10 Ways to Stay Safe Online

If you happen to be in a hurry, though, and can’t read through the whole article right now, feel free to skip to the last section of the article (“10 Ways to Stay Safe Online – Let’s Recap”), right at the bottom. We’ve got a summary of all the main tips to stay safe online we’ll be discussing in this article.

Why Is It So Important to Stay Safe Online?

Well, the Internet is simply not what it used to be. That’s not to say there weren’t any cyber threats 15 years ago or so, but the average online user generally had an easier time staying safe on the web. Today, that’s a bit harder to do. While the Internet became more advanced, so did the tactics used by hackers.

Right now, it’s expected that web-connected devices will become huge targets for cyber and malware attacks. What’s more, it’s extremely likely that we’ll continue seeing a bigger and bigger spike in cyber attacks and cyber crime in the next years since that kind of illegal activity have become much more profitable than major illegal drug trade. Then again, research already showed that a hacker attack takes place every 39 seconds, so that’s not really surprising

Overall, all the available data just shows one thing – you either learn how to stay safe online, or you eventually end up losing your money in a cyber attack or the victim of identity theft.

Here Are the Best 10 Ways to Stay Safe Online Nowadays

While there are many ways to stay safe online, we’ve decided to focus on the 10 most efficient ones:

1. Don’t Use Public WiFi for Sensitive Stuff

It’s hard not to do that – we know. Public WiFi is right there when you need it, and it offers you quick, free access to the web.

But that convenient access comes at a cost – a pretty big one: Your personal and financial details. According to statistics, around 24% of worldwide WiFi hotspots don’t use any reliable encryption at all. The percentage might not seem that bad, but consider this – it’s estimated there will be approximately 432 million hotspots around the world by 2020. So, that means around 100 million hotspots are unsecured.

If you happen to use such a WiFi network, anyone could eavesdrop on your connections to see what you are doing online. If that were to happen, any hacker could easily steal any information they want from you, like your:

• Bank account details
• Credit card numbers
• Login credentials

And while the majority of hotspots do use WPA2, you can’t let your guard down yet. You should actually take care when using secured public WiFi too – be it at a hotel, at a restaurant, or even at home. Why? Because it was already shown that even WPA2 is susceptible to a specific type of cyber attack. WPA3 is supposed to fix that problem, but it’s likely going to take a few more years until it’s widely adopted – to the point where it becomes a requirement – since it’s an optional certification for now.

So what can you do? You can’t just stop using WiFi all together, after all.

Well, you don’t have to do that. You just need to make sure you aren’t using public WiFi (secured or unsecured) to access sensitive information. Ideally, you should only use it for regular online browsing. Don’t use it to check your email, bank account, or social media profile(s). If you really need to do that, use your data plan instead.

If you want a better option, though, consider using a VPN (we’ll be discussing it at tip #3). The service can secure your online connections on hotspots with no encryption to ensure your private data isn’t exposed.

2. Set Your Devices to “Forget” WiFi Networks

Many devices (especially mobile devices) are set by default to automatically reconnect to familiar WiFi networks. So, if you go to a friend’s place, connect to their WiFi network, and then visit them again in two days, your device will automatically connect to their network.

Convenient, right?

It sure is, but it’s also pretty dangerous too. Why? Because cybercriminals could set up fake WiFi networks to confuse your device, and trick it into accidentally connecting to them instead. Worst of all – it’s not an extremely complex process for them.

Let’s say you go to a bar, have a beer, and use the WiFi. When you leave, you automatically disconnect from the network. But as long as the “remember” feature is turned on, your device will continue broadcasting a signal that asks nearby WiFi networks if they have the same SSID (WiFi network name) as the bar’s hotspot.

All a cybercriminal would need to do in that case is use a device that can scan the SSIDs your device broadcasts, and then rebroadcast them as its own – effectively making your device believe the hacker’s fake network is a legit one.

And here’s the worst part – such a tool already exists. The WiFi Pineapple can help hackers easily set up MITM (Man-in-the-Middle) attacks, and it only costs $200 at the moment.

So, it’s much better to just have your computers, laptops, and mobile devices forget WiFi networks. If you don’t know how, here’s a list of useful guides you can use:

• macOS
• Linux (Ubuntu video)
• Android
• iOS
• Windows 7
• Windows 8/8.1
• Windows 10

You should know that some operating systems or devices (usually the more modern ones) call this feature “Auto-Connect.” So, be sure to disable that too if you notice it.

