Get Cheaper Online Prices, Increase Your Security and Watch Live Sports, Movies and TV Shows Anytime, Anywhere.
What is a VPN?
The convenience of the Internet has come at the expense of our online privacy. Search engines, governments, ISPs, websites, social media apps, advertising agencies and cyber criminals all monitor everything we do online. They track which websites we visit, how long we spend on them, the content we watch, what we search for, the devices we use, our geographic location, etc. In fact if you live in the United States, it is perfectly legal for your internet service provider (ISP) to harvest your data and sell this information to the highest bidder without your knowledge or consent.
How does a VPN work?
A VPN makes you anonymous online by masking your IP address, making your online activities untraceable. It does this by creating a tunnel between your device and the VPN server. The data transferred via the tunnel is encrypted to keep it completely private and prevent it from being intercepted.
You’ll appear to be browsing from the location of the actual VPN server that you connect to at any point in time rather than your actual location, because you’ll assume the IP address of which ever VPN server you’re connected to.
There are a number of compelling reasons why you should use a VPN and we’ve rounded up 17 of the best ones in this article.
1. Take control of your digital life.
VPNs are the most powerful tools for ensuring your anonymity, security and privacy whenever you browse the internet. They protect your online privacy by completely changing your IP address to that of the VPN server so that you’re totally anonymous when you’re online.
This means your location, browsing history, habits and online behavior are completely shielded from being tracked by anyone online including search engines, internet service providers, websites, social media apps, advertising agencies and cybercriminals.
2. Get cheaper online prices.
Websites and services do not treat all visitors the same. What part of the world you’re browsing from plays a very big role in how much you pay for a product or service. When you’re shopping online from more affluent countries, cities or even postal codes and zip codes, prices can be drastically more expensive.
For example, you’ll pay significantly less if you’re trying to buy some cloud storage if you’re shopping online from India than if you are shopping from the United States. In fact, ExpressVPN recently did a study where they found out that if you buy an airplane ticket, the price of exactly the same flight or exactly the same number of people from exactly the same airport is different depending on which country you actually connect from when you try to buy those tickets.
You can also get a cheaper hotel depending on where you’re booking from. Some sites have even been found to charge users more based on whether they’re using a Mac or a PC. With a VPN, you can connect to VPN servers in Mexico, Brazil or India and get access to the best international rates. This means you can actually save money by using your VPN to find better deals while also protecting yourself online.
3. Bypass geo-restricted websites.
How many times have you gone to watch a YouTube video and it says it’s “not available in your country?” And streaming subscription services like Netflix do not broadcast certain shows outside of the U.S. For example, there are nearly 4,000 movie titles available for viewing in the U.S. But in Europe, subscribers have access to roughly 2,500 titles.
With the right VPN, you’ll be able to bypass these types of blocks to access restricted content from popular streaming services like Netflix, Hulu, or HBO GO from any location in the world. In addition, if you’re in the US or anywhere else in the world, you’ll be able to watch shows that are exclusively available on catalogs of the UK, Canada or anywhere else.
If you’re an avid sports fan, a VPN allows you to get access to live streaming sports including Formula 1, NBA, La Liga, English premier league, European Champions League, etc. Your VPN allows you to bypass regional blocks by assigning an IP address of a region where streaming of your favorite sporting events is not blocked.
Note however, that not all VPNs work with Netflix because the streaming service’s tough geoblocks stop many VPNs from accessing the service. But a small group of VPNs developed workaround technology for most streaming services including Netflix and BT.
4. Safely connect to public Wi-Fi hotspots.
Free, public Wi-Fi is very popular with the public and can be found in popular public places like malls, hotel lobbies, coffee shops, trains, etc. They allow you to get access to the internet for free. And according to a recent survey, 82% of users say they connect to any free Wi-Fi that’s available in a public place. The trouble is, these Wi-Fi hotspots are always unsecured connections and are fraught with hazards. According to the Norton Cybersecurity Insights Report, public Wi-Fi is a hacker’s playground for stealing personal information and other sensitive data.
Risks of public Wi-Fi include:
Man in the Middle (MitM) attacks
Snooping and sniffing
The great news is that a VPN with a modern encryption protocol will help protect you and your precious data from all of these types of cyberattacks.
5. Better online gaming.
At first glance, using a VPN to play video games might not make a lot of sense, but there are actually some benefits. First of all, the anonymity means you can keep your financial information safe and secure. Furthermore, lot of gaming content on the internet is geo-restricted, which means they are only available to specific countries or regions.
