The wonders of the Internet provide a myriad of opportunities, but also threats. Today is Safer Internet Day. But unlike other holidays, you don’t celebrate this one by taking a day off. A safer Internet means staying vigilant.
Today you are sure to see plenty of messages on social media about how we (meaning the world) can work together to build a safer Internet for everyone. It sounds like a nice idea, but there’s a flaw. Collectively, the Internet can only be made safe up to a certain point–and a lot of good work has been done already. But there’s no way to stop scammers from scamming or thieves from stealing, nor is there an enforcement tactic strong enough to make sure consumers practice safe habits.
So what can be done?
The only person who can make the Internet safer for you is you. No need to let the dangers of the web inhibit you. With a few best practices you can engage on the web with confidence. Even if you’re already an expert, it’s always good to refresh because it’s easy to get lax.
A safer Internet today means you must refuse to be a victim.
Take Stock of Your Personal Data
What is personal data? For simplicity, we can take the Wikipedia definition:
Personal data, also known as personal information or personally identifiable information is any information relating to an identifiable person.
From Wikipedia
Your personal data leaves breadcrumbs behind you. Everywhere you go on the web, data is being collected about you and your browsing habits. No need to be scared. Personal data is more protected now than ever. In order to avoid aggressive litigation, data collection agents are scrubbing your personally identifiable data from the majority of their various analytics. But, this doesn’t mean you should be unaware of your personal data or how it’s being used.
Protecting Your Phone Number
Your phone number is a direct line to you wherever you go (if you happen to use a smartphone). Like most people, you are probably inundated with telemarketers via phone or text all day long.
This is why the Do Not Call registry was invented. The national registry gives you a place to submit bogus numbers with a view to getting those telemarketers investigated by the FTC. But, do you want to spend all your time collecting and submitting bogus numbers? Is it even worth it?
This is where it would be helpful to have a whitelist for your phone, which you could use to limit incoming calls based on a list of acceptable numbers. However, a whitelist for all incoming calls would not allow unlisted callers (even if legitimate) to get through to you. This would effectively break your phone.
What you can do instead is protect your phone number—to whatever extent you can. Don’t provide your number to any insecure websites (or, websites without a padlock next to the URL). Also, see if your phone has a “do not disturb” feature. Most phones let you whitelist numbers that are permitted to reach during DND times, so you won’t miss important calls but will manage to silence those annoying telemarketers.
Your Email, Your Life
It’s impossible to do basic commerce and information exchange on the web these days without an email address. It makes much of your life easier to have a convenient address for various purposes. However, your email is a doorway into your life, so you need to protect it.
As mentioned above, never provide your email address to an insecure site. Likewise, be careful when you’re signing up for new products and services. If you’re unsure about whether or not you can trust a certain provider, use a custom email created for just this purpose. InMotion Hosting provides unlimited email account creation on your own custom domain to achieve this purpose. There are many different needs for email, so you should consider creating separate email accounts for this purpose.
But bear in mind, if you create a new email account then you need to set up reminders to go back and update the passwords frequently to make sure they don’t get hacked.
Lock Your Social Media Accounts
Like your phone number and email, it’s important to remember your social media accounts and keep them secure. If someone managed to hack your social media account, they might be able to lock you out and wreak all kinds of havoc. You can file a claim with the host site to reclaim your ownership, but this is a difficult process you’ll want to avoid if you can.
If your social account provides 2-factor authentication, go ahead and enable it. This adds an extra layer of protection that most hackers won’t bother trying to get through. Most 2-factor systems will use your email or phone number to send you a passcode.
Likewise, if anything changes on your account you can opt to receive alerts. For example, if your password changes you will be notified, and you can alert the social media company that you may have been hacked.
This proactive approach may seem like more work, but it can save you weeks of aggravation.
Don’t Forget About Your Computer Itself
Your computer also has a whole slew of security parameters that you should keep up to date. Like your online accounts, your computer has a username/password you should update from time to time. The user password on your computer could be used by a hacker to gain “superuser” privileges to allow installation of hazardous software, access to private files, or much worse.
Your online security begins offline. Run software updates on your computer regularly and rotate passwords at regular intervals. Also, check to see if your operating system has a backup application that allows you to regularly archive your data. If your computer crashes for any reason you’ll want to have an external backup available to restore your files.
Become a Password Generation Expert
Gone are the days when creating a text-based password was as simple as calling to mind your state of birth, your dog’s name, or your favorite movie. Now, password complexity has reached a new high.
Passwords can no longer be generated creatively by humans and be secure enough to derail hackers. In order to have a secure password, you must generate it mechanically. Only computers can achieve the level of entropy demanded by today’s security standard.
A computer can slam together words in a sequence so random that no computer could guess the pattern. The software that accomplishes this feat is known as diceware.
Here’s an example of a password generated by diceware:
lip backside mongrel lugged waltz puzzling chute
This password is secure enough to be used as a “passphrase” for locking up all of your other passwords yet it’s simple enough to copied down and memorized. After typing this password several times, you’ll be amazed at how the images conjured by the words aid in memorization. Use the password enough times and you will never forget it.
To generate your own diceware password, just search for an online diceware generator and give it a go.
The computing power necessary to guess a diceware password by trying various word combinations is far beyond the reach of the average hacker. But computers get faster every year. So, every year, just add a new word to the tail end of your current diceware passphrase and you will stay safe. Simply adding one word at the end of your current password increases its security more than tenfold.
Because diceware passwords are very long (five or more words) it’s not necessary to use them for every account you have, and some online accounts require you to use numbers and special characters. It’s best to use a password manager, like LastPass or KeePass, and use a diceware password as a “passphrase” to lock the password manager.
Also, take a moment to think about the term “generation.” This cue should remind you that passwords age. If you have older passwords lying around, you need to update them. You should aim to reset your basic passwords (the ones you use for email and online accounts) every 4-5 months.
Run Through The “Trigger” List
It may seem archaic, but you should get out a piece of paper right now and start writing down all of your personal accounts and significant data you want to keep track of.
Some of this data may slip your mind, so it can be helpful to run through this “trigger” list:
- Phone numbers
- Email accounts
- Phone apps
- Social media
- Banking and financial services
- Online software and services
- Backups
- Paper files
- Shared logins
- Computer passwords
- Password managers
Not all of these will apply to your situation, but some of them will jog your memory and remind you to take stock. Once you’ve notated all of your accounts and data you should set reminders to go through them at regular intervals to keep your security game on point.