There are hundreds of different ways that the average internet user is vulnerable online.
Fake news, phishing scams, malware, and identity theft are just some of the common online security issues. Intrusions like this can cause both long- and short-term damage, and it is often difficult – or even impossible – to rectify the damage. This is why keeping your details safe while you browse the web is of the utmost importance.
You should think of your electronic devices like your home. Your smartphone, tablet, and laptop probably contain more information about you than your house does – but you’d never go to bed without locking the front door.
Below we present 23 online safety tips covering everything from basic password protection to more sophisticated solutions for internet security.
1. Use strong unique passwords
2. Use a secure password manager
3. Avoid sharing passwords with others
4. Protect your accounts with 2-step verification
5. Make sure your Wi-Fi is password protected
6. Only use secure websites - look for the padlock
7. Use a trusted, modern web search engine
8. Avoid using public Wi-Fi hotspots, but if you have to, then use a VPN
9. Log out of publicly shared devices
10. Stop and restart if you notice something suspicious
11. Learn to spot spam and phishing emails
12. Identify fake websites and URLs
13. Use up-to-date antivirus and internet security software
14. Use the latest operating system available on your device
15. Only download trusted computer programs
16. Set up a pop-up blocker
17. Make sure your device's firewall is enabled
18. Backup your device
19. Tighten your social media privacy settings
20. Don't share personal information publicly
21. Cover your webcam and turn off your microphone
22. Learn how to spot fake news
23. Be careful when you meet people online
1. Use strong unique passwords.
There are several easy rules to follow when it comes to setting secure passwords.
Firstly, avoid any predictable personal details like your date of birth or your middle name. Your password should be hard to guess.
Secondly, you should set strong passwords that are extremely hard to guess. The ideal password is:
- over twelve characters long,
- includes a capital letter,
- includes a number, and
- includes at least one special character.
Your passwords should be unique. Avoid using the same password on multiple websites and apps.
TIP: Use a password manager to generate unique passwords and store all your passwords in one secure vault.
2. Use a secure password manager.
A password manager is a handy app for storing all your passwords.
When you use a password manager, you can create strong unique passwords without any need to remember every single one. All you need to remember is the master password for your password manager app.
All major browsers also have in-built password managers. For example, when using Google Chrome, the browser will offer to save your password and if you are logged into your Google account, your passwords will be saved in your Google account so you can access them from your other internet-connected devices.
Internet Security and Anti-Virus software providers also offer their own versions of password protectors and there are free options available as well such as LastPass.
3. Avoid sharing passwords with others.
This might sound like obvious advice, but it’s crucial that you don’t share your passwords with anyone – not even friends or family members.
Remember that customer service teams will never ask you to share your full password online or over the phone. So be wary of calls or emails from banks and businesses asking you to share your password.
4. Protect your accounts with 2-step verification.
2-step verification is also known as 2- factor authentication
This simple additional measure can make all the difference. When you’re logging in to an e-commerce site like Amazon, set up a 2-step verification process.
2-step verification means that after you have entered your username or email address and password, you will receive a text or call containing a passcode to your mobile phone. You will then need that passcode to enter your account.
If you suddenly receive a passcode when you are not trying to log in – you’ll know someone else is trying to gain access to your account using your details. If this happens, change your password immediately.
5. Make sure your Wi-Fi is password protected.
If you pay for your private internet access for your home or business, your WiFi should be password protected. This prevents (or at least deters) hackers from accessing your wireless network. Check out the first point in this list for some guidance on choosing the securest password possible.
6. Only use secure websites - look for the padlock.
Businesses and organisations can protect you by making their websites secure.
If you know how to identify an insecure website then you can better protect yourself. You should never give your personal details to, or log into an insecure website.
How to spot an insecure website? Look for the padlock or the "s"
To see if a website is secure, look for a small padlock symbol in the URL bar of the browser. If the website is secured, there will be a small padlock symbol before the web address.
You can also click the address bar to see the full web address - if it starts with https:// then it is secured but if it starts with http:// it is not secured.
This is generally a pretty good indicator that a website is trustworthy and safe to use.
7. Use a trusted, modern web search engine.
Web Search Engines help you find what you want by suggesting useful websites. A good search engine will only every suggest reputable and secure websites.
That's why it's important to use a well-known modern search engine.
