With so much of our lives online these days, it is more important now than ever before to ensure your personal information is protected. Regardless of your computer skills you can (and should) take steps to reduce the chances of becoming a victim. Here’s how to get started!
First, how cyber criminals use your personal information.
Cyber criminals are shifty creatures. They usually aim to collect enough information about you from your online profiles to take your identity. With that, they can then apply for loans, access bank accounts or even claim government benefits in your name! Scary stuff.
If you are targeted, some information they may collect includes your full name (and maiden name), email addresses, DOB, address, mothers maiden name, passwords, pin numbers, TFN. Basically anything that is commonly used to identify you.
Beyond financial crime, these cyber criminals may seek information about your family and children. Online safety for children falls outside the scope of this post – but is something I am passionate about as a Mum and will be covered soon!
So, what you can do to protect yourself online?
Before I dive into these tips, please note that although I have conducted extensive research to compile this list, I am not an expert in cyber security. See the links at the bottom of this page if you’d like to read more from the industry pros. Also, remember this is just a starting point and is by no means exhaustive.
Please consider any additional online services you use that may affect you.
1. Create a secure password VAULT to make your life easier.
If you’re like I was a few months ago (and lets be honest, like most Australians), you’re probably using the same 3-4 passwords across all of your online accounts and you’ve had them for YEARS. It’s a pain remembering different passwords, I get it!
But, just imagine if one of those cyber criminals managed to get hold of even one of your default passwords? Chances are, they’ll have access to enough of your online profiles to steal your identity. Stealing passwords is called a ‘Brute Force’ attack, and is still the most common form of cyber attack.
What about other information, like your bank account details, TFN/ABN information? I know many others (again, myself included up until a few months ago) that stored this sensitive information in a note on their phone, or worse still, kept it written in a physical notebook. What if the house burns down? Or you lose your phone?
To mitigate all of those potential risks and also make your life easier remembering passwords, setup a password vault, like Last Pass.
Personally, it took me a very, very long time to entertain the idea of storing sensitive information on the ever mysterious cloud. But the technology has been developed long enough that it is now arguably more safe than keeping paper records!
- Only remember ONE master password
- ‘Autofill’ your passwords in Chrome – even if you delete your history/clear your cache!
- Store other sensitive information in the form of ‘secure notes’
- Organise your passwords into sections for ease of access.
- Option to share your passwords digitally, so there is no chance of typos or battling with illegible handwriting.
2. Change those damn passwords – and make them all different!
Naturally, the next step is going through your internet accounts and changing all of your passwords, especially those you have had for a long time. Make them complicated and unique, and save them to LastPass as you go!
- Don’t do this using any public/unsecured wifi connection! From your home internet is best, or if you’re away from home use your mobile data instead.
- The best way to secure your information is to limit the number of places where it is stored. So as you’re going through your accounts, consider deleting accounts instead of changing the password wherever you can.
- Read the details of deactivation/deletion for each individual account, because (I know its annoying) every site is different. For example, I discovered that when deactivating Evernote, it did not delete my files from their servers. So I had to go through my account and manually delete all my files, empty the trash and deactivate my account last.
Here are a few places to start;
- Internet banking accounts + other payment gateways like PayPal, Afterpay etc
- Cloud based accounting software – delete inactive team members
- Email accounts & website administration logins
- Government services; Centrelink, MyGov etc
- Online shops – eBay, Amazon, Etsy etc
- Google account (which is your master password for services like Youtube, Gmail, Google Analytics etc)
- Social media websites; Facebook, Twitter, Instagram, SnapChat etc – remove inactive team members from business profiles
- Online forums/membership sites – delete your account if you don’t use them any more!
- Services like Canva, Adobe cloud, Dropbox, Onedrive, Evernote etc.
- Check your email account for subscription messages. Unsubscribe from any that you don’t use.
