How to stay safe and secure online
With how interconnected the world is today. There are some standard things that you should be doing to maintain a reasonable level of internet security. All the recommended solutions are free.
Https Traffic
HTTPS stands for Hyper-Text Transfer Protocol Secure. What this basically means is that 3rd parties can’t see the data between you and the website you are visiting. Without this HTTPS displayed via a Green padlock on your web browser, anyone can see the data you are sending between sites such as usernames and passwords so it’s paramount that’s it’s enabled. It should be the default, but there are some sites that don’t enforce it. I would recommend downloading a Plugin called HTTPS Everywhere, this will ensure that your traffic is always secure.
DNS Over HTTPS
DNS stands for Domain Name Server. When you type into the web browser www.google.co.uk a computer doesn’t know what that means or where to route your web traffic. So before you go to google.co.uk, it first sends a request to the DNS server to which return an address, which the computer can understand e.g. 142.250.31.94 try typing that into your browser and you will find that you go to google.com.
By default, DNS requests aren’t encrypted so even if you’re using HTTPS to secure to the data between you and the website such as Google, a 3rd part can still see that you are visiting the google.co.uk. Another example would be that if you’re reading the news on bbc.co.uk a 3rd party knows that you are visiting BBC but so long as you’re using HTTPs they can’t see what new articles you are reading.
Additional Information
When internet companies introduced adult content filters and Web blockers they are based on DNS request this only works because the request by default is not encrypted. They then just check if the website is on a block list and if it’s on the list then they will return a DNS error. Additionally, some DNS providers sell data about your Internet activity or use it to target you with ads.
Currently, the best option for DNS over HTTPS is the CloudFlare solution. I would read their guide here it’s very good. https://1.1.1.1/dns/ you check if it’s worked here https://1.1.1.1/help. For IOS and Android download an app called 1.1.1.1. This will magically do it all for you.
Two-factor Authentication (2FA)
2FA can be considered a second layer of protection for your account. You can enable Two Factor Authentication for most accounts these days. It’s a text to your phone to basically to prove that the owner is the person typing in the password and someone who has stolen the password.
With two-factor authentication, only you can access your account on a trusted device or the web. When you want to sign in to a new device for the first time, you’ll need to provide two pieces of information — your password and the six-digit verification code that’s automatically displayed on your trusted devices or sent to your phone number. By entering the code, you’re verifying that you trust the new device. For example, if you have an iPhone and are signing into your account for the first time on a newly purchased Mac, you’ll be prompted to enter your password and the verification code that’s automatically displayed on your iPhone. — Apple.com
It’s highly recommended to always enable two-factor authentication of your email address, if someone get access to your email address they can do a lot of damage, such as reset your account password for a lot of accounts and more.
Get the Google Authenticator app to your phone or just add your phone for 2FA to every account you have. Here some tutorial for some common platforms:
https://support.apple.com/en-gb/HT204915
https://www.google.com/landing/2step/#tab=why-you-need-it
https://en-gb.facebook.com/help/148233965247823
https://support.microsoft.com/en-us/help/12408/microsoft-account-how- to-use-two-step-verification
Password Manager
There are so many accounts these days it’s very hard to keep track of passwords. This results in people reusing passwords, having very weak passwords, or even writing them down on paper. If a website has a data breach then potentially your username, email, and password could be leaked, if this were to happen all websites and accounts that share this email and password are also compromised. To prevent this you should use a password manager with a strong password and I mean strong. This could for example LaptopCha1rdog$WinterIsComing something strong but something that you can remember this is best done via a sentence of words which far easier to remember than *&FE!X7w93zN7YjC. I use a password manager called Lastpass it comes via a mobile app, Google Chrome extension, and desktop app. It will auto-fill your username and password into sites so you don’t even need to handle the secure data anymore.
For more information see here → https://www.ncsc.gov.uk/blog-post/what- does-ncsc-think-password-managers
Firewalls and Port forwarding
A firewall is a software utility or hardware device that acts as a filter for data entering or leaving a network or computer. You could think of a firewall as a security guard that decides who enters or exits a building. A firewall works by blocking or restricting network ports. Firewalls are commonly used to help prevent unauthorised access to both company and home networks.
Software firewalls are designed to protect a computer by blocking certain programs from sending and receiving information from a local network or the Internet. By default, most programs are blocked by the firewall but can be excluded through the firewall settings. — ComputerHope
TLDR: Enable it if not already!
Mac: https://support.apple.com/en-gb/HT201642Window Defender: https://docs.microsoft.com/en-us/mem/intune/user- help/turn-on-defender-windows
Only install software and Apps
Only install apps and software that are from official stores i.e Apple, Google, and Windows Store. Otherwise only download from trusted sources so for PC gaming this would be Steam, GOG, Origin etc. Most applications are web-based these days so this isn’t much of a problem than it used to be.
Phishing Emails
Phishing is a type of online scam where criminals send an email that appears to be from a legitimate company and ask you to provide sensitive information. A quick way to filter to most of these is a have a good Junk Box filter on your email most of the big companies such as Microsoft and Google will do this for you. However, from time to time a phishing email will get through, see the following steps for some good tips.
- Check the domain name from the sender's email address. Look at these two email addresses both claiming to from Amazon customer services: customer-service@amazon.co.uk or customer-service@amazon- help.co.uk. If we look at the latter we can see that the domain name isn’t correct. FYI the domain is the text after the “@” symbol.
- If you think it doesn’t look right don’t click anything forward it towards report@phishing.gov.uk. (UK)
- Click the Junk button or if you can’t find that just delete it.
Password Breaches
When a website gets hacked sometimes information is leaked this information can contain usernames, password, names, emails, address, bank information, etc. If a company is beached they are required by law to tell you this part of your rights as part of GDPR(https://ico.org.uk/for-organisations/guide-to- data-protection/guide-to-the-general-data-protection-regulation- gdpr/personal-data-breaches/#:~:text=If you are a UK,Trust Services). However, if the company is bigger enough you will normally see it on the news or online. A company should always encrypt Its information about Its customers. However, there are cases where this has not been the case. In any case, you should change your password and if you have not already enabled two-factor authentication. I would also monitor your bank transactions and report anything that you do not recognise.
You can check if your email has been involved in a data breach using a website called
https://haveibeenpwned.comYou can also get an email alert if your email has been breached https://haveibeenpwned.com/notifyme
Disk Encryption
Everyone should be running full disk encryption on their laptops. Encrypting your disk will protect you and your data in case your laptop falls into the wrong hands, whether it’s because you accidentally left it somewhere, your home or office was burglarized.
Disk encryption on Mac: https://support.apple.com/en-us/HT204837Disk encryption on Windows: https://support.microsoft.com/en- gb/help/4028713/windows-10-turn-on-device-encryption
VPN’s
VPN’s or Virtual private network extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. You can read more here? I would recommend Namecheap VPN if you are going to use a VPN. I will create another post on VPNs.
If you need VPN you can use my link to get discount of year membership to make it only £8.65 so that’s only £0.72 per month. Here -> https://bit.ly/32XGnQ2
VPN’s normally cost money! You should not use a free VPN, if they are free they will possibly spam you with ads or even sell your browsing data to advertising companies, they need to be funded somehow. So if are going to use one then research it’s funding model.
Summary
Hopefully, this should give some base for great IT and Internet security, and hopefully, you have learned something. There are things I’ve missed out either because they cost money or aren’t required for the average user.