19 Cybersecurity Tips Coming From Netizens That You May Want To Incorporate In Your Daily Online Life
Article created by: Ilona Baliūnaitė
Once upon a time, in the ages that were sometimes called the “good old days,” it would have been considered a leak of personal data if, let’s say, you accidentally lost your passport or checkbook on the street. But now it’s 2024, our lives have long and firmly moved online, and the internet is no longer the serene paradise lagoon it was decades ago…
There is no doubt that cyber security is a proper and necessary thing, but, like any sphere of human activity, it has managed to acquire so many rumors, myths and recommendations that it is difficult to distinguish the truth from the fake, and current useful advice from the already outdated. However, people are trying. Like, for example, in this wholesome thread on the AskReddit community.
More info: Reddit
Read before you click. Think before you click. Beware of common threats.
You are your own best antivirus. You are the weakest link in your cybersecurity.
Don’t reuse passwords and change them often. If one site is breached, if your accounts are associated with your email address, then they all are.
Edited by writer to insert a comment from Aleksandr Valentij, Cyber Security Lead at Surfshark:
“Frequent password rotation isn’t a good idea and is already not recommended by the NIST organization and the InfoSec community overall. At the end of the day, it’s a counterproductive practice with dubious benefits. When a user has a lot of accounts and has to rotate passwords, they end up using weak passwords because of the lack of imagination.
“A better piece of advice is to use password managers and generate longer than 12-14 character passwords unique to each protected resource. Also, necessarily use 2-factor authentication (2FA) wherever possible. Protecting an account with a password only in 2024 – not a good idea. For especially sensitive accounts, physical security keys are recommended such as Yubikey, Google Titan, Thetis, Feitian, SoloKeys, etc.”
If your url says https://, the websites secure, if it’s http://, it’s not secure. Don’t put any personal information into an insecure website
Edited by writer to insert a comment from Aleksandr Valentij, Cyber Security Lead at Surfshark:
“I don’t want to scare you too much and cause paranoia, but that “padlock” SSL certificate can be bought for as little as $9 and added to any malicious website. So just that the HTTPS lock exists doesn’t guarantee a web resource’s safety all on its own. It just shows that data coming your way will be encrypted. There’s no difference whether you’ll get a virus from an encrypted channel or not.
So you shouldn’t relax just yet, but you should click on that “lock” to examine the certificate – who was it given to, are the recipient of the certificate and the website name identical, etc. But yes, the general rule is that HTTP is totally trash and you should by no means give your sensitive info (for example login/password) to a website with a bare HTTP.”
Make certain to have your important stuff offline backed up, totally isolated from the net. Worms, virusses, ransomware can hit online but just wipe the lot and give them the finger. Reload and be more careful.
Edited by writer to insert a comment from Aleksandr Valentij, Cyber Security Lead at Surfshark:
“It’s also advisable to encrypt those backups or store them in a drive with a physical encryption, such as disks with PIN code buttons or fingerprint protection.”
VPNs and data encryption should be top priority for anyone starting online businesses or handling money in general on the internet
Common sense. That big ugly yellow download button that obv doesn’t look like it fits the theme of the website is not the download button.
If you receive an email from Apple, PayPal, Amazon, etc. that you think be phishing; hit forward check the email address. It show the true the email address. If it looks different, forward to the real company’s anti-fraud email. You phasing it by searching the company’s name and report phishing ie Amazon report phishing.
Don’t use your debit card to buy online. If that gets compromised the money coming out is hard cash. If its a credit card it’s on the credit card company to get their money back on fraud charges. This can take a long time.
Edited by writer to insert a comment from Aleksandr Valentij, Cyber Security Lead at Surfshark:
“It’s best to use single-use virtual cards for online purchases. For example, Revolut and other payment platforms have them.”
-Use a password manager.
-Think before you click. (Did I hover the link to preview the URL? Is this REALLY a Nigerian prince?)
-2-Factor Authentication is your friend. Keep it simple with 1 platform if possible.
-Utilize browser add-ons and extensions to tailor your experience with ad/script blockers. Added benefit of privacy.
-Explore VPN options, for privacy’s sake.
-Malware/virus protection.
In email, especially at work, hover over a link and see the domain name makes sense before clicking. It should be your company’s domain name or the domain name of the company you are working with.
I will literally not click on a link in an email from my bank or other financial institution if it is not a link directly to their domain. I stop doing business with banks that use a 3rd party domain for email links.
Don’t download programs from sites you don’t trust. Use app stores where possible.
Macs and Linux boxes are not immune to malware, do not treat them as such.
Use password managers where possible.
Use 2 Factor Authentication where possible. Avoid SMS-Based 2FA
If you download script files (eg: .bat, .ps1, .py), try to read it before running it. If you can’t read it, see rule 1.
Watch what you click and exercise scepticism. No, there are probably not 36 model-looking singles in your area.
Edited by writer to insert a comment from Aleksandr Valentij, Cyber Security Lead at Surfshark:
To work out if your details have been stolen in breaches you can link this tool as well.
Password managers are extremely helpful, look for the little padlock in the URL bar so you know the site is secure, be very careful how much information you post on social media, have a firewall/internet security, use a VPN
Make sure you know who you are talking to online, what the security level is of what you are using to communicate, and keep an eye on your surroundings. “You are your own best antivirus, you are the weakest link in your cybersecurity.”
If you are going to enter sensitive information online close your webrowser and then go order pizza.
Each tab talks to your webrowser, if something malicious is going on a website can get your info from a different tab. Plus closing all tabs shuts down malicious cookies.
Edited by writer to insert a comment from Aleksandr Valentij, Cyber Security Lead at Surfshark:
“Closing all tabs doesn’t clear all malicious cookies unless you were browsing in incognito mode. For that, you need to clear the browser cache.”
