Data breaches, malware, phishing scams and other cybersecurity threats are on the rise, and tech companies are struggling to keep up. Big-name companies such as Yahoo, Target, LinkedIn, Wendy's, Home Depot, Weebly and others, have all fallen victim to cyberattacks.
It's enough to make you feel like protecting your information is practically impossible. But that's the wrong way to look at it. As the services we use on a daily basis become larger targets for hackers, that means it's even more critical that we all take the necessary steps to protect our private data. But where do you start? Follow these five steps if you want to instantly boost your safety online.
1. Passwords, passwords, passwords
First and foremost, let's talk about passwords. The passwords you use can either act as your first line of defense against hackers, or it can be the open window that lets them slip through.
Obviously, you want to have the type of passwords that keep snoops out of all your accounts - and adding a few special characters just isn't going to cut it.
To make things simple, we've put together a checklist that will help:
- Create unique, complex passwords that aren't hard to remember: The average six-character, lower-cased password takes a hacker around 10 minutes to crack. That's not very long, especially when you consider that adding around four more characters and a few numbers could extend that time by about 45,000 years. The good news is, you don't need a password that looks like a foreign alphabet to get the security you need. Use these tricks to create a password built for online security.
- Use a different password for EVERY account: One of the most common password mistakes people make is using the same password for multiple accounts. No matter how small or insignificant an account may seem, most ask for details like your date of birth, email address and even your phone number. The list of accounts you have, and the passwords associated with them, may seem endless. Use the tip in bullet three to easily keep track of every online login you have.
- Don't write your passwords down: Depending on how many online accounts you have, it may be difficult to keep track of all your passwords - especially if you're following the guidelines of the first two tips and creating passwords that go beyond the basics. But, it's never a good idea to write your passwords down. Those notebooks designed to log all of your passwords, don't buy them, and if you have one, toss it in the shredder. They're risky because if you lose them, someone else could find them and have access to everything! Use a password manager instead. We use one called Keepass here at the studios. Password managers store all of your passwords securely and make it so you only have to remember your primary login.
- Change your passwords regularly, but not too often: Research shows that changing your password too often is actually a bad choice if you want to improve your online security. That's because the more often your password changes, the more difficult it becomes to remember. However, using the same password for years on end isn't a good idea either. We recommend that you make it a habit to update the passwords for each of your accounts at least once or twice within a 12-month period. If one of the services you use is involved in a data breach, then you'll also want to update your password for that account (and any similar accounts) immediately after hearing the news.
2. Set up two-factor authentication
Whenever possible, set up two-factor authentication for your online accounts. This security feature adds an additional step to the login process, but it also adds an extra layer of protection.
How it works: With two-factor authentication, having your username and password isn't enough for a hacker to access your account. The first time a login is attempted from an unrecognized device, a second form of verification will be required as part of the login process.
This second form usually comes as a code that's sent via text message to the mobile number that's listed on the account, which means that the hacker would also need access to that device (to get the code) to successfully log in. It also means that you would receive the code (as long as you have your mobile device), and would be alerted that someone had just tried to access your profile without your permission.
Sometimes, it really is you who's wanting to log in from a new device. If this is the case, you'll just have to enter in the code you've been sent and then save a new "trusted device." Then, the next time you log in from that device, you won't be asked to provide extra verification. Be careful, though. Make sure your trusted devices are only devices you plan to use on a regular basis. Learn how to set up two-factor authentication on your Facebook account by clicking here.
3. Delete accounts you've abandoned
You wouldn't toss out an old credit card without cutting it into tiny pieces, right? It's too big of a risk. If someone were to find it, they could use it to track down more of your private information.
The same thing applies to your old online accounts. Everyone has them. Email accounts they set up as teenagers, profiles for social media sites and dating apps that they no longer access - these accounts may not mean anything to you anymore, but they're a treasure trove for hackers.
Have too many online accounts to remember them all? A site called AccountKiller makes it easy to track them all down and provides you with the steps you need to close down the accounts you're no longer using. You should also read this if you want to delete your Facebook account. (It's a tricky process, but we'll walk you through each step.)
Note: Sometimes, you may also want to delete accounts you're still using simply because you've lost trust in the company that's storing your private information. After Yahoo's cover up of multiple data breaches, we recommend that you close your Yahoo account for Yahoo Mail and other related services such as Flickr, Tumblr, Yahoo Sports, Yahoo Messenger, Yahoo Shopping, Yahoo Music, etc. Click here for a step-by-step guide for the steps you need to take right now if you're a Yahoo customer.
4. Has your info been stolen? Check.
Now that you're planning your schedule and booking time every six to 12 months to update all of your passwords, you should also use that time to run a quick check on HaveIBeenPwned.
HaveIBeenPwned is a sight that keeps track of the known data that has been compromised in past breaches. Just run your email address or username through the search field, and it will tell you if your login information has been linked to any past breaches.
Beyond that, the site also provides you with a full list of the breaches your credentials were associated with. This makes it easy to track down which profiles you need to update the passwords for.
If you'd like to know immediately that your data has been compromised, you can also use the "Notify me" feature and receive an alert if it happens. Click here to check your email address and username now.
5. Encrypt all of your messages
Whether you're emailing or messaging, you need end-to-end encryption if you want your communications to be secure. End-to-end encryption is simply a method of scrambling your messages so that they can't be read if they're intercepted by someone other than the end user.
To put that into perspective, it helps to think of a telephone call. Imagine if you called your mother, and the sound of your voice was scrambled until it reached her on the other side of the line.
That's how end-to-end encryption works, and it prevents hackers and even governments from spying on your private conversations.
It sounds really techy, right? Well, it can be. But it can also be as simple as choosing the right app. Some messaging apps have been slammed for the lack of privacy they offer. (Facebook's WhatsApp is one that we don't recommend for anyone who has concerns about privacy.)
Other apps are commended for the level of encryption they provide. We recently told you about an app called Signal Private Messenger that millions of users are flocking to. Signal lets you use your existing phone number and contacts list, encrypts all of your messages and even lets you group chat with friends. For a full list of Signal features and download instructions, click here.