Safe Digital Life: It’s time to refresh my recommendations on how to keep yourself safe when using consumer technology. Specifically, computers (Mac and PC), smartphones and tablets, online services, websites and apps. It doesn’t matter which type of computer, tablet or smartphone you use, you need to take steps to make sure you and your personal information are kept safe from prying eyes and hackers hands. I encourage you to take a look at my more detailed Safe Computing Practices article if you want more specifics on each of your computers/devices. This article isn’t a direct replacement for my previous writings on this subject, but intended as a broader overview of what you should do to keep your digital life safe and secure.
You take steps to keep your physical life safe, and keeping your digital life safe is just as important. The first thing you need to understand is that this is one a one-and-done procedure, but an ongoing process that continues to improve as the threats continue to morph and improve. The fact is that most people don’t really take any serious steps to keep their digital life safe, so that in and of itself, can make you safer. Hackers tend to go for the low-hanging fruit, and there’s plenty of it. So if you take a few steps to educate yourself about your own security, and continue to tweak your practices and habits as time goes on, you’ll be reasonably safe.
The first thing you need to make sure of is that your identity credentials are safe. That’s the entire set of usernames and passwords and other authentication methods where you prove that you are you. To your computer when you log into your user account, to your email service when you connect to send and receive email, and to apps and websites when you want to use their services. At this point in time, using the same password in multiple locations (even with slight variations) is as unsafe as using a password that is 8 characters or less. Both these are nearly as bad as not using a password at all. Hackers have these massive, automated data mining operations working 24/7 to glean little bits of information about all of us, and they use powerful AI and tools to match up the related bits and pieces. It’s hacking on an industrial scale akin to strip-mining.
So first and foremost, use a strong method to secure those identity credentials. Like a password manager – a combination software and online service that records all those credentials, places them in a secure location (vault), and provides them to you when you need them. I’ve tried and tested a number of password methodologies from using a password-protected document/spreadsheet, to using various online services. The best one out there in my opinion is LastPass (and I get no kickback or anything else for this recommendation). Get the free version if you only use one computer/device, get the Premium version if you use multiple devices (or device types, like smartphone, tablet and computer).
Of course, that also means that you need to use unique, strong and long passwords on everything. I generally use 15-35 character passwords these days (since I don’t have to type them in anymore), which makes them essentially unguessable. You should also use 2-factor authentication on any online account that offers it – everybody’s jumping on that bandwagon. 2-factor authentication means you get a text everytime anyone (even you) log into that website, app or service with a unique code (or you can use a tool like the Google Authenticator) needed to gain access.
Second, is you need to keep tabs on your personal and financial information. I suggest you get a credit monitoring service from Equifax, Experian or TransUnion, and be sure to turn on both fraud monitoring and credit lock services. Furthermore, you should monitor every financial transaction in or out of your bank and credit accounts. Smartphone users can use their bank’s and/or credit card’s apps – they often can be set up to notify you of every transaction. It can seem annoying to get a text message every time your credit card is used, but it’s going to keep you much safer since you’ll know anytime something shady happens.
Third, you need to take steps to secure your personal information on your computer and/or devices. That starts with keeping their software and operating systems up-to-date. For most consumers, turning on automatic updates makes this a lot easier to do with less work on your part.
For Windows 10 computers, the built-in firewall and antivirus are adequate, but I think it’s well worthwhile to beef up your protection. I like Malwarebytes 3.0 (and recommend the premium, subscription-based version which is $40/year for one PC). At this time, I don’t think the rare threats to Mac computers are enough to warrant an additional security program, but if you wish, you can certainly add Malwarebytes for Mac (free). There are plenty of other security products out there, and each one of them says they’re the best. But we need to become less reliant on these automated programs to protect us – see below for my practices and habits list.
For your Android-powered smartphones/tablets, Malwarebytes has a program for you here, and there are plenty of other options in the Google Play Store. iOS users really don’t need to worry about adding a protection program at this point. Please note my advice here points out that Apple computing products are very secure, Windows & Android-based computing products much less so. Unless you’re using Apple computing products you need to add 3rd party security services to achieve what I call a ‘minimum safety level’.