While Google is the go-to for the majority of people, there are plenty of secure search engines out there to choose from.
Our top search engine recommendations
- Google - the most advanced search engine in the world
- Bing - a clever and sophisticated search engine from Microsoft
- DuckDuckGo - a privacy-first search engine
- Ecosia - backed by a social enterprise that donates 80% of its profits towards reforestation.
8. Avoid using public Wi-Fi hotspots, but if you have to, then use a VPN.
Hackers can use an unsecured Wi-Fi connection to spread malware and steal your data.
Signing up to use public Wi-Fi, for example at a shopping center, gym, or airport, can leave you vulnerable to such intrusions.
If you must use public Wi-Fi, do it with a VPN – there are plenty of cheap options from reputable providers. Be sure to do your research as some VPN providers have been accused of spying on users in the past.
Suggestion: Our suggested VPN is Mozilla VPN due to Mozilla's strong positive reputation as a pioneer of internet security and privacy.
Fun Fact: Mozilla is the organisation behind the Firefox web browser which is a rival to Google Chrome.
What is a VPN?
VPN stands for Virtual Private Network. Simply put; when you enable a VPN service on your device, your internet connection is encrypted which hides our personal data and ensures your privacy.
9. Log out of publicly shared devices.
If you do need to use a public PC, like a computer in an internet café or in your local library, make sure you log out of your email, social media, and any other online accounts before you leave.
10. Stop and restart if you notice something suspicious.
If you find something which looks out of the ordinary on your device, stop what you're doing and restart your device to see if this solves the problem.
If there unusual pop-ups or your internet searches are being redirected use anti-malware software to scan your device for bad software.
11. Learn to spot spam and phishing emails.
Phishing is a cybercrime where criminals contact you pretending to be a legitimate company. Phishing can be done via text messaging, email, or phone calls. The aim of phishing is to get you to give away your personal details like your bank account information, passwords, or other personal data.
Phishing emails are common and can be surprisingly convincing. They might even contain a few of your personal details. The email will usually ask you to click a link that takes you to a fake website designed to capture your personal details.
Take the below email for example. It claims to be from Facebook and creates an urgent situation to lure into replying. But read the email closely and note the inconsistencies.
Here are a few things to look out for in order to identify phishing emails.
1. Check for bad grammar and spelling mistakes in the email
2. Check that the email address that sent you the email is legitimate; for example, if it claims to be an email from Facebook, but the email address does not end with @facebook.com, then it is probably a phishing attempt - or if it's an email on a public domain like @gmail.com, that’s also a good clue.
3. If you suspect an email of phishing, do not click any links or buttons in the email - but if you do happen to click a link, do not fill out any forms on the website that it takes you. Simply close it.
In the image above, the email was sent from @appealreview.com. It's not from Facebook's domain @facebook.com.This is something that cybercriminals cannot fake.
TIP: Also learn how to spot fake websites in case the phishing email convinced you to click a link.
Reminder: Good businesses and organisations will never approach you to ask for your personal data or your full password over the phone, by text, email, or chat.
12. Identify fake websites and URLs.
Criminals can create copies of legitimate websites in order to steal your personal data.
There are several, simple ways to identify a fake website or URL.
Check that the domain name is appropriate for the site
Notice if the site is written badly
Look for any reliable contact information for the business in question.
TIP: Use a search engine to search for the business and access their website that way - then compare the two websites to see if they are exactly the same.
It’s also worth double checking any deals that seem too good to be true – they usually are.
13. Use up-to-date antivirus and internet security software.
Antivirus software scans and protects your device from viruses, worms, and trojan horses while Internet Security software protects your privacy secures against internet threats as you browse the web.
You can get Antivirus and Internet Security software in one package from some brands. Both security products are crucial for protecting your devices. They help to detect any potential threats or malware and eliminate them from your device.
It's worth investing in good security software. Remember to update it often to ensure you have maximum protection.
3 Popular Antivirus and Internet Security software providers
14. Use the latest operating system available on your device.
Operating systems receive regular updates regularly to patch security loopholes. So keeping your devices up to date with the latest version of the relevant operating system can make a big difference to online security.
Most modern computers, tablets, and smartphones will prompt you when an upgrade becomes available. If you’re not sure whether your computer needs an update, you can usually check for updates in the system settings.