- Ditto for mobile apps that require you to sign in – especially fitness trackers etc
3. Setup 2-Factor Authentication (2FA) wherever possible.
You know that annoying pop up thing when you go to login to an account and it wants to send you a text code first? That is 2FA. Using 2FA anywhere that you can might add a little inconvenience for you, but it means that online hackers not only need your account password, but they’ll need your mobile phone too. So, while you’re going through your internet accounts and changing your passwords and saving them to LastPass, setup 2FA anywhere it is offered. Some places I know offer 2FA include Google, Facebook, Amazon and some banks.
4. Avoid or use a VPN on public/unsecured WiFi
This one is really only for those who go online from public wifi spots like your cafe or library.
Public WiFi can be found in public places like airports, cafes, libraries, parks, shopping centres, hotels, and restaurants. These places might offer you WiFi – wireless internet access – for free, and often without the need for login credentials. WiFi like this is so common, it’s easy to assume it is secure, but it does carry risks.
Since public WiFi usually requires no authentication, it offers a tempting avenue for would-be hackers to obtain access to unsecured devices using the network. Malicious attacks through the network can result in your data being stolen, whether it’s client documents you’ve been working on, your email login details, or your credit card information.
Avoid public WiFi, use personal mobile data first: Whenever possible, avoid public wifi altogether and use your personal mobile data instead!
Get a VPN: Among other things, connecting to the internet via a VPN is highly recommended on public WiFi. A VPN will encrypt your data, making it extremely challenging to steal. Good VPNs range from $100+ per year.
Turn off automatic connection: This prevents your device from automatically connecting to public wifi when you get in range. Then you can manually connect only when you need to.
Always use HTTPS: On any internet connection (home, your own mobile) but especially public hot spots; use HTTPS websites only, especially for sensitive information. The S in HTTPS:// means the site is encrypted with an SSL certificate. If you look in the address bar of this page, you’ll see a padlock icon. That tells you this website is secure.
A website that does not have the padlock, or says HTTP:// is insecure and sensitive information should not be shared.
5. Protect your computer from viruses and malware – install good antivirus/internet protection.
I exclusively use Apple hardware and have done for a very long time. So I’m sorry I can’t recommend any antivirus for you if you’re a Windows user – all I can say, is Windows is far more vulnerable to malware than Apple OS, so it is vital you ensure you have a good (and up to date) antivirus program.
For my fellow mac users; you may be tempted to skip this step. While yes, its true Mac’s are harder to attack; it does still happen. Which is especially true if you frequent unsavoury/insecure websites (see point #4 above!). I am currently experimenting with BitDefender as both my VPN and antivirus protection, however I have not been using it long enough to give a full review.
Mac users – setup FireVault! This encrypts your machine, just another security precaution.
6. Maintain your devices!!!
Lastly, while all of the steps above will go a (very) long way to tightening up your personal security online; the biggest vulnerability you have, is not maintaining your devices. Good digital housekeeping will ensure your devices last longer, prevent issues with running out of storage and protect from malware/hackers.
A good policy to keep your devices happy is a monthly update and backup routine. I do this on the first day of every month (with bank reconciliations and other admin!) All up this whole list takes me less than an hour, but ensures that my computer is squeaky clean and performing at its best.
- Check for and install any waiting updates on your operating system… don’t ignore them! These updates often involve patches to improve security.
- Ditto for all of your programs. Check for any updates you can install, and delete any programs you do not use often (remember you can always reinstall later if you need it).
- Go through your files, and delete any duplicates, or files that you don’t need. Permanently erase the contents of your recycling bin.
- Check the junk/spam folder on your email accounts – permanently delete them. If you have a lot of unread emails on your machine, remove yourself from lists you don’t want, and delete them all!
- Run a complete system scan with your antivirus program
- Restart your machine if you don’t regularly do so
- Backup your computer to a hard drive or iCloud. I use Time Machine on mac to store a complete backup of everything on an external hard drive.
- Repeat for all your devices. For me, I do my MacBook pro first, then while waiting for updates/backups to happen I will go through my iPhone and do the same there (and back up the phone to my mac).
If you don’t have time to work through these things now, SAVE this post and come back to it later. Just make sure you block out some time in your calendar to actually make it happen.
Do you have any other steps you take to protect your own personal information online? I’d love to hear them!