I’d be remiss in talking about securing your personal information without talking about backup. But the truth is that 98% of consumers don’t bother with backup. Interestingly, 100% of consumers who’ve suffered data loss, ransomware or hacking regret not backing up their systems. With modern operating systems, backing up your computer and personal files can be very easy and fully automated. So just do it: Mac users can use Time Machine, and Windows 10 users can turn on File History – both using an external backup source (Apple Time Capsule, external hard drive or even a thumbdrive).
For smartphones and tablets, use the backup features they come with. for iOS, use iCloud, and/or connect your iPhone/iPad to your computer and backup to the computer. For Android powered smartphones and tablets, use Android Backup Service.
There are plenty of online backup service providers and software as well, but at this point I find the built-in capabilities to be sufficient for most consumers. Feel free to use any you like, such as Carbonite, CrashPlan or BackBlaze, the backup programs included with many external hard drives, or full-fledged backup programs like Acronis True Image.
Practices and Habits: The above three categories are overall things you set in place to protect your digital life but they aren’t enough. You need to learn about, cultivate and practice how to use your consumer technology safely – develop good habits. Here is a short list of important practices (in no particular order):
- Never respond to unsolicited email – spam or junk mail.
- Don’t click on links or open file attachments in emails, even if they appear to be legitimate. You can always open your web browser and type in the URL of a website you want to visit. It’s absurdly easy to send fake emails, even appearing from people you know.
- Be very wary of inserting thumbdrives or non-commercial CDs or DVDs in your computer. Hackers just love to distribute malware that way.
- Avoid sharing too much information on social media, especially travel plans or personal information that could be used for identity theft.
- Never install any program that claims to optimize, speed up or clean up your computer. There are too many fakes out there, and any legitimate tools are only safe when used by computer professionals.
- Never install any software that comes from dubious sources, including pirated or ‘cracked’ software. Free or for-fee, they almost always include malware, spyware or adware.
- Avoid public Wi-fi – get your own hotspot if you can. If you must use public Wi-fi, only visit secured websites (https:// not http://), and make sure your email program is using SSL before you use it on a public Wi-fi.
- Never install any toolbars or browser extensions unless you’ve fully researched their purpose and effects. If any appear that you didn’t purposely install, uninstall them immediately.
- Don’t click on ads in websites or click on popups on most or all websites. There’s a control in your web browser to do this. Ads are almost never controlled by the owner of the website you’re visiting, so they can’t make sure the ads aren’t malicious. Popups are almost never for anything truly useful and often a means of delivering targeted advertising. Disclaimer: we sometimes use a popup for a signup form to our free email newsletter on this site, but that same form is also displayed on our sidebar, so you won’t miss the popup.
- Be on the lookout for phishing attacks on your digital life. Phishing is the imitation of a legitimate entity (like fake emails or websites) whose purpose is to get personal information from you, such as your login information. Make it a practice to open your web browser and go to a website by typing in the URL instead of clicking a link to get there as hyperlinks can be so easily faked.
- Never give out your login information for any online destination to anyone else. Each person should have their own login information. And make darn sure the URL in a website points to the real login screen before you start typing in your login credentials.
- Be very wary of any kind of desktop popup. While your operating system and installed programs will use such to prompt you for updates, etc., these are often fake or misleading popups from malware, spyware or viruses. Hackers are getting very good at trying to fool you with web pages that look like popup or full-screen warnings, audio files that play automatically with warnings, and browser windows that lack a working button to close them. For web browser windows, you can always right-click the browser icon on your taskbar to close windows – use that.
- When in doubt, check it out before you take action. If you’re not 100% sure something is safe, don’t do it. Even 90% sure isn’t good enough anymore. Take the time to research and validate, or ask someone for help. An easy way to ‘check it out’ is to take a picture of the screen or window and submit it here – we will research it and let you know if it is safe or not. If you have a suspect email, you can forward it to Support@PosiTek.net along with your concerns and we will help you determine whether it’s safe or not. Simply put, be less-trusting online – treat everything with a heaping helping of suspicion.
Remember that your best protection is a strategy, not just a software program or set of one-time actions. Following the above practices will keep your digital life much safer than any automated solution can by itself. That’s not to say you should not use an automated solution, as I’ve noted several above I think you should use. Inherent in your strategy should be to read the news and find out about new threats to your digital life, and then tweak your practices and habits to keep yourself safe.
Please feel free to add your voice in the comments below if you know of something I’ve missed.