Back to List

Best Practices for Online Security to Keep Yourself Secure

John Ptacek John Ptacek  |  
Jan 05, 2017
 
With the news full of journalist, politicians, celebrities and other people having their email and phone accounts hacked, it is a constant reminder that we should be vigilant about protecting ourselves online.
 
While no one can ensure you are 100% safe from online hacking, we have a bunch of steps for you to keep yourself secure in an increasingly hostile digital world.
 

Different Passwords

First and foremost, use a different password for sites you visit. When 116 million LinkedIn accounts were hacked in 2012, those users’ email address and passwords eventually ended up online in 2016. Users who use the same password on LinkedIn as their Gmail account quickly found themselves vulnerable.
 

Password Pattern

I try and use a pattern for all the sites I visit that makes each sites password, pretty unique. What does this mean? I will use a base password that has both numbers and special characters, for example, Justin20!^Bieber. I will then append a set of characters for the website I am visiting. For example, the first two letters of the domain or the first two vowels of the site. So my password for Google, taking the first two vowels from google.com of oo, would be Justin20!^Bieberoo. You can develop your own password pattern, and then use it where applicable. Don’t be like me though and tell people your pattern!
 

Change Your Password

If a site gets hacked and no one tells you until three years later, that is bad. You can decrease the chances of hackers changing. Every year as you kick off your New Year’s resolutions, include changing your password for sites that are important; such as mail, phone accounts and banking.
 

Password Manager

There is a lot mental energy expended remembering all of these passwords, even with a pattern. A password manager is a highly recommended approach to dealing with the deluge of passwords we are confronted with.
 
In general, password managers have plugins that can be used in browser that automatically fill in username and passwords at websites. On mobile platforms, you are prompted via the app to provide a username and password.
 
Password managers will also generate unique passwords for sites that are highly randomized such as, 7?@W^(+56KsYu8. This level of complexity is hard for hackers to try and crack.
 
Popular passwords manager include LastPass and 1Password. LastPass recently allowed their free version to connect. Highly recommended.
 

Update software

It doesn’t matter how complex or strong your passwords are if you are running software that has security flaws that hackers can readily take advantage of. PCs running a 5 year old version of Adobe Flash are going to be open to hackers looking for information.
 
To alleviate this run modern versions of software. This includes latest versions of Windows 10 (upgrade from Windows XP people!) and MacOs. Make sure you are using an evergreen browser, such as Chrome, Opera, FireFox or Microsoft’s Edge browser. If you are using outdated software, be sure to upgrade.
 
Is this a real issue? In 2016 hackers used zero day vulnerabilities in Flash, Windows, MySQL, iOS (your Apple iPhone’s operating system) and more. Quickly upgrading your software once vendors have resolved the issue is paramount to protecting yourself.
 

Two Factor Authentication

An excellent way to improve your online security is use Two Factor Authentication. Two Factor authentication essentially involves two things; a thing you know (such as a password) and a thing you have (such as a phone). Software vendors like Google, MIcrosoft and Apple support two factor authentication, which essentially requires you to provide a password when you log on, and then a number generated by an authentication application on your mobile phone (or another device like a RSA token generator). You can also setup applications to say that a device is trusted (like a home PC), which requires a token to be entered once a month or so.
 
In these scenarios, even if a hacker has a password to your email, they are required to enter in a token that is running on your mobile phone. In this scenario, if a hacker knows your password and has your phone, you are already in a bit of trouble :)
 
How serious is this? During the 2016 US Thanksgiving weekend, Google was warning prominent journalists that their accounts were under phishing attacks. Their recommendation, two factor authentication. At a minimum, keep email addresses associated with banking accounts, health and brokerage accounts secure with this approach!
 

Be Wary of Public WiFi

Public WiFi can be problematic for security conscientious folks. If you are sitting at a coffee shop and doing online banking, it is possible that others on the network could be reading packets on the network and reading confidential information. To bypass this, you can use VPNs when connecting to encrypt traffic or use SSL as identified below.
 

HTTPS Everywhere

In examples where you are concenred about Public WiFi, or even your work or home network, you can do your best to ensure you are running HTTPS, which is the encrypted version of web page traffic. If you click on an article at http://www.nytimes.com, people can read the content of the page. If you read an article at https://www.nytimes.com, it becomes much more difficult for people to read the content of the page.
 
Why is this important, especially for public pages that everyone can read? Two reasons, first, if you are reading information at sites that can provide information about your, for example, WebMd articles, you may not want that available (obviously, in most cases, the not encrypted URL will provide an idea of the content). Second, for public pages that are not encrypted, the pages can be changed and updated to try and get information about you. For example, if someone intercepts an HTML page from google.com, they could inject a snippet of HTML that asks you to enter your email address and password to google. At that point, game over.
 
So, if you think clicking around the Internet and changing the link to HTTP sounds like a huge pain, you are 100% correct. Thankfully, most major browser vendors have plugins that will do this automatically. I recommend people use HTTPS Everywhere from the Free Software Foundation. They have plugins for Chrome, FireFox, Opera, etc.
 
If you want to read more about why encrypting the Internet is important, read this. It is becoming more and more important, so much so that Google is giving higher rankings to secure pages over non encrypted pages.
 
Protecting yourself on the Internet is becoming more and more important to our connected digital lives. Hopefully the above tips provided you some ideas you can use to increase your security in the online world.
 
Security

 

Love our Blogs?

Sign up to get notified of new Skyline posts.

 


Related Content


Blog Article
Mitigating Security Challenges in the Professional Services Supply Chain
Brian MorganBrian Morgan  |  
Jun 02, 2020
In this blog, Brian Morgan, Director of Security at Skyline Technologies, explores how to protect your business from cybersecurity threats in the professional services supply chain. Click here to view the full webinar.   Cybersecurity threats are a mounting concern for the professional...
Blog Article
“Bye, Bye, Bye” to AES in ECB Mode
Tony RopsonTony Ropson  |  
May 05, 2020
Early last month, a group operating out of the University of Toronto released a report highlighting some of the security flaws found in the popular online meeting app Zoom. Their report highlighted a few concerning things. However, the one area I want to highlight is the type of encryption...
Blog Article
Website Security: 3 Steps to Protect Your Users’ Data from Attack
Nick KwiecienNick Kwiecien  |  
Jul 23, 2019
As consumers increasingly care about keeping their information safe and secure, we developers need to make security our mission. Especially in today’s world where there seems to be a new content management system out every five minutes, it’s important to make sure your site and its...
Blog Article
10 Actions Mid-Sized Businesses Should Take Because of GDPR and CCPA
Jeremiah RobinsonJeremiah Robinson  |  
Apr 11, 2019
If you own a business or manage an IT or marketing department with an online presence or a mailing list, the new privacy laws passed in Europe and California will almost certainly affect you, and sooner than you may think. Following is a brief summary of our understanding of the laws, along...
Blog Article
​Viewing Application Roles from Azure Active Directory
Steven NelsonSteven Nelson  |  
Jun 07, 2016
If you have used the Azure Active Directory service in your application, then you have probably realized that it lacks the ability to see application roles assigned to users.  At the present time, the Azure Active Directory service must be configured using the classic Azure portal (https...