Check For Data Breaches

The first step everyone needs to take is visiting https://haveibeenpwned.com.  This is a website that will search your email address across all known databases that have been hacked.  It will let you know if hackers at large have access to your user credentials.  If you find any breaches go change your password immediately on those sites!

Password Security

Passwords are one of the most important areas to safeguard your online security, but are often the most poorly handled due to lack of knowledge. Users have been taught to create crazy passwords with uppercase letters, symbols, numbers, etc and expect them to remember them.  Inevitably this leads to poorly created passwords, writing passwords down, and reusing passwords on multiple sites. One of the first things hackers do when they have a password is try it on other sites.

Password managers are an essential part of online security now.  They allow you to generate secure (different) passwords for all sites and store, encrypt them, and store them.  They will then be automatically entered on the sites you visit.  All you will need to remember is one password for the manager.

The best way to make a secure password for your manager is to pick 4 common words and put them together in an order you can remember.  We recommend LastPass which is free to use for the basic version and if you would like the premium features go here for a free month. LastPass works with all major web browsers, iOS, and Android.

Additionally, make sure you have a password set on your cell phone.  Remember that a 4 digit password has 10,000 possible combinations while a 6 digit has 1,000,000 combinations.  If you use a pattern lock read this. Fingerprint locks are very convenient, but not necessarily as secure.

Set Privacy Settings

Luckily many of the applications you use everyday on your computer and phone, as well as the devices themselves, have many privacy settings you can turn off.  Making theses adjustments will go a long way to improving how you are tracked:

• Block third party cookies on your browser.  Cookies are files stored on your computer that contain personal information in relation to websites that you view.
• Turn on Do Not Track in your browser.  Websites and ad networks are constantly tracking your browsing history and this will tell them you do not want to be tracked.  Note that websites can choose to ignore this.
• Set your privacy settings on Google, Facebook, other social sites, and turn off location services and tracking in apps and your phone

Physical Security

There are many physical security measures you can take to protect you privacy, but there are two very simple ones you should take no matter what.

• Block your webcam with a piece of tape, sticky note, or one of these.  Hackers can and do get access to people’s webcams without their knowledge and regularly spy on them.  Even worse they share these online as well.
• Get a shredder with P-4 security (cross-cut) or higher. Always shred documents containing your Social Security Number, birthdate, parts of credit card numbers, actual credit cards, any account numbers, medical records, and any other personal information.

Other

• Ensure automatic updates are on for your operating system, phone, software, and apps.  This is to ensure you have the latest patches that frequently fix security holes.
• Enable two factor authentication on your most important accounts.  Two factor authentication adds an additional step when a new device logs into the account.  Typically it involves getting a text message sent to your phone with a pin to enter, once entered this device is usually remembered.  If your password is compromised this can add a very important step a hacker can’t get past.
• Remove personal information from social media.  Don’t have your birthdate, address, or phone number available.
• Understand how phishing attacks work.  This is one of the most common ways individual passwords are stolen.
• If you own any Smart Devices don’t use default passwords.  This provides a very easy entry point for hackers.

VPN

Possibly the biggest step you can take to truly protect your privacy and security online is getting a VPN.  Many people use them for work, but there are many personal options available. Essentially a VPN connects you directly to a server with an encrypted connection.  All your internet traffic will be routed to that serve and back to you encrypted.  This ensures that no one, including your ISP, will know what you are doing online.

VPNs are very easy to use, but they aren’t all made the same.  Do not use free VPNs as they often are actually tracking you and in turn selling your data, which is what we are trying to avoid!

We recommend Private Internet Access.  They are very easy to use, do not store any logs of your usage, accept forms of anonymous payments, and are very affordable.  If you sign up for a year it is only $3.33 a month to protect your privacy which is a bargain.  There are many VPNs that keep logs that could be subpoenaed by the government.

Your Computer

• A new, and quickly growing threat is ransomware.  You can avoid ransomware by not downloading attachments that seem fishy, or applications online you don’t completely trust, and ensuring your computer’s malware programs are running. As a last resort backups can help you go back in time to before your system got infected.  Utilizing a backup hard drive that is not constantly connected to your computer is necessary so the backup isn’t infected too.
• You should also make sure you hard drives are encrypted so if your computer is ever stolen it can’t be accessed.

Other

• Identity theft is a very serious problem that can have long term consequences.  Sign up for free credit monitoring services like CreditKarma.  If you find issues report them at https://www.identitytheft.gov/.
• Surprisingly children are common targets of identity theft.  Check your children’s credit report by the time they turn 15.  This will allow enough time to fix any issues before they turn 18.
• Utilize browser plugins to remove ads and help remove sites abilities to track you.  Adblock Plus and Ghostery are two great examples.
• When signing up for services that you don’t want sending you email – use an anonymous email source.  10 Minute Mail creates an email address you can use for 10 minutes and then it is destroyed.  Mailinator creates an address that can be used permanently, but beware anyone can type in the same email address and see the contents.

Secure Email

Most of use the many free email providers such as Gmail.  What you may not realize is that those emails, if encrypted, are still not safe from the government.  Additionally, these companies use the content of your emails to further target you for advertisements. Proton mail is a free, open source, fully encrypted email service that is based in Switzerland.

When you create a fully encrypted email on the service it will be unreadable by anyone other than the recipient.  Additionally you can send emails that auto-destruct after a set period of time, and importantly you can email people using any provider in both an encrypted and unencrypted way.

Secure Browsing

A very important project is The Onion Router (Tor).  In basic terms, Tor is a huge volunteer network across the world that bounces your traffic between many nodes to keep it anonymous.  While the details of the system are beyond the scope of this article you can read more here.

Even if you don’t take the step of moving to the Tor browser, you can at least make sure your internet searches aren’t tracked by using DuckDuckGo.

Secure Chat and Phone Calls

If you want to take your chat and phone calls to the next level of security and privacy you can use the free app Signal. With their app you can have completely encrypted chats and phone calls with other users completely free.