Feb. 9 is Safer Internet Day. For the past 13 years, cyber-advocates across the world have used the second Tuesday in February to remind people to be careful out there. The day is now observed in more than 120 countries. And while most of the discussion is focused on keeping kids out of harm’s way, adults can also learn a thing or two.
Internet safety is also about securing yourself from cybercriminals, snoops, creeps, and assorted other denizens of the Net’s dark side. Follow these 13 rules and you should be able to surf in safety.
Rule #1: Update early and often
If there’s a vulnerability in your operating system, browser, or other software, be assured the bad guys know about it. But no matter how quickly software makers plug that hole and push out an update, it won’t do a damn bit of good if you don’t actually install it. So install updates as soon as they’re available, especially those marked “critical.” Better yet, set your OS and apps to automatically update if possible. Yes, it’s a hassle to update Java and Adobe Acrobat every flipping week, and some updates may occasionally break things. Do it anyway.
Rule #2: Honor thy antivirus software and keep it current
Installing antivirus software isn’t the safety net it used to be, thanks to the increase in “zero day” threats that appear before AV companies can update their software. But they’ll still stop more than 90 percent of the threats you’re likely to encounter. So get some. If you’re unwilling to pony up $30 to $60 a year for BitDefender or Intel’s McAfee, you can download perfectly adequate solutions from AVG or Avast for free.
Rule #3: Don’t fall for that scam
You know what’s an even bigger threat than malware authors and cybercrooks? You. The easiest way for an attacker to get access to your logins is to fool you into giving them up. This is usually achieved via a “phishing” email that looks like it’s from your bank, employer, or the IRS; this email aims to lure you to a bogus site where you enter your login name and password. Once the attackers have your info, they can log into your account, then steal your information and sell it to others.
An example of a phishing email pretending to be from everyone’s favorite federal agency. (Image: Phishme.com)
Some phishing attempts are crude and easy to spot; others would fool all but an expert. But the defense is easy: Just don’t click on any links inside an email. If you got an email purportedly from your bank, type your bank’s web address into the browser and go there directly.
Rule #4: Don’t touch that file
The other way scammers get you is by sending a bogus attachment, like an invoice or a contract for something you allegedly ordered. Opening the document usually infects your computer. If you don’t recognize the sender, just delete the email. If the message appears to come from a friend or colleague, make triple sure that person actually sent it to you before you open it.
Rule #5: Become a cyber-savvy parent
Sexting, cyberbullies, and catfishing — being a parent of an Internet-age kid isn’t easy. The best thing you can do is educate yourself. The Connect Safely site has a slew of helpful, nonhysterical guides to keeping kids safe from cyberbullies, dealing with SnapChat and Instagram, how to handle the mobile phone conundrum, and a ton more. Common Sense Media is also an excellent resource for how to be cyberparent, with recommendations for age-appropriate sites, apps, games, and the like.
Rule #6: Don’t be a boob about the Tubes
If your kids are online, it’s pretty certain they’re spending a lot of time on YouTube and other video sites. Most of that content is innocent (if mind-numbing); some of it isn’t. You need to at least be aware of what they’re watching and put some controls on it. If they’re still in single digits, you might want to install Google’s YouTube Kids app on their tablets or phones.
Rule #7: Don’t install that new video player
Just like in real life, most of the bad guys on the Internet hang out in dicey neighborhoods — like adult sites, BitTorrent search engines, and pirate Internet TV stations. At some point nearly all of them will pop up a message saying that your Flash player is out of date or that you need to install a new video player to watch whatever it is you’re trying to watch. Don’t do that.
This pirate site wants me to update Flash, but it’s really trying to get me to install malware. (Also: Don’t use Flash if you can avoid it.)
Best-case scenario is you’ve installed adware — software that will splatter advertisements over all your Web pages. Worst case, somebody just made your computer part of their zombie army.
Rule #8: Use a password manager
Yes, passwords suck. But until we get a better replacement, we’re stuck with them. So do yourself a favor and use a password manager like 1Password, Dashlane, or Lastpass. They will both act as a password vault, storing all your thousands of logins for different sites, and also auto-generate fiendishly difficult-to-crack passwords on your behalf. Just don’t forget the master password to your vault or you’re screwed. (Tip: Use a song lyric or some other easy-to-remember-yet-unique phrase for your password, the longer the better.) They aren’t foolproof, but they’re better than using “123456” for everything.
Rule #9: Protect your logins
One way to find out if your password has been stolen is to see if someone is logging into your accounts from an unknown machine. With more and more sites using Facebook and Twitter as ways to prove you are who you say you are, this becomes especially more important.
Facebook has a Security Checkup page you can use to see if someone else has been logging into your Facebook account and lets you log out of any unknown ones with a click. Companies like Apple, Google, Twitter, and Yahoo have deployed so-called “two-factor” (or “two-step”) authentication, which requires you to enter an additional piece of information when logging in from an unfamiliar device — usually a 4- or 6-digit code sent via text to your phone. If you think someone else might have access to your accounts, it’s a good idea to change your password and then implement two-factor.
Rule #10: Secure all your Wi-Fi passwords
Most people don’t realize this, but your home Wi-Fi actually has two passwords. One is for the network — that’s the one you type when you log on from a new device. The other password is for the router; this allows you to go in and change network settings (like your Wi-Fi password). Most people remember to change the first set of logins but not the second, and the router defaults are widely known (usually “admin” and “password”). So anyone within range of your home network could log into your router, change the settings, lock you out of it if they wanted to, or simply capture all the information flowing out of your network. Not good.
You’ll want to change your router’s defaults. Instructions vary depending on the router, so you’ll need to visit the manufacturer’s website and search for “change router admin password.” (To get you started, here are instructions for Netgear, Linksys, and Belkin.)
Rule #11: Don’t get sucked in by fake Wi-Fi hotspots
If you’re logging on from a crowded café or an airport lounge, you’ll probably see “free” Wi-Fi hotspots galore. Some are legit, some are definitely bogus. You’ll want to find out if in fact the café or lounge offers free Wi-Fi, and what the network name is, before you log on. Otherwise you could be handing all your Internet traffic to some rogue access point or that creep behind you with a laptop. When in doubt, pony up some money for a legit public hotspot you know is secure.
Rule #12: Use an encrypted connection in public
Even if you’re on a legit public Wi-Fi network, someone else on the same network could snoop on your data unless you take the right precautions. First, if you are logging on to your webmail or another password-protected account, make sure to use the encrypted version of the website — the address always starts with https (not http). Otherwise, anything you type is sent in plain text and can be captured by someone else on the same network.
A good explanation of how two-step authentication works, courtesy of Google.
The best option, if you can: Connect to the Internet using a virtual private network (VPN), especially if you’re dialing into work. This creates an end-to-end encrypted connection between you and the Net, making it virtually impossible for anyone to spy on you.
Rule #13: Technology can help — but it can’t solve everything
If you’ve got kids at home, technology can give you a handle on what they’re doing on the Net. Circle can monitor every device on your home network and let you set rules about where and when kids can access the Net. (Unfortunately, right now it works only on iPhones; Android support is coming later this year.) The upcoming Screen app will let you control all your home devices from your phone. Norton Online Family Premier can cordon off the nastier parts of the Net and give you a window into their chat conversations and video consumption. And of course, anti-malware software can help fight off the nasties for everyone.
Ultimately, though, the burden is on you. Like liberty, the price of Internet safety is eternal vigilance. And not just on one day each year.
Find Dan Tynan on Twitter, if you can.