For example, a Brit can bypass geoblocking and access a UK-based game whilst travelling overseas, even in a country or region where the game is not available. And if a game is released in a country like the US but not yet in Europe, you can set your server location to the US, purchase and play before anyone else can.
6. Escape data-throttling.
Your ISP can slow down your internet connection at peak times or after you’ve used a certain amount of your data. They do this to save money. Limiting speeds allows ISPs to serve more customers without having to increase their network capacity. When your data is throttled, you might notice videos streaming in lower resolution, slow file downloads or excessive lag while gaming.
Commonly throttled websites and traffic types:
HD video: YouTube, Hulu, Twitch, Nexflix
Gaming: Fortnite, World of Warcraft, League of Legends
File sharing: Usenet, BitTorrent
Detecting data throttling is not easy to detect because it occurs at the protocol level. The best way to tell if your ISP is throttling your data is with an Internet Health Test.
Using a VPN can prevent your ISP from throttling your data by encrypting your web traffic. Because your ISP cannot see what services, websites and protocols you’re using, they will be unable to trottle your data.
7. Bypass Internet censorship in China.
Some countries like China restricts locally accessible internet content in one form or another. If you’re planning to visit countries like China or Hong Kong for business or pleasure, it is crucial to get a VPN before you travel. China blocks access to Google, Facebook, Instagram, YouTube and many other popular websites. If you find yourself in a country that censors the internet, you will also be subject to this online censorship. A VPN is an invaluable tool that allows you to access anything on the internet as if you were browsing the web from London or Los Angeles.
However, note that not all VPNs have been able to get around the great China firewall to overcome these censorship and restrictions.
9. Secure messaging.
The potential exists for email messages sent using services like WhatsApp, Skype, and Snapchat to be interpreted and read. With the inherent encryption which offers a higher level of security, a VPN is the best option to transmit messages safely and securely.
10. Avoid malicious DDoS attacks.
According to the Q2 2018 Threat Report, the number of distributed denial-of-service (DDoS) attacks increased in size by 500%. Once a cybercriminal has your IP address, they can DDoS it, making your home connection unstable. However, you can mitigate that risk with a VPN. A VPN shields your IP address by routing your data traffic through remote servers. This protects your internet connection from being a target of a DDoS attack.
11. Download information from the internet safely and anonymously.
A VPN secures the connection between your computer and the internet by creating an encrypted virtual tunnel through which all of your data traffic is sent. This allows you to download information from the internet safely and anonymously.
12. Avoid bandwidth-throttling.
Similar to data throttling, bandwidth throttling occurs when your ISP delibrately slows down your internet connection. Your ISP monitors what sites you visit, and depending on what they see, they might decide to throttle your connection. For example, if you spend a lot ot time on constant 4K streaming or gaming, they limit how much high-speed data you can use per month. So you might notice sluggish speeds towards the end of the month. This can be be very frustrating, especially when you’re live streaming a football match or movie. A VPN hides your online activity from your ISP by encrypting your traffic and therefore, preventing throttling. You can find out if you’re being throttled by running a speed test before and after activating your VPN.
13. Protect your data.
Many times, governments can request your browsing history and other data from your ISP and use the listed IP addresses to track your location. But with a VPN, their information only reaches the VPN server. They cannot track you back to your original IP address. You can also use a VPNs to hide your browsing activity from your internet service providers. In 2017, the US congress made it legal for ISPs to be able to sell the browsing activity of US residents to advertisers without their knowledge or permission.
14. Avoid cybercrime.
The extent of modern online crime means that you have to be wary and alert at every turn. Furthermore, without a VPN, every time you browse the internet, you are vulnerable to hackers, phishing attacks, malware, spyware and other dangerous online threats. Using a VPN service offers an extra layer of protection for your confidential information, financial transactions, etc. Furthermore, it is important to keep in mind that not all VPNs offer reliable protocols, such as OpenVPN or IKEv2/IPsec, or have extra security options like malware or botnet blocking.
15. Enables businesses to share sensitive data online.
A VPN uses strong encryption protocols, which makes it an ideal tool for entrepreneurs to communicate and share sensitive data about their business over the internet. A VPN keeps the data confidential and safe from all prying eyes including cybercriminals, internet service providers and advertising agencies.
16. Stop Google and Facebook tracking
Google have admitted that they store your details – your searches, clicked ads, watched videos, and several other confidential data about you. According to Google, this is done to enhance your search experience. A team of researchers from Microsoft, the University of Pennsylvania, and Carnegie Mellon also revealed a study showing that Google and Facebook keep tabs on your porn viewing habits with trackers and using incognito mode or private browsing does not stop this. The best way to stop this is with a VPN.
