What Is Online Security? (Your Handy Guide to Internet Safety)

Well, here’s everything you need to know about that:

What Is Online Security?

The standard definition of online security calls it the mix of rules that are followed and actions that are taken to make sure online user data and privacy aren’t compromised by cybercriminals.

Online security can be something as complex as a system that’s designed to prevent credit card theft, or something as simple as you using an antivirus software to protect your device from malware and viruses.

What Is Online Safety?

Online safety represents the process of staying safe on the Internet – basically making sure online security threats don’t endanger your personal information or the integrity of the device you are using.

It’s easy to get online security confused with online safety, but the best way to tell them apart is to consider this: Online security is what offers you online safety.

The 11 Biggest Threats to Your Online Security

There are dozens of online security threats on the Internet, so we decided to focus on the most dangerous and common ones. In case you thought of an online threat that should be on our list, feel free to get in touch with us and let us know.

With that out of the way, let’s get started:

1. Malware

Malware is malicious software that has been programmed to infect any device it comes in contact with. The total number of malware has been increasing significantly over the past years, so malware is one of the biggest security threats on the web right now.

The usual types of malware that are used nowadays include:

• Viruses – A type of self-replicating malware.
• Adware – Exposes you to tons of unwanted ads.
• Spyware – Logs your personal data through keyloggers.
• Ransomware – Encrypts sensitive data or prevents you from accessing your device until a ransom is paid.
• Trojan Horses – Malicious programs that are built (usually without the manufacturer/programmer knowing) into legitimate applications.
• Computer worms – malware that doesn’t need to be attached to other files or programs,  lives in the computer memory, and infects other devices on the same network.

Malware is normally used to steal sensitive information (credit card details, login credentials, personal identifiable information, etc.) in order to steal money from the victim, or as a way to make a profit by selling the data on the deep web.

Malware can also be used to steal someone’s identity, hold important information hostage for ransom, or to simply damage somebody’s hard drive and/or device.

2. Phishing

Phishing generally involves cybercriminals trying to deceive you into revealing personal and financial information by either pretending to be a legitimate business or by trying to threaten you with legal repercussions if you don’t comply.

Cybercriminals who run phishing attacks will use various methods to trick online users:

• Fake emails and SMS messages
• Fake websites
• Website forgery (different from fake websites, as they involve JavaScript commands that change the address bar)
• Link manipulation
• Social engineering
• Phlashing (a phishing method that relies on Flash)
• Covert redirects (basically, legitimate websites that get hacked to redirect visitors to fake websites)

Phishing attacks are a serious threat. Since 2017, they have gone up by 65%. What’s more, there are reportedly around 1.5 million phishing websites on the Internet.

3. Pharming

Pharming is a method cybercriminals might use to improve their odds of tricking online users with phishing websites. Unlike phishing, pharming doesn’t rely so much on fake messages. Instead, cybercriminals attempt to directly redirect user connection requests to malicious websites.

Generally, DNS cache poisoning will be used to take control of your browser’s URL address bar. Even if you will type in the correct email address or IP address of the website you want to access, you will still be redirected to a phishing website.

4. Application Vulnerabilities

Application vulnerabilities are usually bugs and errors found in the code of a specific program which can be taken advantage of by cybercriminals to access and steal user data. These issues are normally solved with an update.

Facebook’s vulnerability that allowed hackers to take over user accounts (endangering up to 50 million accounts) is a good example of this.

5. DoS and DDoS Attacks

DoS (Denial of Service) and DDoS (Distributed Denial of Service) attacks are used to overwhelm network servers in an attempt to take a website or an online service down – either for a few minutes, hours, or even days. DoS attacks originate from a single computer, while DDoS attacks come from a whole network of infected computers (called a botnet).

These kinds of attacks can be used by experienced hackers, but also by anyone who has the money to pay for DoS attacks or to rent botnets.

DoS and DDoS attacks are not particularly dangerous to your online security as an individual Internet user. They’re more of a source of annoyance, and normally become a serious threat if you run an online business or a website. Why? Because DoS and DDoS attacks can cause you unnecessary downtime, and cost you the trust of your customers.

Of course, there’s always a chance that DoS and DDoS attacks could be used by cybercriminals as a smokescreen to keep security teams from noticing that they are trying to breach user data. In that case, DoS and DDoS attacks become a concern for everyone.

6. Scams

Scammers have been preying on people before the Internet was a thing. Now, they’re more active and successful than ever since scamming people out of their money and personal information is much easier.

Usually, scammers will employ all sorts of tactics to deceive online users and trick them into revealing sensitive information (like their Social Security Number, credit card details, bank account details, email login credentials, etc.) so that they can either steal their money or their identity.

