Cyber security tips: Protect your privacy online

 

 

Data management is at the heart of privacy

 

Data is a vague concept and can encompass such a wide range of information that it is worth briefly breaking down different collections before examining how each area is relevant to your privacy and security.

 

BROWSING HABITS AND WEBSITE VISITS

 

Internet activity is monitored by an Internet Service Provider (ISP) and can be hijacked. While there is little consumers can do about attacks at this level, the web pages you visit can also be tracked by cookies, which are small bits of text that are downloaded and stored by your browser. Browser plugins may also track your activity across multiple websites.

 

Why does it matter? Cookies are used to personalize internet experiences and this can include tailored advertising. However, such tracking can go too far, as shown when the unique identifiers added to a cookie are then used across different services and on various marketing platforms. 

 

 

MESSAGE AND EMAIL CONTENt

 

Our email accounts are often the pathway that can provide a link to all our other valuable accounts, as well as a record of our communication with friends, families, and colleagues.

 

Why does it matter? If an email account acts as a singular hub for other services, a single compromise can snowball into the hijack of many accounts and services.

 

ONLINE PURCHASES, FINANCIAL INFORMATION

 

When you conduct a transaction online, this information may include credentials for financial services such as PayPal, or credit card information including card numbers, expiry dates, and security codes.

 

Why does it matter? Cybercriminals who steal financial services credentials through phishing and fraudulent websites, who eavesdrop on your transactions through Man-in-The-Middle (MiTM) attacks or who utilize card-skimming malware can steal these details when they are not secured.

 

Once this information has been obtained, unauthorized transactions can be made, or this data may also be sold on to others in the Dark Web.

 

MEDICAL RECORDS AND DNA PROFILES

 

A relatively new entrant to the mix, hospitals now often make use of electronic records, and home DNA services store genetic information belonging to their users.

 

Why does it matter? The loss of medical information, which is deeply personal, can be upsetting and result in disastrous consequences for everyone involved. When it comes to DNA, however, the choice is ours whether to release this information -- outside of law enforcement demands -- and it is often the use of ancestry services that release this data in the first place.

 

What is being done to protect this information?

 

Businesses that handle data belonging to their customers are being scrutinized more and more with the arrival of regulatory changes such as the EU's General Data Protection Regulation, designed to create a level playing field and stipulate adequate security measures to protect consumer privacy and data.

 

Companies will often encrypt your information as part of the process, which is a way to encode information to make it unreadable by unauthorized parties.

 

One way this is achieved is by using SSL and TLS certificates that support encryption on website domains. While usually a paid service, Let's Encrypt also offers free SSL/TLS certificates to webmasters who wish to improve their websites' security. 

 

End-to-end encryption is also becoming more popular. This form of encryption prevents anyone except those communicating from accessing or reading the content of messages, including vendors themselves.

 

Below are some guides with simple steps to get you started with securing your privacy.

 

Browser basics and Tor

 

Searching the web is a daily activity for many of us, and as such, it is also a hotbed for tracking and potential cyberattacks.

 

The most commonly-used browsers are Google Chrome, Apple Safari, Microsoft Edge, Opera, and Mozilla Firefox. However, you should consider using Tor if you want to truly keep your browsing private.

 

The Tor Project is an open-source browser that is privacy-focused. The software creates tunnels rather than establishing direct connections to websites, which prevents users from being tracked through traffic analysis or IP addresses.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Tor is often used by the privacy-conscious, including journalists, activists, and NGOs.

 

The Tor browser can be slightly slower than traditional browsers, but it is still the best choice for secure browsing.

Desktop and mobile versions of the Tor browser are also available: desktop, the iOS Onion Browser, and Orbot: Tor for Android.

 

Secure other browsers

 

If you are more comfortable using Chrome, Safari, Firefox, Microsoft Edge, or another browser, there are still ways to improve your security without implementing major changes to your surfing habits.

 

Cookies: Clearing out your cookie caches and browser histories can prevent ad networks from collecting too much information about you. The easiest way to do so is to clear the cache (FirefoxChromeOperaSafariEdge).