17. Enable VoIP
VoIP stands for Voice over Internet Protocol. It is a technology that allows users to talk to anyone, anywhere in the world securely and at a cheaper cost than traditional phone services. Unfortunately, VoIP services in certain countries were restricted or blocked due to government vested interests in telecom services. However, a VoIP VPN allows you to use VOIP by changing your IP address and encrypting your internet traffic. This allows you to unblock VoIP apps without being tracked.
Disadvantages of Using VPN Services
1. Using a VPN might be illegal in your country.
Some countries actually have actually blocked VPNs and other countries that do not have the technology to block VPNs have outlawed VPN services that are not registered in the country.
2. When you connect to a VPN, your internet connection may slow down.
For example, you may be sending your traffic deliberately in the opposite direction to where the services that you need reside. For example, if I’m in Australia, and perhaps I make a connection to a VPN in India, and then I try to access a website that is in Europe, it is going to be slower because it means I have to send the data halfway across the world again to get to that server.
Your password is your first line of defence when it comes to securing your accounts for the various websites, apps and services that you use. Many victims of cybercrime have had their lifetime savings stolen, spent hours registering for new accounts, and their credit destroyed, all because of weak passwords.
According to the 2019 Verizon Data Breach Investigations report, 80 percent of data breaches are caused by compromised, weak, and reused passwords. Don’t let this happen to you. It is really important to start taking your online security more seriously than ever because the amount and sophistication of hacking activity has been steadily increasing for years and is now atrecord levels.
Your password is the key to your digital world. It authenticates your identity. In fact, your password is often the only thing protecting you from cybercriminals. But if you’re like most people, you probably don’t treat passwords all that seriously. And to some degree, that’s understandable because most people don’t regard themselves as potential targets of cybercrime.
There is a hacker attack every 39 seconds (Source: Security magazine)
Cybercrime is more profitable than the global illegal drug trade. (Source: Cybersecurity Ventures)
Hackers steal 75 records every second. (Source: Breach Level Index)
You can purchase a consumer account for $1 on the dark market. (Source: RSA)
80% of hackers say “humans are the most responsible for security breaches”.(Source: Thycotic.com)
Hackers are the average American’s biggest fear. (Source: Statista)
More than 6,000 online criminal marketplaces sell ransomware products and services. (Source: McAfee)
There will be 3.5 million cybersecurity job openings in 2021. (Source: Cybersecurityventures)
Bank transfer scams costs customers £1 million a day. (Source: DailyMail.co.uk)
The most powerful and secure passwords will protect your online accounts from attacks and ward off attacks, but they don’t have to be difficult to remember.
Read on to learn how to create passwords for your online accounts that are not only extremely secure , but are also easy to remember…
How Hackers Crack Passwords
There are two main methods that attackers generally use to try to crack passwords:
1. Brute force attack
An effective password is not simply about using an uncommon word or phrase. Even if your password is hard to guess, it may be susceptible to what is known as a brute force attack. A brute force attack is where an attacker uses a special computer program to try every combination of symbols, numbers, and letters to systematically guess your login info.
Many people have this image in their head of a hacker sitting at sitting in front of a laptop, guessing passwords. That’s not quite how it works. Hackers have several password-cracking strategies at their disposal. One of them is to use automation software that can crunch hundreds of billions of numbers per second. Unfortunately, sites like Facebook don’t have a login trial limit. This means an attacker can try multiple password combinations as many times as they like to try to get into your account.
Generally, any password under 12 characters is vulnerable to being cracked. With this strategy, the hacker simply automates their specialized computer program to guess millions of different users’ passwords every second until they find the correct login credentials. With these tools, hackers are generally able to guess passwords at the rate of350 billion guesses a second!
2. Dictionary attack
With a dictionary attack, the hacker tries an ordered list of words such as you would find in a dictionary. This means if your password is an ordinary word that can be found in a dictionary, it can be cracked with ease.
Here are the top 25 most commonly used passwords primarily from North American and Western European users in 2020. Each of these passwords can be cracked in seconds. The most popular password in 2019 was 12345, followed by 123456, and 123456789.
NordPass recently released the top 200 passwords in 2020, and 73 percent of those are incredibly easy to guess. Click through to see if you can recognize your password in the list.
As we have learned, the shorter and more common a password, the easier it will be for the password to be cracked using brute force attacks. Ideally, your password should be a long, random string of letters, numbers and special characters that means absolutely nothing and is impossible to guess. However, the problem is that unless you have a photographic memory, remembering such a password is going to be problematic for a single account, to say the least. And when you have to do this for multiple accounts, you can see why this would be completely impossible.
