Online security is more important now than ever before, because so much more of our lives rely on the different internet services we use.
That’s why we’ve put together this list of the top ten things you should avoid doing on the web to avoid being hacked or getting a virus on your computer.
10. Visiting low quality websites
A lot of websites on the internet are low quality websites and some are even malicious and look to install viruses onto your computer.
That’s why it’s important to consider the quality of the website you are about to visit before you access it.
A good rule of thumb is to avoid any outright dubious looking websites (e.g. gambling, torrent, free video sites, or free software sites).
If you really do need to access them, we recommend accessing it using a mobile or tablet devices as they are much harder to infect than desktop computers.
Even then it’s a good idea to have an anti-virus app installed on your phone just in case.
9. Not updating the software on your computer
A crucial step to making sure your computer is secure is making sure that the software that you have installed is up to date.
With any type of software, the risk of them having security issues is almost a certainty.
If you don’t update the applications that you use, you won’t get the software patches that the developers have released to fix security issues they have found.
That dramatically increases the risk of your computer being infected. It also means that the older the software on your device, the more security bugs your device is likely to have.
We know that updating each application one at a time can be a headache, which is why we recommend Ninite Updater (https://ninite.com) to our clients.
Ninite Updater can update most of your applications all at once, making it simple to make sure you’re secure. There are now many other tools that do this for you; Ninite Updater is just one of the oldest.
Note: Some anti-viruses do provide auto update because it’s suck a key important security feature; it’s a good idea to check and see if your anti-virus application already provides this as a service.
8. Not using two-factor authentication for key online services
Most important online services nowadays will off you the ability to setup two-factor authentication, as it’s a very secure way of making sure that the only person who can access your account is you.
The easiest way of explaining two-factor authentication is that it requires you to have a device with you to manually allow any attempt to login to a service.
Usually this is in the form of an app on your smartphone that will popup a window asking you to authorise the login attempt when you try to login to your bank/email account/etc.
That means that if anyone wants to login to your account, they will require both your login information and a physical device that you have on you to gain access.
Here is a list of services that will often allow you to setup two-factor authentication on them:
- Email accounts
- Online banking accounts
- Password management services
- Website management systems
A common form of two-factor authentication is “SMS verification”. It is used widely because it doesn’t require you to have any special device, it only requires that you have a phone capable of receiving text messages.
SMS verification is great as most providers can set it up, even if they only know your mobile phone number. This is why Google offers it as their default authentication method.
Note: If you travel overseas and have SMS verification setup, you will want to make sure you can receive SMS messages to make sure you can still access your accounts.
7. Using public WiFi connections without encryption
Public WiFi is a great service that many businesses offer, as it means that you can access online services without having to worry about it contributing to you mobile data plan.
The large security issue with public WiFi is that unless you are using SSL for your email accounts and on the websites you access, malicious people can potentially snoop (look at) what you’re receiving/visiting.
That’s why it’s important to make sure your email accounts are setup to connect to your server using SSL.
That’s also why it’s important to make sure you are accessing websites via SSL/https.
If you connect to your email account or visit a website via SSL, your connection to the email/website server will be encrypted and no person on the same network will be able to look at the information you are sending and receiving through them.
Note: You can tell you are accessing a website via SSL through the padlock symbol to the left of the website URL and because it will show “https://” at the start of the website address.
Another way of making sure that your internet traffic is secure is through the use of what’s called a VPN (Virtual Private Network).
A VPN will funnel all of your internet traffic through another internet connection, and encrypt every bit of data between you and them.
They are often cheap (at less than $10 p/m) and often offer detailed privacy guarantees, which means they are a smart purchase for the privacy and security concerned user.
6. Saving your internet banking password in your browser
It shouldn’t be surprising to say that one of the most important login details that you have are your internet banking login details.
That’s why it’s important to make sure they are not saved in insecure ways on your computer. For instance, in the past a lot of browsers would save the passwords you stored on your computer without protecting them using encryption; meaning that if any virus got onto your computer, then they would be able to steal all the passwords you had saved easily.
Now most browsers do have security measures in place to stop that sort of thing, but as those types of login details are so important, we still don’t think it’s best practice saving them that way.
The best practice is to just rely on your memory for any important service that you need to login to, or, if you have to write the password down, alter it in some way you will remember. Combining this with some sort of confirmation (eg SMS) for larger transfers is just good common sense.
5. Sharing your passwords in plain-text in emails
Within a business, sharing passwords with co-workers is often necessary.
That’s why it’s important to make sure the method you use to share them is secure and won’t leave you vulnerable later on down the road.