Online scams will usually involve phishing attempts, but they can also involve other methods:

• Classified ads
• Employment scams
• Ponzi schemes
• Pyramid schemes
• Advance-fee scams
• Bettings scams
• Catfishing

7. Rootkits

A rootkit is a collection of programs or tools that give cybercriminals complete control over a computer or a network of Internet-connected devices. Some rootkits will even install keyloggers and disable antivirus programs once they get into a computer.

Hackers won’t be able to install rootkits directly on a device, though (unless they somehow have access to it). Instead, they will rely on phishing tactics, fake links, fake software, and malicious websites to get the job done.

It’s pretty obvious why rootkits are dangerous – they can be used to steal money and sensitive information from both individual online users and large businesses.

8. SQL Injection Attacks

Basically, SQL (Structured Query Language) is used by servers to store website data. So, an SQL injection attack is something that can endanger all user data on a website.

In terms of how these attacks work, SQL injections use malicious code to exploit security vulnerabilities in web applications. These kinds of attacks can result in website data being stolen, deleted, and can even void website transactions.

Unfortunately, there’s not much the average online user can do against SQL injection attacks. The best thing they can do is stick with a service provider that is known to use reliable and secure servers, and who doesn’t ask for too much personal information.

9. Man-in-the-Middle Attacks

Man-in-the-Middle (MITM) attacks involve a cybercriminal intercepting or altering communications between two parties.

A good example of that is a hacker who intercepts the communications between your device and a website. The cybercriminal could intercept your connection request, alter it to suit their needs, forward it to the website, and then intercept the response. This way, they could steal valuable information from you, such as your login details, credit card info, or bank account credentials.

MITM attacks can rely on malware for their success, but there are also multiple other ways a MITM attack can occur, with these being the most common methods:

• DNS spoofing
• HTTPS spoofing
• Wi-FI hacking
• IP spoofing
• SSL hijacking

10. Spamming

Spamming can be defined as the mass distribution of unsolicited messages on the Internet. The messages can contain anything from simple ads to pornography. The messages can be sent through email, on social media, blog comments, or messaging apps.

Spam is usually just annoying, but it can also be detrimental to your online security if the messages you receive are phishing attempts, come with malicious links, or contain malware-infected attachments.

11. WiFi Eavesdropping

WiFi eavesdropping normally takes place on unsecured WiFi networks (usually the free ones you see in public), and it involves cybercriminals taking advantage of the lack of encryption to spy on your online connections and communications. They could see what websites you access, what email messages you send, or what you type into a messaging application.

WiFi eavesdropping can also occur on secured networks if the WPA2 encryption is cracked – something that is apparently doable, though not extremely simple. Once most network devices will be equipped with WPA3, that vulnerability might no longer be a concern, but it might take a while until the new version comes along, unfortunately.

10 Ways to Boost Your Online Security

Here are some things you can do to better protect your online identity and financial data when you’re browsing the web.

1. Don’t Use Unsecured WiFi Networks

Free WiFi on the spot is tempting and extremely useful, we’ll give you that, but it’s also highly dangerous. Since no encryption is used, that means anybody can eavesdrop on your connections to steal sensitive information.

It’s best to avoid any WiFi network that doesn’t ask you for a password, and just use your own mobile data plan instead – especially if you need to check your bank account, social media account, or email real quick.

Also, we’d recommend setting all your devices to “forget” any public WiFi network you use (even if it’s secured). Why? Because there are devices (like the WiFi Pineapple) that allow cybercriminals to orchestrate MITM attacks by setting up fake WiFi hotspots that try to act as legitimate networks. Since your device is set to automatically reconnect to a WiFi network it previously used, it will have no problem connecting to the fake network if it broadcasts a similar SSID (WiFi network name).

Here’s a quick list of tutorials that show you how to turn off that feature on most platforms:

• Windows 7
• Windows 8 + Windows 8.1
• Windows 10
• macOS
• Linux (video for Ubuntu as well)
• iOS
• Android

2. Use Powerful Antivirus Software

Antivirus software is your best bet of keeping your device safe from malware infections. Don’t let the name confuse you – an antivirus program fights against viruses, but it mostly targets malware (a virus being a type of malware). Make sure you keep the program updated, and that you run frequent scans – especially after you download new files. It’s best you don’t open them up without scanning them first, in fact.

Just make sure you pick a reliable antivirus provider. Ideally, you should stay away from free solutions, and choose a paid provider who might offer a free trial.

There are plenty of antivirus/antimalware software providers to choose from, but our recommendations are Malwarebytes and ESET.

3. Always Use a VPN Online

A VPN (Virtual Private Network) is an online service you can use to hide your real IP address and encrypt your online communications. It’s one of the best ways to enhance your online security and hide your digital footprints. As long as the proper encryption methods are used, nobody will be able to monitor your online traffic to see what you’re doing on the Internet

That pretty much means you won’t need to worry about cybercriminals (or government agencies or your ISP, for that matter) eavesdropping on your connections – even when you use unsecured public WiFi networks.

