5 Online Safety Tips Everyone Can Use
There are lots of great tools out there to help you stay safer online. But online safety requires more than just downloading a piece of software. To really stay safe, you have to be an active participant in your own protection. But you don’t have to be a tech genius to do it. These tips will help.
See 5 Ways to Stay Safe Online with Patrick McNamera for a complete transcript of the Easy Prey podcast episode.
Patrick McNamera originally wanted to be a law enforcement officer, but he started a degree program in cybersecurity as a fallback career. As he was going through the degree, he took a course on ethical hacking. It was so interesting that he decided to make cybersecurity his primary career. After getting his bachelor’s degree in cybersecurity, his first IT job was at a naval base. He wasn’t qualified for it, but he knew someone. It got him plenty of hardware, software, and network troubleshooting experience. Along the way, he studied for additional cybersecurity certifications through SANS.
Now Patrick is a senior cybersecurity engineer for a global software company and operates cyber awareness site diysecuritytips.com in his spare time. Through that site, he aims to help both aspiring cybersecurity professionals and the average home user learn more about online security and how to stay safe.
Advice for Aspiring Cybersecurity Professionals
When Patrick was going through his degree in 2016, only a handful of schools were offering cybersecurity degrees. Now, even looking at the same degree he got, it’s very different. Some courses are the same, but some are new, and all of them are behind in terms of what Patrick is seeing in the cyber landscape. He finished his second course towards a master’s degree just a few months ago, and some of the information is outdated already.
That’s one thing that Patrick appreciates about the certifications from SANS: They are updated often. The instructors have their own security businesses or are otherwise working in the industry while teaching, so they’re teaching more current information. Patrick has learned things from SANS that he didn’t learn from other labs or resources. Even though their certifications can be expensive, they’re worth it.
If you want to become a cybersecurity professional, it’s important to know exactly what kind of job you want. A lot of people waste tie in their education. If you spend a year learning digital forensics but your future job is penetration testing, it may be interesting but it won’t be very useful. You need to define your goals so you don’t waste your time.
If you’re getting into this field, you need to have a defined goal [for] what position you want … because your education, your training, and your labs are going to be different for each job.Patrick McNamera
Getting Hired as a Cybersecurity Professional
There are a lot of places with unrealistic hiring expectations. Yes, there is a severe shortage of qualified cybersecurity professionals. But who is determining who’s qualified? If you’re hiring for an entry-level position and paying an entry-level salary but you won’t even interview someone who doesn’t have five years of experience, no wonder that position isn’t getting filled. Being too rigid with hiring guidelines can cause a company to overlook a lot of great workers.
When you don’t have much experience or are trying to get into the field, it can be beneficial to take a lower-paying job. In addition to the experience, many jobs offer on-the-job training that can benefit you. Patrick’s first job started at $85,000 per year, which is low for a senior security administrator, but he got a lot of valuable experience.
If your job isn’t paying you great but you’re getting good experience, volunteer for as much as you can. If there’s no documentation for troubleshooting, create it. Ask your boss if you can create a response team. There’s a lot you can do to put in a little extra work to get experience. That experience can then help you move to different positions and companies.
Success is not going to come to you. You need to go the extra mile and put in the extra work, especially during your first job.Patrick McNamera
Online Safety Tip #1: Protect Your Passwords
Everyone has passwords for accounts. Depending on what industry you work in and how much you’re online, you may have hundreds of accounts. There’s no way you’re memorizing all those passwords – unless you’re using the same one every time, which you definitely shouldn’t do. If you’re not using the same or similar password everywhere, you probably have them written in a notebook or an unencrypted text document. Neither of those are great for your online safety.
But there’s a safer and easier way: A password manager. Patrick uses 1Password, but there are many other great options, like Dashlane and NordPass. Password managers work by storing all your usernames and passwords and then filling them in on websites and apps with just a few clicks or taps. They can also generate long, strong, random passwords. They’re easy to access on your phone or computer. And they’re even easier to use than a text document or a notebook because you don’t have to type anything. Most password managers also have the option to add secure notes, identities, addresses, and other information you want to have but want to keep secure.
Anything can be breached … but you can diminish or mitigate some of the risks of a brute force attack or password guessing attack [with a] password manager.Patrick McNamera
In the end, anything can be breached and your online safety will never be perfect. But a strong, random password will reduce the risk of brute force attacks or password guessing on your accounts. And password managers are a way to have those strong, random passwords without making it difficult or inconvenient to do it.
