I feel like a broken record. I’ve written about online safety more than any other topic for this column. I’ve done so with good reason. It seems like online threats we face continue to grow and you can’t review this topic enough time.
Just consider the Capital One breach that was announced last month.
Fortunately, if you practice good online hygiene and were impacted by the Capital One breach, you will likely be OK. Why? Because the breach did not actually expose any credentials, the username and password used to login to your account. If it had, and you have properly secured your Capital One online account, you would be OK. Why, because if you have enabled two-factor authentication, even if the hackers had obtained your username and password, they would not be able to login and you would have received a notification alerting you that someone, somewhere was trying to access your account. This is because you will have practiced good online hygiene.
It is more important than ever to take all necessary steps to ensure your online safety. As I have written about before, the following are the bare minimum precautions you should be exercising.
Install next-generation endpoint security software to protect your computer. This is commonly referred to as anti-virus software, but it has evolved to address a much wider array of threats. I’m a fan of Sophos Home security software. Sophos is a major player in the security space for corporations and they make an excellent commercial product for businesses and the Home version brings some of these same technologies to consumers for a very reasonable price.
You should enable two-factor authentication everywhere that you can. You may even want to consider a small hardware device like a USB YubiKey that must be inserted into your computer USB port to enable your login to public websites like Google and others. While text codes for two-factor authentication are able to be intercepted, the process to do so is not simple, so these are still mostly safe, unless you are in a high-risk job that may not allow them. Regardless, having two-factor authentication enabled for all websites you have to login to is a must.
If you are not already using a password manager, it’s time to. Every single one of your online passwords should be unique to that site. Unless you have a memory unlike any, there is no way you can make all of these unique passwords secure. Using a password manager, you can create unique passwords that are long, as in 12 characters or more and combine upper, lower case, numerals and symbols. The password manager will save them, allowing you to more easily log in from any computer or mobile device where you have loaded your password manager. That said, never load your password manager on any device you do not own and fully control. The password manager is safeguarded by one master password that you must remember. Put your brainpower to work on this one password, making sure it is lengthy and highly unique - ideally, a lengthy phrase only you will remember. Do not save your passwords in your web browser. This is not nearly as safe as a dedicated password manager. Google “password manager” and read reviews and decide which one will be best for you.
Finally, safeguard your credit and debit cards. You should only use the chip method of payment. Chips encrypt the transaction far more securely than the magnetic stripe. Places that still require you to swipe are also paying a premium to the processing companies for not using chip technology, so you may be paying more to cover the fact they have not updated to the latest payment processing technology. Nearly all payment terminals now support some form of smartphone payment, be it Apple or Samsung Pay. When you can use your smartphone, do so. The encryption is far superior to that natively on the card itself and it is widely considered the most secure way to pay.
These are just some of the steps you should be taking. The bare minimum as I stated previously. This is a start to being as safe as you can be online. Become not just a student of online safety but a practitioner. You’ll be glad you did.