 

HTTP v. HTTPS: When you visit a website address, you will be met with either Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure (HTTPS). The latter option uses a layer of encryption to enable secure communication between a browser and a server.

 

The most important thing to remember is while HTTPS is best used by default in general browsing, when it comes to online purchases it is crucial to protecting your payment details from eavesdropping and theft.

 

It is still possible for payment details to be stolen on the vendor's side, but to reduce the risk of theft as much as possible you should not hand over any important information to websites without HTTPS enabled. (It is estimated that shopping cart conversion rates increase by 13 percent with HTTPS enabled, which should encourage webmasters to use the protocol, too.)

 

To find out whether HTTPS is enabled, look in the address bar for "https://." Many browsers also show a closed padlock.

 

SEARCH ENGINES

 

Google's search engine, alongside other major options such as Yahoo! and Bing, make use of algorithms based on your data to provide "personalized" experiences. However, browsing histories and search queries can be used to create user profiles detailing our histories, clicks, interests, and more, and may become invasive over time.

 

To prevent such data being logged, consider using an alternative that does not record your search history and blocks advertising trackers. These options include DuckDuckGo, Qwant, and Startpage.

 

If you wish to stay with your current browser you can use software that bolts-on to your browser to enhance the privacy and security of your surfing activities.

 

BROWSER PLUGINS

 

HTTPS Everywhere: Available for Firefox, Chrome, and Opera, HTTPS Everywhere is a plugin created by the Tor Project and Electronic Frontier Foundation to expand HTTPS encryption to many websites, improving the security of your communication with them.

 

Facebook Container: In a time where Facebook has come under fire for its data collection and sharing practices numerous times, Mozilla's Facebook Container application is a worthwhile plugin to download if you are worried about the social media network tracking your visits to other websites. The plugin isolates your Facebook profile and creates a form of browser-based container to prevent third-party advertiser and Facebook tracking outside of the network.

 

Blur: , available for Firefox and Chrome, is an all-around valuable plugin to protect your privacy and security. While the add-on can be used as a password manager and generator, ad blocking, and encryption, the true value is the use of "masked cards" in the premium version of the software. When data breaches occur, financial information is often the target. With this plugin, however, throwaway virtual cards are used with online vendors in replacement for the direct use of your credit card data, keeping it safe should a cyberattack occur.

 

Privacy Badger: Last but certainly not least, the Electronic Frontier Foundation (EFF)'s Opera, Firefox, and Chrome-supporting plugin Privacy Badger is focused on preventing ad networks from tracking you. The software monitors third parties that attempt to track users through cookies and digital fingerprinting and will automatically block those which use multiple tracking techniques. The plugin also includes color-coded indicators of domain tracking scripts.

 

 

PUBLIC WI-FI: A SECURITY RISK?

 

There is no denying that public Wi-Fi hotspots are convenient. However, you may be placing your privacy and security at risk if you choose to use one while on the move.

 

The problem with them is simple: As you do not need authentication to access them, neither do cyberattackers -- and this gives them the opportunity to perform what is known as Man-in-The-Middle (MiTM) attacks in order to eavesdrop on your activities and potentially steal your information, as well as manipulate traffic in a way to send you to malicious websites.

 

Hackers may be able to access the information you are sending through the Wi-Fi hotspot, including but not limited to emails, financial information, and account credentials. Hackers may also set up their own rogue honeypot Wi-Fi points that appear legitimate whilst only being interested in stealing the data of those who connect to it.

 

It is best not to use a public, unsecured Wi-Fi connection at all if possible. An alternative and far more secure method is to use a mobile 4G/LTE connection through your own mobile device.

 

If you need an internet connection for a device other than your smartphone, an easy way to accomplish this is to set up your mobile device as a mobile Wi-Fi hotspot itself. You can usually find this option in your main scroller menu, or under Wi-Fi settings.

 

There are other precautions you can take to make a public Wi-Fi hotspot safer -- but it's never devoid of risk.