Online Safety Tip #2: Take Precautions with Public Wifi
Most of us connect to free public wifi at some point – such as at a hotel, coffee shop, airport, or mall. Generally, you don’t have to log in to connect, just click a disclaimer. It becomes an online safety risk when a criminal decides to create a fake access point. They set up their own attack machine, connect it to the free wifi, make it look like a wifi network, and name it the same thing as the real free wifi.
When you connect to the fake network, you can still access the free wifi, but everything you do is now going through the criminal’s machine first. If you log into anything, send or download any files, or even check your email, the criminal can see all of it. Even HTTPS or encryption won’t be able to keep your web browsing secure. They may even be able to take over your entire device!
If you use public wifi at all, you need a virtual private network, or VPN. A VPN creates a secure encrypted tunnel that your data moves through to reach its destination. With a VPN, even if a bad guy got access to your internet traffic, they wouldn’t be able to see any of it because of the secure VPN tunnel. And VPNs aren’t just useful for public wifi. You can use them at home, or even connect them to your router or firewall to protect every device that uses them.
Invest in a Good VPN
You should never cheap out on your online safety. Invest in a good VPN, not a free one. There are some free VPNs out there that do an okay job. But how important is your bank password, or your identity, or your privacy? Consider if your online safety is worth paying a bit of money.
Free VPNs are free – they might advertise encrypted connections, but you have to check various disclaimers to use the service. And it can be difficult to know what’s going on in the background. They might be sending your logs or internet traffic to a nation-state for malicious purposes, or they might be selling it to the very people you’re trying to protect it from. There are also lesser-known free VPNs on bootleg app stores that are full of malware.
Before you choose a VPN, do your research. Does this company get audited, and do they have seurity audits on the VPN service itself? NordVPN, ExpressVPN, Freedome, and Mullvad all have audits where attackers and specialists try to get at their traffic.
Do your research. This isn’t something I would go cheap on.Patrick McNamera
VPNs aren’t necessarily expensive. Patrick pays about $2.50 per month for multiple devices. But if it’s completely free, be suspicious. It costs money to operate a VPN service and the company has to make money somewhere. Are they including malware in their software? Do they sell your data? If it’s free, there’s something there you’re not aware of.
Online Safety Tip #3: Watch Out for Suspicious Apps
Not everybody has a computer, but at this point, almost everyone has a smartphone. And most of us don’t think too hard about the apps we download. If we need an app, chances are we search for what we need and tap “Install” on the first result (or the first result that has more than four stars). But we should all pay more attention if we care about our online safety. Installing apps without doing your research puts you at risk of malware, data theft, device takeover, and more.
To determine if an app is trustworthy, start by looking at the developer. In the Apple App Store and the Google Play store, there’s a section that says “Developer Contact” or “Developer Information.” If you tap that, you’ll get information about the developer. Sometimes it’s just an email, and sometimes it includes an address and other information. Take the company name you get from there and do some research. Where are they headquartered? Look at their website and their reviews to see if they’re a legitimate company.
The other thing to look at with apps is permissions. Most people miss this. Permissions are what the app requires from the device to function or give the best user experience. Sometimes permissions are essential – a photo editing app that can’t access your photos would be useless. But if a calculator app is asking for access to your contacts, messages, photos, and location, that’s suspicious. Most app stores will tell you what permission the app asks for. If it’s a really long list, avoid downloading that app.
Online Safety Tip #4: Back Up Your Data
Imagine the worst happens. Your computer gets a terrible malware infection. A hacker takes over your phone. Your laptop falls in the bathtub. You left your tablet on the bus. Whatever the reason, your can no longer access your system. Have you just lost all your data?
You don’t have to be a Geek Squad guru to back up your files in case the worst happens. If you really want to go the extra mile, you can image your device to make restoring your data even easier. But at the very least, making sure you don’t lose your important files is essential to online safety.
If you’re not confident in your ability to back everything up on your own, there are lots of services that can do it for you. Microsoft OneDrive has a great backup system for all Microsoft products. If you use PowerPoint, Word, Excel, OneNote, or another Microsoft software, those files are automatically backed up. Patrick also likes the service Backblaze because it will back up full hard drives and anything connected to the device. You can buy a single license for one device and hook up phones, laptops, thumb drives, or anything else and have everything backed up. If your device dies or gets hacked or lost, you can download all your data like nothing happened. Some companies will even send you a hard drive with all your data for an additional fee.