Fortunately, there are certain techniques you can use to create an uncrackable password that will be easy for you to remember. Follow these handy tips, and you won’t have to worry about losing the key to your online personal kingdom.
The Passphrase Method
A passphrase is a random collection of common words combined together into a phrase. It is generally longer than a traditional password, but is easy to remember and yet far harder to crack even with brute force attacks. As we’ve already learned, increasing the number of characters in a password makes that password much harder to crack. A traditional password is typically 8 – 16 characters in length, while a passphrase can be as long as 100 characters.
Consequently, using a long passphrase instead of a traditional password is one of the simplest, most powerful and most effective ways to create a strong and complex password and protect your confidential information online.
The Bruce Schneier Method
This is also known as the sentence method. To create your passphrase using this technique, start by picking a long, random phrase from pop culture such as the favourite lyrics from a song or a favourite line from a movie or book. The idea is to come up with a random sentence and transform it into a powerful password using a rule such as using the first character of the phrase to create your passphrase.
For example, if your favourite song is Blame it on the boogie by The Jacksons, your passphrase could be:
“MY FAVOURITE SONG IS BLAME IT ON THE BOOGIE BY THE JACKSONS.” “IT WAS RELEASED IN 1978.” Based on the sentence technique, this is what your password could look like:
As you can see, this is a long and complex password that doesn’t make sense to anyone but you. Keep in mind that the quotes and periods are all part of the password itself. You can easily memorize it, and you don’t even have to write it down.
When you create a new password, get into the habit of checking how secure it is by using the website, how secure is my password. For example it will take 25 “septillion years” to crack the above password.
This means it will take millions of years to crack this password which makes it uncrackable, but yet very easy for you to remember.
How can I create a unique password for each website?
It will be challenging and time consuming to create a unique passphrase for each online account, especially if you have over 100 accounts like the average user. However, you can fix this problem simply be creating a master password based on a passphrase and then add the name of each website to the end of your password.
So, if your password is “MFSIBIOTBBTJ.” “IWRI1978.”, your Facebook password could be “MFSIBIOTBBTJ.” “IWRI1978.”Facebook. Your Barclays account password could be “MFSIBIOTBBTJ.” “IWRI1978.”Barclays, and so on. This ensures that you have a unique and complex password for each online account, based on a single master password.
Using a Password Manager
Another quick and easy way of ensuring that you have a unique and complex password for each online account is by using a password manager. A password manager is a software application that generates secure passwords for you and then stores them in a secure, encrypted database known as a vault. Then, as you visit your favourite websites, you can retrieve those passwords with the option of having them auto filled in your browser. So, you get all of the benefits of secure and complex passwords without actually having to remember any of them.
The Master Password
When you sign up to use a password manager, you will be prompted to create a master password. This is the only password you will have to remember. The master password protects all of your passwords, so it is crucial that you come up with a long and complex password that is based on the above technique.
It was a mixture of an embarrassing and scary fiasco late last year (2020) when one of the “Big 6” tech giants (Google) major networks shut down for the better part of an hour. Users connected through the Google Homes, Cloud service, navigation services, Email, Streaming services, and some others were OFF grid for the better part of an hour. While official reports claimed it was an internecine problem, external reports claimed otherwise.
However, the truth remains that we have come to that stage in our society’s development, where we must no longer be careless with simple data like SIN, Driver’s license, and other personal information.
The internet is undeniably one of the best things ever to happen to our world as far as globalization and development are concerned. But this has not prevented it from becoming one of the most effective, catastrophic, and advanced tools for unscrupulous people. Even as you read this, bots are crawling about the internet looking for weaker systems to infiltrate.
There is no way to sugarcoat this; it will be highly irresponsible and lethargic for any individual, firm or organization to be oblivious to their security on the internet space. With the massive rise in remote working (a result of the global pandemic), more internet-related issues have continued to come up, and it doesn’t seem to be retrogressing anytime soon.
A lot of people neglect taking steps to protect themselves because they think, “why would anyone want to hack me?” Well, for starters, if you have any money to your name, there are plenty of cybercriminals that would very happy to relieve you of that money. But beyond that, they could also steal your identity to open new bank accounts, run up charges on your credit card, get a passport in your name, use your health insurance, and a variety of other things that are undesirable to say the least.
And even if hackers didn’t manage to get hold of your most sensitive information, for example, if they just managed to get into your social media accounts, they can still exploit your reputation and take advantage of the people who know you.