Ideally, you should use the VPN alongside a reliable antivirus program. While a VPN can offer you a secure online experience, it can’t protect your device from malware, so it’s better to be safe than sorry. And like an antivirus program, you should avoid free VPNs, and stick with a paid VPN provider instead.

4. Avoid Phishing Attempts

Since phishing can take so many forms, we decided it’s best to compile most tips you should follow into this short list:

• If you receive any emails or messages claiming to be from someone close to you, your bank, or the police asking you to download shady attachments, access shortened links, or share sensitive information, ignore them. Get in touch with the alleged sender instead to find out the truth.
• Try googling parts of the message you received between quotes. If it’s a phishing scam, you are likely to get results of other people talking about receiving the same message.
• Ignore any messages that claim to be from reputable institutions but don’t have any legitimate contacts details or signatures.
• If you access a website, make sure the URL starts with “https” instead of “http.”
• If you receive any random pop-up ads on legitimate websites you know, don’t interact with them.
• Consider using Stanford anti-phishing browser extensions.
• If you somehow do end up on a phishing website asking you for login credentials or financial information and can’t exit, just type in gibberish or fake passwords and information.

5. Don’t Keep Bluetooth On

While Bluetooth has its uses, keeping it turned on at all times is quite the gamble. Back in 2017, it was discovered that Bluetooth had a vulnerability that would allow cybercriminals to hack your device silently. In 2018, a new Bluetooth hacking method was discovered that affected millions of devices by allowing hackers to use MITM attacks to obtain your device’s cryptographic key.

All in all, it’s better to be on the safe side and turn off Bluetooth when you’re not using it to keep your online security intact.

6. Turn Off Location Services on Your Mobile Devices

Geo-location services can be really useful, but they can also be very risky. Leaving the fact that an application or market giant like Google will constantly know exactly where you are, there’s also the fact that some applications could leak your geo-location.

If that happens, it doesn’t mean you’ll be in immediate danger. Still, your online security will take a hit, and you never know what might happen to the leaked data if the wrong person gets their hands on it (hint – it could be sold on the dark web).

7. Use Script Blockers in Your Browsers

Script blockers are browser extensions you can use to make sure the websites you access don’t run unauthorized shady Java, JavaScript, or Flash scripts and plugins in the background that can compromise your Internet safety. Don’t forget – some scripts can be so dangerous they can take over your browser, while others can run phishing redirects or ads, or even mine for crypto currencies by using your CPU.

We recommend using uMatrix alongside uBlock Origin.

8. Keep Your Operating System Up-to-Date

Not installing the most recent updates on your operating system can seriously harm your online security. Why? Because hackers can use potential vulnerabilities to their advantage – vulnerabilities that might have been patched with the latest update.

The EternalBlue exploit is a pretty good example of that. It was an exploit developed by the NSA which affected Windows devices, and it was also part of the WannaCry ransomware attacks. Luckily, Microsoft released a patch for the exploit pretty quickly. People who didn’t install that update essentially continued to be vulnerable to it.

9. Consider Using Encrypted Messaging Apps and Emails

If you want to really make sure your online communications are secure, you can try using the Signal app for messaging. It features really powerful encryption, and Snowden himself said he uses it every day. WhatsApp could be a good alternative too since it apparently features powerful security as well.

As for emails, ProtonMail is a pretty reliable service. It’s free to use (to a certain extent), and any communications that go through it are fully encrypted. Plus, the service is based in Switzerland, a country known for its very tough laws that protect user privacy.

10. Use Strong Passwords

Having powerful passwords for your accounts is extremely important, but coming up with a really good one is easier said than done.

We already have an article on the topic if you need some help, but here are the main ideas:

• Uses spaces if it’s allowed.
• Only use long passwords. Ideally, don’t stick to just one word.
• Don’t use dictionary words as your password.
• Use both uppercase and lowercase letters, and randomly mix them up.
• Use symbols (like $, %, or *) in your password.
• Include numbers in your password.
• Try making your password a whole sentence.
• Reverse some words you use in the password (instead of “chair” use “riahc”).

Also, try not to use the same password for all your accounts. It’s better to use different passwords, or at the very least variations of your main password.

Regarding how to store the passwords, it’s best to use a password manager (like KeePassXC or Bitwarden), but it’s also a good idea to write them down in a notebook

What Is Online Security? The Bottom Line

Online security represents the rules you follow, actions you take, and processes that happen to ensure you are safe on the Internet. With security threats (malware, scams, phishing, hacking, etc.) becoming more and more common nowadays, online security has become more important than ever.

Usually, the best way to make sure you’re safe online is to use a strong antivirus program, a reliable VPN, powerful passwords, and script blockers (among other things).