If anything, back up because you don’t want to lose those great memories.Patrick McNamera
Online Safety Tip #5: Stay Aware
The biggest challenge in online safety is awareness. A lot of people don’t know what password managers or a VPNs are. A lot of people don’t realize that not every app is safe. Do some research on your own to figure out how best to protect yourself. Patrick’s website diysecuritytips.com is a user awareness website designed to help beginner to intermediate tech users learn about online safety. He discusses how to protect yourself online, how to download safe apps on your mobile devices, and how to use a VPN. There are also tutorials for cybersecurity students who want to learn more.
The important thing to remember is that we’ll all be victims at some point. As the saying goes, either you’ve been a victim of a cybersecurity incident or you don’t know you have. We all want to do as much as we can to protect ourselves online.
Can You Be Truly Anonymous Online?
It is possible to be fully, 100% anonymous online. But it’s not easy. You would have to get preloaded cash cards, gift cards, and a bunch of prepaid cell phones and SIM cards. But you couldn’t buy them yourself, because then you would be on camera, and they would have to be bought in cash so there’s no card connected to you.
Any device you use can’t have anything connected to you – you couldn’t use your credit cards, or log into any accounts associated with you, or use anything that sounds like your usernames and passwords. You would need to only use the device away from where you live or work. Then you would have to install a special operating system on your device or use on that runs through a USB. You would also have to be very careful with email, using a privacy-focused anonymous email provider and only sending to other people who also had privacy-focused email providers.
There are a lot of steps [to be anonymous online], and it can get expensive, too. You have to ask yourself, why am I trying to be anonymous? Is it worth the cost and the hassle?Patrick McNamera
There’s a lot of time, effort, and expense involved in being fully anonymous online. If you’re a whistleblower in a country where whistleblowing could get you executed, those are reasonable precautions. But if your goal is better online safety and protecting your privacy, getting 90% of the way there is a lot more doable. A privacy-focused browser is a good place to start. Patrick uses Brave, which blocks a lot of trackers, but you can get a decent browser for free.
How VPNs Help with Online Safety – and How They Can’t
Some people think that once they’ve installed a VPN, they’re completely safe. And a VPN is very helpful to protect your online safety and privacy. But it can’t help with everything. A VPN will prevent hackers from finding your wifi connection or latching onto your device. If you run your VPN through your router, every device connected to that router will have encrypted traffic so no one can see what they’re doing.
But a VPN can’t stop anything. If someone gets access to your device and plugs in a USB that has malware, your VPN won’t help. It can’t protect you from an attack done through Bluetooth or AirDrop. If someone sends you a malicious file and you open it, a VPN can’t stop it from downloading malware or stealing your data. A VPN can’t stop you from responding to a scam email. A VPN isn’t going to protect you from yourself.
Social engineering and scammers giving you a call or sending you an email – a VPN is not going to stop that.Patrick McNamera
That’s why you need to be aware of the threats and keep yourself educated. There are some really great tools out there that can help with your online safety. But no matter how good the tool, it can’t stop you from falling for a smooth-talking scammer or installing things on your own device. Do your research and be cautious.
There’s Only So Much You Can Do
When we’re trying to improve our online safety, it’s easy to assume we can get to some point where we are completely safe. But in reality, that’s not possible. There are absolutely things we can do to keep ourselves safer and reduce a lot of the risks. But there’s no such thing as no risk. Criminals are coming up with new ways to attack us every day. Tricks like fileless malware, which compromise legitimate software and add malware into real programs you use and trust, can compromise your safety without you – or your antivirus software – realizing it. And supply chain attacks mean you could be compromised because you use a service that uses a service that got attacked.
In the end, there is only so much you can do. You can have a VPN, an antivirus software, and great security awareness, and that will mitigate a lot of risks. But you could still fall victim to fileless malware or a supply chain attack. You’ll never be 100% safe. But the more aware you are, the better you’ll be able to mitigate these risks – and the better prepared you’ll be if you do get attacked.
- Easy Prey Podcast
- General Topics
- Home Computing
- IP Addresses
- Networking Basics: Learn How Networks Work
- Online Privacy
- Online Safety
Many parents assume that grooming is something that happens to other kids, not theirs. But that assumption…[Read More]
In an era where cyber threats are a constant risk rather than a possibility, businesses cannot afford…[Read More]