How to protect yourself while on the Internet
There is a lot of wrong information, bad people, bad websites, and cybercrime on the Internet. Below are steps and suggestions everyone should follow to safeguard their computers and personal information while connected to the Internet, and protect themselves from computer crime.
The following information and precautions should be followed by all computer users, regardless of the computer or operating system used to reduce the risk of threats. If you shop online, send and receive e-mail, download files, or browse the Internet, keeping your computer and yourself safe and secure is important.
Verify data is encrypted
When sending confidential information over the Internet, such as usernames, passwords, or credit card numbers, only send it securely. To verify this, look for a small lock () icon in the bottom right corner of your browser window or next to the address bar. If visible, the lock icon should also be in the locked position and not unlocked.
Internet Explorer secure address bar.
We also suggest making sure the URL (Uniform Resource Locator) begins with https, as shown above.
While the lock is in the locked position, data is encrypted, which helps prevent anyone from understanding the data if it's intercepted. When no lock is visible or in the unlocked position, all information is plain text and could be read if intercepted. If a web page is not secure (e.g., an online forum), use a password you wouldn't use with protected sites like your online banking website, or for purchases made on a shopping website.
Use a safe password
Websites that store confidential data, such as an online bank site, need to use strong passwords. Also, we recommend you use a different password for each website that requires a login. If you need help remembering your passwords, consider using a password manager.
When available always enable two-factor authentication
Two-factor authentication adds additional protection by requiring an additional step in verifying a login. With two-factor authentication, after verifying your password, if the service does not recognize your computer, it sends your phone a text message with a verification code. If someone had your password but did not have your phone, even with a valid password, they cannot access your account.
Two-factor authentication should at the very least be enabled on your e-mail account. Most account passwords can be reset using the forgot password feature, which sends a new password or link to reset the password to the e-mail address on file. If anyone has access to your e-mail account, they could get the new password for your account.
Keep your operating system and software up-to-date
Many of the updates released by developers of operating systems are related to computer security-related issues. Make sure your operating system is always running the latest updates and is still supported by the developer. Older operating systems, like Microsoft Windows XP, are no longer supported by Microsoft and therefore no longer get updates.
Always be cautious of e-mail links and attachments
One of the most common methods of spreading viruses, malware, and ransomware is through e-mail attachments and hyperlinks sent through e-mail. Always be extremely cautious when dealing with any attachments or links in e-mails you've received from anyone (even friends and family).
E-mail is not encrypted
Never transmit confidential data over e-mail, such as passwords, credit card information, etc. E-mail is not encrypted, and if intercepted by a third-party, it could be read.
Be aware of phishing scams
Familiarize yourself with phishing scams and techniques, which trick you into divulging your account information. Online banking sites, PayPal, eBay, Amazon, and other popular sites that require logins are popular targets for theft and other fraudulent activity.
It's also helpful to familiarize yourself and people who use your computer with other social engineering tactics.
Use caution when accepting or agreeing to prompts
When browsing, if you're prompted to install any program or add-on, make sure to read and understand the agreement before clicking the OK button. If you do not understand the agreement or feel it is not necessary to install the program, cancel or close the window.
Additionally, when installing any program, watch for any check box that asks if it's ok to install a third-party program, toolbar, etc. These are never required and often introduce threats. Leave these boxes unchecked.
Be cautious where you're logging in from
Business
Your place of work can install key loggers or use other methods of monitoring the computer while online. Someone who has access to this information could read these logs and gather usernames and passwords. Also, do not store any passwords in your browser if your computer is shared with other co-workers.
Wireless network
When on a wireless network, realize that all information sent to and from your computer can be intercepted and read by someone nearby. Prevent this from happening by only logging onto a secure network using WEP (Wired Equivalent Privacy) or WPA (Wi-Fi Protected Access) (only use WEP if WPA is not available). If this is a home wireless network, make sure it is secure.
Friend's house
Be concerned when logging in to an account on a friend's computer. A computer or network you are not familiar with could intentionally or unintentionally log usernames and passwords. Finally, when logging into any site on a friend's computer, never save the password information on their browser.
Use an alternative browser
Older versions of Internet Explorer are notoriously insecure. If you are using Internet Explorer as your browser, consider an alternative browser such as Google Chrome or Mozilla Firefox. If you are running Windows 10 and want to continue to use a Microsoft browser, consider using Microsoft Edge instead of Internet Explorer.
Always think before you share something
Social networking sites like Facebook are a great place to connect with friends and family online. However, it is also very easy for people to over share personal information about themselves or others. Before sharing something on a social network or any place on the Internet, make sure it is something you wouldn't mind if everyone saw. Everything you share on the Internet should be thought of as public because it is possible for something you believe is shared privately to be leaked out publicly. If you're thinking about sharing something you think could offend someone or embarrass you, maybe consider not putting it on the Internet.
Be aware of those around you
While at work, school, library, or any public area with people around you that could look at your screen, be cautious of anyone shoulder surfing. Someone could watch you type in your password, which would give them access to your account.
If you need information displayed on the screen to remain private, consider a privacy filter for the display.
Watch out for fake support and fake products
When dealing with technical support or help with your computer make sure you're dealing with a legitimate company and not fake tech support. Also, when looking for security protection services, make sure you're downloading and installing legitimate software and not a fake antivirus.
Update Internet browser plugins
Often many attackers find security vulnerabilities through browser plugins, such as Adobe Flash. Make sure all installed Internet plug-ins are up-to-date.
Secure saved passwords
Make sure to store passwords and login information in a secure area. Never write login information on a sticky note or in a text file that is not encrypted.
To save your passwords, we recommend using a password manager, which stores all login information and securely encrypts and password protects that information.
When saving password information in a browser, it may be visible to anyone who has access to your Internet browser. For example, without a master password setup in Firefox, anyone can see all stored passwords.
Protect yourself against malware, spyware, and viruses
Protect your computer from viruses by installing an antivirus program onto the computer. If you do not want to install antivirus protection and your computer is running a newer version of Windows, at least have Windows Defender running on the computer. Also, having a malware protection program, such as Malwarebytes, is also a good method of protecting your computer against malware and spyware.
Make backups of important data
There is no such thing as 100% computer security, which is why it's also important to make backups of important data. If something happened to your computer while it was on the Internet, having a backup prevents lost data.
Protect sensitive information in your home and office
Be cautious of sensitive information you may have around your computer and who might see that information. For example, if a cleaner cleans around your computer and they see a note containing your password and username, they could use that information.
Also, if you work in an area where others can see and use your computer, make sure to lock your computer any time you step away. A co-worker could access or see sensitive information and have complete control of an unlocked computer while you're away on a lunch or bathroom break.
Verify the checksum of downloaded files
If you've downloaded a program from a website that also lists a file checksum, make sure the checksum matches the file that you've downloaded. Verifying the checksum of a downloaded program helps confirm that the program you are installing is what you want to install.
Don't always trust what you read online
Realize that it's possible for anyone to create a website on the Internet and that someone may only be creating a site for malicious intentions. For example, a website could be created to help spread fear, lies, or malware.
Fake information and stories are also often spread through e-mail, e.g., through chainmail.