When you connect to a new Wi-Fi hotspot on Microsoft Windows machines, make sure that you select "Public" when the option appears, as this will enable the operating system to turn off sharing; turn off the Wi-Fi connection when you do not need it, enable firewalls, and try to only visit websites with HTTPS enabled.

 

In addition, do not use the Wi-Fi hotspot to access anything valuable, such as an online banking service. 

 

One of the most important layers of security to implement is the use of a virtual private network (VPN) if accessing a public Wi-Fi hotspot -- and the use of a trustworthy VPN should be implemented across all your devices, no matter your connection type.

 

VPNs: Why, when, and where?

 

A virtual private network is a way to create a secure tunnel through the inherently insecure internet. Data packets are encrypted before they are sent to a destination server, which also results in IP addresses and your location becoming hidden. Many VPNs will also include a 'kill switch' that cuts off your internet access temporarily if connections drop in order to keep your online activity secure.

 

VPNs have now entered the mainstream. Many users will only adopt these services to access geolocation-blocked content -- such as websites and apps banned in select countries -- for example, a user in the United States could make themselves appear to be located in the United Kingdom, and vice versa.

 

However, VPNs have also surged in popularity in response to increased surveillance, making their use a popular option for activists or those in countries ruled by censorship.

 

VPNs are not a silver bullet for security; far from it, but they can help mask your online presence. It is worth noting, however, that VPN usage is banned in some countries.

 

FREE VS. PREMIUM VPNS

 

Premium, paid services are often more trustworthy. Free options are often slower and will offer limited bandwidth capacity. VPNs cost money to run and so providers will also require users of free services to agree to alternative means for them to turn a profit -- and this may include tracking and selling your data.

 

Remember, when you are using a free service, whether it's a VPN or Facebook, you are the product and not the customer.

(If you're technically able, you could also set up your own private VPN. A handy set of instructions can be found here.)

 

WHICH VPN SHOULD I USE?

 

The most important element to consider when deciding on a VPN is trust. Using a VPN requires all your traffic to go through a third-party. If this third-party VPN is unsecured or uses this information for nefarious reasons, then the whole point of using a VPN for additional privacy is negated.

 

Conflicts of interest, VPN providers being hosted in countries of which governments can demand their data, and sometimes less-than-transparent business practices can all make finding a trustworthy option a complex and convoluted journey.

 

However, to make this trip easier, our favorites include NordVPNPrivate Internet AccessExpressVPN, and TorGuard

 

Passwords and vaults

 

This kind of advice is repeated ad nauseam but it is worth saying again: using complex passwords is the first line of defense you have to secure your online accounts.

 

Thankfully, many vendors now actively prevent you from using simple combinations that are easy to break, such as QWERTY12345 or PASSWORD123, with dictionary-based and brute-force attacks.

 

However, it is difficult to remember complicated password credentials when you are using multiple online services, and this is where password vaults come in.

 

Password managers are specialized pieces of software used to securely record the credentials required to access your online services. Rather than needing to remember each set of credentials, these systems keep everything in one place, accessed through one master password, and they will use security measures such as AES-256 encryption to prevent exposure.

 

Vaults may also generate strong and complex passwords on your behalf, as well as proactively change old and weak ones.

It is true that many popular password managers and vaults do have vulnerable design elements that can be exploited on already-compromised machines, but when you balance risk, it is still recommended to use such software. Vendors with the best ratings include LastPass, Keeper, and Blur 

 

ENABLE TWO-FACTOR AUTHENTICATION (2FA)

 

Two-factor authentication (2FA) is a widely-implemented method of adding an extra layer of security to your accounts and services after you have submitted a password.

 

The most common methods are via an SMS message, a biometric marker such as a fingerprint or iris scan, a PIN number, pattern, or physical fob. Using 2FA does create an additional step to access your accounts and data.

 

How to enable 2FAFacebook | Twitter Instagram | Snapchat | Apple iOS | Google | Microsoft | Amazon

 

Tutorials for other major services can be found at Turn it On.

 

You can also use standalone mobile apps to add 2FA to websites. Google Authenticator, available for Android and iOS, is a popular option, as well as Authy.

The Tor Browser