How Not to Get Hacked

The Internet is open, so everything that happens on it can be seen unless it’s protected. In modern countries, people are more worried about getting hacked than about any other crime. Why? Because every computer or phone on the Internet is regularly being tested for vulnerabilities by criminals, terrorists, or even state actors. If you’re not careful, somebody could hack your device or accounts, and even steal your identity or your money.

So how can you make sure your information is safe? Here are 9 tips to keep in mind. These aren’t just friendly recommendations, they are critically important. In fact, if you don’t follow these tips, it’s almost guaranteed criminals and hackers will collect your personal information and use it in ways you don’t expect.

Tip #1: Look for the Lock

When browsing the web, always look at the address bar of the site you’re on to see if it’s protected. If the URL address bar says HTTPS and shows a lock, that means any information you send is going on a secure line to the website you’re visiting. This means it’s very likely OK to send private information or passwords. (Of course, you never know; somebody could’ve hacked the computers on the other end, in which case all bets are off.)

If there’s no lock and the web address says HTTP without an S, that means every bit of data you send is out in the open and definitely not safe. This isn’t a problem if you’re just browsing the news. But if you’re checking email, social networking, shopping, banking, or doing anything that involves a password, you should always check for the lock. If the lock isn’t there, anything you type is going out on public wires, and you can be absolutely sure that somebody else is watching it and collecting data, such as your password.

Tip #2: Check the URL

Next, always make sure you’re on the legitimate version of a website by checking the URL. Sometimes a web site might look like what you want, but it’s a fake. How did you end up here?

The main way people end up at fake web sites is by clicking on fake emails. This is called a phishing scam.

A phishing scam is when you get an email from what seems like a trustworthy source, asking you to log in or download something, but the link goes to a fake site. If you log in, you’ve been tricked into giving away your password and now they have access to your real account.

The one way to avoid these scams is to make sure the address on your browser matches the web site you think you’re at - look for the first DOT COM followed by the slash. Also, look for the lock!

Tip #3: Only Download From Trustworthy Sources

Whether you click on links in emails or you’re just browsing the web or looking for games, you should take extra care when a web site asks you to download anything. This may lead you to install unwanted apps called viruses, or to add 3rd party browser extensions that snoop on your browsing habits.

If you accidentally download something like this from the Internet, don’t install it. Instead, only download software from verified, trustworthy sources.

Tip #4: Install Security Updates


Sometimes your computer can get attacked even if you don’t do anything, because of vulnerabilities in the system you’re using.

Whether it’s Windows or Mac, Android or iPhone, or really whatever it is, ALL computer systems are prone to vulnerabilities. These openings allow attackers to install unwanted apps or access data in a way you didn’t intend.

Of course, the company who makes your computer or device doesn’t want this to happen, so when a vulnerability is discovered, a patch to fix it is typically released as quickly as possible.

This is where you come in. You need to install these security updates quickly, ideally on the same day as they’re available. If you don’t, you’re very likely exposing your personal information even if you’re safely using the web. Sometimes just leaving your computer turned on and connected to the Internet exposes it to dangers. Every computer that’s connected to the internet is always being attacked by hackers who test to see if the computer is prone to any known vulnerabilities. The only way to be safe is to always have the latest security updates.

Tip #5: Do NOT Email Private Data

Even if there’s a lock on your browser, not all the information you send and receive is private.

Whenever you send email on the internet, unless you’re sending it to somebody on the same email domain as you, your email is out in the open, available for anybody in the world to access. In fact, almost ALL the emails you send can be seen by third party hackers.

From: To: Secure?
gmail.com gmail.com SECURE
yourcompany.com yourcompany.com SECURE
gmail.com anotherdomain.com OPEN TO ALL EYES


Unlike web-browsing, email is sent behind the scenes using a protocol called SMTP which is out in the open and has absolutely no security or privacy protection.

This is a huge problem, and it won’t change until EVERY email provider and every company sending and receiving email all come together to agree to use a new secure protocol.

Until that happens, we only have one safe choice: don’t send sensitive information, like your social security number, password, bank account number, or credit card number via email.

Your email IS being watched by somebody, and you can bet that a hacker will get your information if they want to. (The same is probably true for texting, depending on your phone provider.)

Tip #6: Use Strong Passwords

Nothing you do online is safe unless you use strong passwords that actually protect your information.

Most people use the same password everywhere, and their password is easy to guess. You’d be amazed how many people use the password “ABC123” or “12345”. Using a password like this is basically like asking to be hacked.

You may be advised to include special characters like exclamation marks or hyphens in passwords to make them stronger. This is helpful, but it’s not enough.

Passwords like "Rover2015" and "R0v3r2015" are actually the same strength. This is because their length is the same.

For real protection it’s much more valuable to use LONGER passwords. Each additional character increases the amount of time for a hacker with a supercomputer to guess your password. A 16-character alphabetic password is much stronger than an 8-character password with special characters.

Of course, even with a long password, you can always add in special characters to make it harder to guess.

Tip #7: Use Multiple Passwords

In addition to creating strong passwords, you unfortunately must use a different password for each web site you use. If a hacker does get access to one of your passwords, you don’t want them to get into ALL your accounts.

A few years back, hackers got access to EVERY password at a popular social networking site and they published all these logins online for anybody to see. If your login was published, anybody in the world can now access your account on any website where you use that same password.

What’s worse, in the Spring of 2014, a vulnerability was discovered that let hackers tap into all secure communication with most websites. This disastrous event was referred to as “Heartbleed”. Because of Heartbleed, if you logged into almost any Web site before May 2014, hackers could steal your password even if you saw a lock in your browser. If they could steal it, that means somebody definitely has stolen it. Hackers don’t do this by hand; they write a computer program that steals everybody’s passwords. This means you really should change every password you’ve used back in 2014, especially on important web sites.

If it seems like a huge burden to remember all your new, longer passwords, that’s because it is. But there are tools you can add to your browser that can make this easier. Whether you use a browser add-on or not, it’s absolutely critical to use longer passwords, and a different password on any web site.

Tip #8: Enable Two-Factor Authentication

This next one makes a big difference! Enable two-factor authentication wherever possible, especially for your most sensitive data -- like email, social media, or cloud storage accounts.

Two-factor authentication adds extra security to your password, so even if somebody knows your password, they need something else to log in as you. Usually this is a security code that’s sent to your phone, which means to login somebody needs your password AND your phone. Most email or social networking sites offer this security feature. When they do, you should use it.

Tip #9: Do NOT Plug In Devices/Accessories From Strangers

One last piece of advice: don’t plug in a device or accessory from a stranger. If somebody gives you a memory card for your computer or even a USB power cable for your phone, it could infect your device with a virus the moment you plug it in. The person giving it to you may not even know that their plug is infected.

Of course, sometimes you don’t have a choice, and most of the time it’s probably not a big deal. But you should be aware that anytime you plug something into your computer or device, you take a small risk.

Conclusion

This stuff may seem scary, but it’s critically important. The Internet really isn’t safe enough to use if you don’t take these precautions. So if this was overwhelming, read it again and share it with the people you care about.

Ten or twenty years from now, all the systems on the Web will come up with new protocols. All emails will be encrypted and you’ll be able to send sensitive information all day long without worry. Human-readable passwords will be completely replaced by fingerprint or retina scans or something else that can’t be guessed or hacked. Until then, your information or device is only as secure as you make it. So protect your stuff!