3. Use a VPN (Virtual Private Network)

If you’re not familiar with VPNs, they are online services you can use to hide your real IP address and secure your online connections by encrypting them. Simply put, a VPN will:

• Ensure nobody (not your ISP, not hackers, not government surveillance agencies) can see what you are doing on the Internet. Your online communications will be fully encrypted and surveillance-proof. Yes – even on unsecured public WiFi.
• Prevent any would-be cybercriminals from learning sensitive information about you (like where you live, who your ISP is, what your zip code is) from your IP address.
• Make sure you can freely speak your mind online, and that your digital footprints are untraceable to a certain extent.

Using a VPN is a very smart way to stay safe online, and it’s an especially effective method if you follow all the other tips that are discussed in this article.

4. Keep Your Device(s) and Browsers Secured

One of the best ways to stay safe online is to make sure you use a reliable antivirus/antimalware program on your device. It will help protect you from online threats – like malicious cookies, malware, viruses, spyware, adware, etc.

There are plenty of antivirus/antimalware software providers to choose from, but our recommendations are Malwarebytes and ESET.

Besides antivirus/antimalware software, you should always try to keep your operating system up to date. Don’t forget – crucial security updates can be released even within the tinies system updates. That, and make sure to keep your firewall turned on – it’s an extra layer of security that’s worth having.

As for your browser, you should consider using script blockers – essentially extensions that prevent unauthorized scripts from starting up when you access a shady or malicious website. For example, a script blocking extension could prevent a malicious website from loading a crypto-mining script that harms your CPU, or stop a website from displaying malicious pop-up ads.

At the moment, the best extensions you can use are uMatrix and uBlock Origin. It’s best to use them together, not separately, if you really want to stay safe online.

5. Don’t Interact With Phishing and Spam Emails

With phishing attacks on the rise and spam emails accounting for 45% of all emails that are sent on the web, it’s more important than ever to avoid falling for them. If you do, you risk having your identity stolen, your bank accounts emptied, and your business ruined.

Spam emails are usually easier to recognize than phishing emails since they take less effort. The poor grammar, aggressive tone, and vague context tend to be a good giveaway. Some phishing emails can be recognized that way too, but many of them tend to be better crafted. Scammers take the time to research their victims and personalize the messages, so that they have a better chance of getting the recipients to engage with the emails.

Examples of phishing emails can include:

• Someone pretending to work at the bank you have an account with, claiming you need to verify your identity by sharing your login credentials or clicking on a malicious link.
• A cybercriminal claiming to be a police officer, lawyer, or federal agent saying that you are suspected of criminal activities, and that you need to click on a link, download an attachment, or share sensitive personal information (like your Social Security Number) to be cleared of charges.
• A hacker might pretend to be the CEO of the company you work at, and try to pressure you into installing malicious software (like keyloggers) on the company’s computers.

There are many more other scenarios, but you get the idea – phishing emails can be very diverse and – sometimes – quite convincing. Luckily, there are some red flags you can look out for:

• Links that send you to an “HTTP” website instead of an “HTTPS” website.
• Links that are shortened – “https://bit.ly/2siUVoz” instead of “https://www.cactusvpn.com,” for example.
• Misspelled names and intentional grammatical errors in the email address – “[email protected]” instead of “[email protected],” for instance.
• Lack of any official signatures that tend to be at the bottom of an official email from an institution or company.
• A sense of urgency and pressure, and an aggressive, threatening tone if you don’t comply with the sender’s demands.
• Attachments that are not what they claim to be – for instance, an alleged executable which ends in .zip, or a so-called Excel file that is actually an .exe file.

All in all, if you ever get spam or phishing emails, just ignore and delete them. Ideally, you should contact the real alleged sender to see if they really emailed you or not. You should also consider using Stanford’s anti-phishing extensions, and maybe contacting the authorities if the law in your country allow you to take legal action against them.

6. Use Strong, Separate Passwords

Like most people, you likely already know how important it is to have a reliable password for any account you use. But while that is well-known, people still don’t seem to listen. In fact, statistics show that approximately 86% of global passwords are extremely weak.

Safe to say that hackers are rejoicing at this kind of news.

So then, what makes a good password? Well, before we offer you some tips, we need to highlight one important thing: You need to have a different password for each account. Having one strong password you use for all accounts isn’t the safest way to go. Just think of it – if that password (no matter how strong it is) were to be cracked, a cybercriminal would get instant access to all your accounts. If you have multiple passwords, only one account gets compromised.