A common way people share passwords is through emailing them to their colleagues; the problem with that is that people often leave those emails in their email accounts after reading them.
If your email account is hacked at some point in the future, hackers do scan your email and will have access to any logins you’ve sent or received via email. One of the techniques bad guys use once they have access to your email account is to search through your email mailbox looking for saved passwords, they then try these everywhere to see if they can break into your accounts.
The best practice for sharing passwords within a business is to use a password management tool like LastPass (https://www.lastpass.com), which can be setup to share login details to various employees without the risk of having these details compromised through an email account being broken into. Alternatively, alter the passwords, or have part sent by email and part by text, depending on the importance of the password.
Note: It’s worth deleting any passwords you have receive via email after you have saved them in a password management tool (and remember to clear out your deleted messages!)
4. Keeping passwords in a spreadsheet or text document on your computer
One unfortunate practice we’ve noticed some people doing is saving their passwords on their computer in a text or word document.
You should never do this! Just like the email password issue, if someone infects your computer with a virus, then they will have all of your passwords within easy reach.
This is one of the first things a hacker/virus will look for once they have gained access to your computer; it’s just asking for trouble! In this day and age, you need to remember that even your own computer is not secure. Major businesses have been hacked using this sort of technique.
We understand that sometimes managing/remembering your passwords and login information can be difficult, but due to this difficulty many services have been created to allow you to use different passwords for each site, whilst not having to remember them all.
One of those services is LastPass, which we use internally and wholeheartedly recommend.
It helps you use good, random passwords for each website that you need to login to, whilst only requiring you to remember one secure password.
Within teams LastPass is great as well as it allows you to share access details with team members, without necessarily giving them the passwords themselves (it can be setup to auto-fill into a website, but not show them what the password is directly).
It also allows you to update the passwords to services and make sure everyone has the new login details automatically.
3. Not having an anti-virus program installed on your computer or phone
These days it doesn’t matter if you’ve got a Mac or a PC, both are highly vulnerable to infections.
Even mobile devices are vulnerable these days as they are being targeted more and more due to how widespread they are. Security professionals tend to think the iPhone ecosystem is a little more secure than the Android space, but the jury’s out on that one – and it changes all the time.
Modern anti-virus programs can stop infections before they start and a good anti-virus program will nearly always protect you from most security incidents, which is why having one is an important step to making sure your devices are secure.
Now whilst a paid anti-virus program will protect you more than a free one most of the time, there are good free alternatives out there if you are on a tight budget.
One of those is Avast Antivirus (https://www.avast.com).
Avast is a paid anti-virus application that also offers the basic level of protection for free, so if you don’t already have an anti-virus application installed, we highly recommend using it.
2. Using easily guessable passwords
This is a point that should be self evident; if you use a password that is easy to guess then your account is more likely to be broken into.
A common method hackers will use to try and steal a password is called “brute forcing”, which is a method of using a program to try a lot of passwords over and over to try and gain access to your account.
This becomes an issue when your password is easily guessable, as it severely reduces the time it takes one of those programs to guess your password.
That’s why we don’t recommend using a password that is something along the lines of a dictionary word followed by some numbers, as that is one of the first things those programs will try.
It’s also not a good idea to use your name, your website/business name, or anything obviously associated with you in your passwords. For instance “diana63” will definitely get you hacked – faster if it’s your date of birth!
We recommend using a password broken up with numbers and symbols, with a minimum length of eight characters of more.
1. Using the same password and email address on every site
This is definitely the worst habit that you can have when it comes to being secure on the internet.
If your login details are stolen, the first thing a hacker will do is try those on all the other common online services to see if they can gain access to them.
If you do have the same password for everything you use, they will gain access to everything at once and it will be a nightmare to recover from.
The disappointing fact is that this is the most common way that people have their different services hacked.
Now as if that wasn’t bad enough, it also means that you are much more likely to run into that disaster scenario.
As much as we would like to think that large companies would have better security on their websites and thus be immune to hacking attempts, large online services sometimes have their servers hacked.
Even large companies like Sony aren’t immune from the risk of their websites and servers being attacked.
In these attacks on large companies sometimes user login details are stolen, which means that if you use the same login details those hackers can then gain access to all of your online services (even if you have done nothing wrong on your side to have your details stolen!).
So all of this is to say that it’s necessary to use different passwords for each website that you log into.
Remembering all of those passwords is practically impossible, so that’s why we recommend a password management tool like LastPass, which can store all of your login details securely and only requires you to remember one primary password.
Have questions about how to secure your website against infections, or anything we’ve mentioned in this article?
Contact us by emailing our support team!