was fortunate to be able to fit That Conference in the Wisconsin Dells into my summer schedule this year.  There were a lot of sessions to choose from, and it was often difficult to pick which session to attend.  Fortunately, I came away from most sessions with something to think...
Blog Article
More Efficiently and Safely Manage Password- KeePass
Eric VanRoyEric VanRoy  |  
Oct 10, 2014
As a consultant I work with many clients (upwards of 100) and their systems. Some of my clients grant me access into their environment in order to troubleshoot issues without requiring direct interaction with them. A typical SharePoint installation can consist of a number of accounts for a secure...