Something else you should know is that you need to change passwords on a regular basis – it’s simply much safer to do so. Now we don’t mean you need to change them every day (unless you want to, of course), but you could change your passwords every month, for example.

With that out of the way, here is what you need to do to create a strong password:

• Make it long – don’t just use one word. Try to make up a whole sentence if you can.
• If the platform allows it, include spaces at random intervals in your password.
• Use lowercase and uppercase letters randomly, like so: “aBcDeF.”
• Add symbols (like “&,” “*,” or “@”) randomly between the letters or words.
• Try not to use any words from a dictionary. At the very least, avoid making all the words in your password “real” words. One way to do that is to reverse some words – instead of “mouse,” use “esuom.”
• Always add numbers in your password – at the start, the end, or anywhere in the middle.
• Don’t use obvious substitutes. For example, using “m0u$e” instead of “mouse” isn’t going to make your password significantly more secure.
• Try making the password a bit memorable if you want. For instance, you can make it an acronym for a phrase like “My parents have been living in Italy for 5 years.” It’d be something like “MphbliIf5y.” Of course, adding some more symbols and numbers doesn’t hurt.

In case you’d like to read more about this, check out our guide on how to create a strong password.

As for how to keep track of all your passwords, we recommend first writing them down in a notebook you keep in a secure place in your home or at a bank. Secondly, consider using services like KeePassXC or Bitwarden to manage your passwords.

7. Avoid HTTP Websites

It’s always best to avoid using HTTP websites – especially for online purchases – because they are simply not secure. That’s not just a speculation – even Google started marking all HTTP websites as being unsafe back in 2018.

Basically, if HTTP is used on a website instead of HTTPS, it means there is no security in place to encrypt your online communications with said website. So, anyone could see what you’re doing on it. See the problem? It’s very easy for a hacker to compromise your passwords, bank accounts, and credit cards this way.

And no, it’s not just HTTP websites that handle payment information that are a problem. HTTP blogs and forums are an issue too. Why? Because they usually collect your email address when you sign up. Due to the lack of encryption, there’s a chance that email can end up in the hands of cybercriminals. If that happens, your email address will become the target of phishing, pharming, and spam attacks.

How can you tell if a website uses HTTPS encryption? Pretty simple – here are some signs:

• The URL address starts with “https” instead of “http.”
• A green padlock icon is present in the address bar, right before the URL address.
• The company name is displayed after the padlock icon (not all the time, though).
• The most obvious one – the browser lets you know it’s not a safe website.

However, you should know that while HTTPS websites can’t really be spoofed, there’s nothing usually stopping hackers from setting up a fake website that imitates the original one, and using homograph attacks to fool online users. That, and hackers or scammers could just register a “legit” website for an HTTPS certificate, and use it to steal your credit card details, for example.

A good way to protect yourself against such attacks is to always double-check the website URL to make sure there are no misspellings, and to use password managers since they will only auto-fill your login credentials if the website is actually the real one. If it’s fake, they generally won’t do that.

As for malicious HTTPS websites that don’t imitate other platforms, your best bet is to do a lot of research on it to see if it’s really legit. You can also try clicking on the padlock icon to get more information about the company’s certificate.

Oh, and you should also consider using the script blockers we mentioned above (uMatrix and uBlock Origin). They’re not 100% guaranteed to protect you from fake HTTPS websites, but they can – at the very least – stop any malicious scripts from running in the background when you access such platforms.

8. Limit the Amount of Private Info You Make Public on the Web

Listing your phone number and email address on your social media page makes it easy for people looking to make new friends or interested employers to contact you, right?

Sure, that can happen, but doing that also makes it very easy for cybercriminals to target you with scams. Not to mention that’s exactly the kind of information that gets sold on the deep web for a profit.

You should also avoid giving out too much information about what you are doing or your whereabouts on social media. While it might give you something to talk about with your friends, it also gives robbers some pretty useful information too. For example, if you post a picture from a restaurant, and tag yourself as being there, you’re essentially letting burglars know you’re not home.

And that’s no fear-mongering. Many robbers used info from social media to plan their heists. Plus, back in 2011, statistics showed that around 80% of robbers checked social media when planning a theft. That was some time ago, true, but it’s highly unlikely that things got better now – especially since social media contains even more information about you. In fact, it seems social media is more popular with burglars than ever.