So, whether you’re loyal to Microsoft's Windows operating system, Apple's macOS, or you lean towards niche systems such as Ubuntu on Linux - make sure you keep up with the latest updates.
15. Only download trusted computer programs.
Downloads are one of the easiest ways to give hackers access to your device.
You should only ever download computer programs or software which you trust. You can download and scan programs before you install them, to detect malicious software before it can do damage.
How to scan a program before installing
When the program has downloaded to your device, right-click the file and select the Scan option. Depending on the Antivirus software product on your computer, this Scan option may be worded differently by it will display an icon of the brand.
16. Set up a pop-up blocker.
A pop-up window (not to be confused with a pop-up ad) is when a website opens a new tab or a new window without your permission. This could be done to display an ad or to try and compromise your security.
If you're using a modern browser you can set it to block unsolicited pop-up windows. Some adblockers will also function as pop-up blockers.
If you do see an unsolicited pop-up, never click on it – it’s most likely a gateway to an unsecured website, which you should avoid wherever possible.
However, most reputable websites do not use pop-ups these days. So if you're getting many unsolicited pop-ups, then you may have strayed into a dodgy neighborhood of the internet.
17. Make sure your device's firewall is enabled.
The majority of modern computers and devices come with a firewall built-in, so you probably won’t need to purchase separate software for this.
Your antivirus software will also come with a firewall - however, you can only turn on one firewall at a time.
It’s important to ensure your firewall is active. You can usually check and choose which firewall to turn on in the system settings.
18. Back up your device.
This is less of a preventative measure, and more a means of insurance.
Having a recent backup of your data and files means that you won’t lose everything, or have to start from scratch if your computer does catch a virus, or become compromised.
19. Tighten your social media privacy settings.
You probably share a lot on your social media profile without realising it.
An alarming amount of personal information can be extracted from your social media profile. Your current location, job history, friends, phone numbers, interests, email addresses, and so much more.
Cybercriminals can use your social media profiles along with other means such as using spyware and phishing emails to collect your personal information.
This allows them to connect the dots and steal your identity for example. So it's important to be mindful of what you post online and what information your share publicly.
Changing your settings to private, and declining any friend requests from people you don’t directly know will help to limit this kind of exposure.
20. Don't share personal information publicly.
Similarly, it’s imperative that you don’t share personal information – like your address, contact, or payment details – in public spaces online.
That doesn’t just mean on social media, but also on public message boards or in comment sections; only ever share these details with people you trust.
21. Cover your webcam and turn off your microphone.
It’s an unthinkable invasion of privacy, but hackers have often been known to use spyware to gain access to the webcam and microphone on a device.
When you’re not using them, it’s best to cover your PC’s camera with something small like a sticker and turn your mic off altogether, to remove the risk of any illicit surveillance.
Some modern laptops have an inbuilt feature to cover up the camera or you can buy webcam privacy covers online.
22. Learn how to spot fake news.
Among the host of modern online issues, there is "fake news".
What is fake news?
Fake news is news that is not true. It is created and presented as news in order to spread lies, damage reputations, disinform targetted communities, and/or make money from advertising.
Fake news is a big problem right now. Not only does it cause widespread misinformation, but if you click on an illegitimate article, you might also compromise your device.
Fake news spreads when it is shared online. You can help stop spreading fake news if you can spot it.
How to spot fake news
1. Before you share a news article, verify the facts by checking other reputable national news outlets
2. See if the story is on TV or Radio news broadcasts
3. Ask yourself if the story is believable
4. Examine the website where the story appeared - is it a genuine news source?
Simple checks like this can help you spot fake news so you don’t accidentally spread it even further.
23. Be careful when you meet people online.
Ask any couple that got together in the last 5 years and chances are, they met online.
The internet is great at connecting us, but it can also lead to unwanted online attention and unsafe offline meetings.
Avoid sharing personal information with strangers you meet online and be vigilant when online interactions become offline relationships.
These tips will help you to avoid most online security risks. Whether it's protecting your devices or safeguarding your privacy, you should always stay alert.
One staple takeaway is that no reputable bank, business, or charity would contact you and ask for your payment details outright. So be careful of sharing sensitive bank details with someone that contacts you first.
Learn how to use technology and stay safe online
At City Lit we offer practical courses on technology, including subjects in computer and digital skills, computer hardware, and using the internet.