The joys of the connected life online are many, but unfortunately can go hand in hand with intrusions from marketers and criminals. Here are some steps that can boost your privacy and data security online:
1. Turn On Automatic Updates
According to security professionals surveyed last year by Google, the most critical step you can take to boost security is to keep your operating system and other software up to date. If you have old software, you’re missing the latest protections. Turn on auto-updates across the board.
2. Check Your Data Breach Status
If you are wondering whether your personal data has been for sale on the web, check your email address and usernames at haveibeenpwned.com against lists from 120 known data breaches. If you information pops up, change the password for the compromised account and any other site where you are using the same password.
3. Be Careful Which Public WiFi Networks You Join
Laptops, smartphones, and other WiFi-enabled devices can automatically connect to familiar networks. That’s convenient, but it can also be risky. A hacker can set up a rogue WiFi network with the same name as a legitimate one such as “Google Starbucks” or “attwifi” and trick your gadgets into joining it.
Periodically prune the networks you join automatically. You can delete networks one by one, or if you have an iPhone or iPad, you need to go to Reset Network settings under General settings and delete all of them at once.
4. Make Better Passwords or Use a Password Manager
Strong passwords have two things in common: (1) they avoid patterns and (2) they’re just too long for a brute-force attacks (where a computer runs through every possible combination of characters to succeed). One way to make a great password is to string together unrelated words: pick five long, random words and string them together into a nonsense sentence that you can remember.
You can also use a password manager like LastPass and 1Password. (LastPass was hacked last year, but users’ passwords apparently remained safe.) You’ll still need one well-crafted password for your password manager account.
5. Beware of Phishing
Exercise caution when opening emails, clicking on links, or downloading attachments. One of the cyber criminals' favorite tricks is to pretend to be your bank or other legitimate businesses and ask you to provide your private and personal information or ask you to click a link to a site where it will ask you to enter your bank username and password. This is called phishing and it’s quite common. When you see these types of emails, delete them.
Do not download any attachments if the email seems suspicious, even if the email is from the person that you know. Your friend's email could have been hacked and it could send malicious messages to you and anyone that's on your email contact list.
6. Use the HTTPS Everywhere Browser Extension
When you see “https” and a green padlock alongside a URL in your browser’s address bar, it means that the data is encrypted as it travels back and forth between the website and your computer. (The “s” stands for “secure.”) Some sites that support https use it inconsistently. Add the HTTPS Everywhere browser extension, which you can download from the Electronic Frontier Foundation, and your connections will be encrypted anytime you connect to a website that supports https. It works with the Chrome, Firefox, and Opera browsers.
7. Use two-factor authentication.
You can lock down your Facebook, Google, Dropbox, Apple ID, Microsoft, Twitter and other accounts with two-factor authentication. That means that when you log in, you’ll also need to enter a special code that the site texts to your phone. Two-factor authentication works beautifully for keeping others from accessing your accounts.
8. Opt-out of supercookies and other ISP tracking
You should check your account settings to see if your Internet Service Provider (ISP) allows you to opt-out of any tracking. It is generally found under the privacy, marketing, or ads settings.
9. Use Temporary Email Addresses
You’re often asked for an email address to view or use the website just once, you can provide a temporary email address to dodge years of marketing emails flooding your inbox. You can get functional email address for 10 minutes (or 20) from 10minutemail.com. When the time is up, the email address self-destructs. 10minutemail.com doesn’t retain any personal data.
If you truly care about your privacy, you’ll surf the Internet anonymously by hiding your IP address. You can do this using a web proxy, a Virtual Private Network (VPN) or Tor, a free open network that works by routing your traffic through a series of servers, operated by volunteers around the world, before sending it to your destination. However, while VPNs can be useful, they carry their own unique privacy risk. Make sure you trust your VPN provider to not do the shady things that you don’t want your ISP to do.
Now that you know what to look for in a VPN provider, you can use these guides as your starting point for research: (1) https://thatoneprivacysite.net/vpn-section; and (2) https://torrentfreak.com/vpn-services-anonymous-review-2017-170304. Though keep in mind that a lot of the information in the guides is derived from or given by the provider, so again, it requires us to trust their assertions.