Of course, we’re not saying you shouldn’t use social media at all, but try to limit the amount of info you make public about you. At the very least, you should make sure all your profiles are set to private, so that only people you trust can see what you post. Naturally, you should make sure you don’t add anyone to your Friends list who you don’t know, or who seems like a fake, copycat profile.

Oh, and when it comes to sharing private info, that includes your IP address too. Don’t forget – people can learn a lot from it, like what country and city you live in, and what your zip code is. That’s why it’s always a good idea to use a VPN when you access the web – your IP address will always be hidden that way.

9. Stay Safe Online By Not Keeping Bluetooth Turned On

As a general rule of thumb, you should only turn Bluetooth on when you need to share files with someone you know on the spot. When you’re done, though, you should immediately switch Bluetooth off. Why? Because leaving it on can compromise your online security.

Unfortunately, while Bluetooth can be safe, it has a lot of security flaws. Back in 2017, it was discovered that cybercriminals could use a vulnerability to hack mobile devices without anyone noticing. A year later, a new security issue was discovered which allowed MITM attacks to be used to steal your cryptographic key.

But that’s just the tip of the iceberg. Bluetooth is susceptible to various cybernetic attacks, such as:

• Bluebugging (can result in unwanted spam)
• Bluejacking (endangers your private info)
• Bluesnarfing (can cause unwanted pairing + loss of control over the device)

So, make sure you never keep Bluetooth on at all times. Also, take the time to ensure your device isn’t “discoverable” through Bluetooth if there is a setting for that on the platform you use.

In case you’re not sure how to disable Bluetooth on your device(s), here are some guides that might help you:

• iOS/Android
• macOS
• Ubuntu
• Windows 7
• Windows 8
• Windows 8.1
• Windows 10

10. Don’t Be Too Trusting With People You Meet Online

If you don’t know someone personally in real life, it’s best not to be too open about your personal life and financial/business details if you only met and talked with them on the Internet. You never know if it’s a genuine person looking to befriend someone, or if it’s a hacker, scammer, or someone involved in corporate espionage behind the profile.

Don’t forget – it’s not that hard to set up a fake social media profile. A few stolen or stock photos, some generic “About Me” information, a simple email address, and a burner phone is all a cybercriminal would need to set up and confirm a fake profile.

What can happen if you share too much information with a stranger over the web who seems friendly enough? Sometimes, nothing. But, other times, there’s a chance things could go wrong:

• They could prey on your emotions and compassion, tell you a sob story, and convince you to wire them a decent amount of money. Afterwards, they either try to get you to send them more money, or they drop all contact with you.
• The person behind the account could try to trick you into sharing valuable personal and financial information with them – like your Social Security Number, bank account or credit card details, or even some info about your login credentials.
• The person in question could be part of a social engineering ring which aims to collect various personal information about the company you might be working at. They do that in order to better personalize their phishing messages.

Those are just some possible scenarios, but you get the idea – don’t blindly trust anyone who is too friendly with you on the Internet, especially if you’ve never met them in person. And no, seeing them over a webcam doesn’t mean you get to know the real person. The webcam stream can actually be faked, and there are tons of software that can help someone do that.

10 Ways to Stay Safe Online – Let’s Recap

Online safety is more important than ever nowadays since security threats almost around every corner on the Internet. Well, our research shows that the following 10 ways to stay safe online seem to be the most efficient ones:

1. Avoid public WiFi if you can. If you can’t, make sure you don’t use it for stuff like online banking and checking your email or social media accounts. Alternatively, only use public WiFi with a VPN.
2. Configure your devices to “forget” WiFi networks you previously used, so that they don’t accidentally reconnect to a fake hotspot impersonating them.
3. Always use a VPN service on the web – it can mask your real IP address and encrypt your online communications, keeping them safe from hackers.
4. Secure your device(s) and web browsers by keeping them up-to-date, using the system’s firewall, installing reliable antivirus/antimalware software, and using script blockers.
5. If you get any emails or messages that seem like spam or phishing attempts, ignore them completely.
6. Craft strong passwords for all your accounts, and use a separate password per account. Using password managers is also a good idea.
7. Don’t use HTTP websites, or – at the very least – don’t give out your email address or credit card number on HTTP websites.
8. Don’t post too much personal information on social media – like your contact details or your current whereabouts, for example.
9. Keep Bluetooth turned off if you are not currently using it.
10. Don’t put your trust into online strangers too fast, and don’t share personal and financial information with them if you’ve never met them.