So the bottom line is, you don’t have to be a celebrity, you don’t have to be rich. If you use the internet frequently, you are already a target. That’s why a basic understanding of cyber security is essential for anyone living and working in the modern world.
The FBI Criminal Center (IC3) reports that there is a growing increase in cybercrime complaints per day. It now stands at over 900 per day, and I say it could be quadruple that amount because many don’t even know they are being hacked. Also, the United States Federal Trade Commission (FTC) reported that consumers lost a whopping $134 million in the first six months of 2020, a mammoth increase from the $117 million in the whole of 2019.
You may continue to look at these as “statistics” until you or someone close to you is affected (which is not always pretty). This and others listed here are other reasons why a basic knowledge of internet security is important.
1. Helps you take more pro-active steps
If you are on a visit to a country and the official “country guide” says extreme temperatures all-time in a region. Surely, you will want to stock on your deep, thick wool and fur cloaks. Or the guide says lots of pick-pockets in that region; you will always keep your eyes on your valuables. It is the same with having a basic knowledge of cybersecurity.
It will make it easier for you to detect, suspect and manage any form of internet attacks on your resources, data, or portfolio.
2. Keeps your network security “healthy”
Just like how we hear of “spam”, internet bots are worse, they can be sent to your network systems to overwhelm and crash the system’s security. Many big tech companies create specific lines of codes to trace and rebuff bots on their networks. Also, internet bots can make the entire system lag and inconvenient for users.
Without a basic knowledge of internet security, it will be hard to understand the impacts of bots.
3. Save yourself the banal “Hey, you have got the wrong person”
Remember the Bitcoin scandal on Twitter? Where accounts impersonating top billionaires swindled people of their crypto coins?
Personal data theft has become the fastest thriving evils on the internet. It has become a lot easier to steal a person’s data as it was 100 years ago. Asides from creating faux accounts, many even go as far as hacking the individual’s social media accounts.
Losing your data is even more painful because it can badly sever trust, business/Family ties, complicate existing issues, and worse still, the wrong person ends up at the receiving end.
4. Helps you guard your resources
There is an estimated £1 million scam in bank transfers each day. And this is mostly a matter of pure naivety and ignorance on the part of the victim.
No “prince” from anywhere in the world needs your money for anything of sorts, and not a “marine sergeant”. Funny and scary is the fact that people still fall for these scam techniques. A basic understanding of how internet security works will help you understand the different tricks these people play to alter the location, IDs, voice, images, videos, and other elements.
5. Lots of business are now done remotely
Now more than ever, we need to be more vigilant of our actions on the internet. The debilitating effect of the COVID-19 pandemic has led to many jobs now done remotely and ironically using the internet.
Data and information transfers, especially sensitive ones, must be encrypted and protected by all means. Transfer of other resources, money, and other aids in the business must be protected, and completed under a secure network. Simple internet protocols should be taught to staff and other employees in the business.
6. Cybercrime is a menace for everyone
Most people erroneously conclude that internet fraudsters and hackers target big companies. The fact is that their crude and brutal means for their nefarious acts are more dangerous to smaller, small-budget networks.
Individuals, Organizations, and the government all suffer from internet breaches and attempts on their networks. It makes it expedient for everyone to get a basic knowledge of internet security.
7. Know that every info on the internet is useful to hackers
Your failed login passwords, personal addresses on your account, images, social media stories, and other things, that you consider mundane can be used to hurt or attack you even physically. It is why most sites block their user’s data, save for the name.
There have been lots of cases where people were traced, hunted, or harmed through their online data.
In this time of massive globalization, ignorance will only drag you farther. What you refuse to learn today might hunt your investments tomorrow.
One funny thing about cybercrime is that it is that the effects are always exponential compared to the prevention of such acts. It is the swiftest means to con a person or organization, and it is usually untraceable.
You do not need to be a Manhattan Beach resident or a Silicon Valley CEO to protect yourself on the internet. It is relevant for everyone.
There are real threats to your privacy online, especially if you use the internet on a frequent basis. Whenever you browse the web, you leave a digital footprint that helps third parties keep track of what you do online. You are at risk of being tracked by your ISP, who has access to everything you send, websites, three-letter government agencies, digital advertising agencies, attackers, search engines, etc. The United States’ government usage of the PRISM program which allegedly tracks over 1 million internet users in the United States took a lot of Americans by surprise.
Read on to learn about the different ways you are tracked whenever you use the internet. We’re also going to look at a number of sites and browser extensions that you can use to find out exactly who might be tracking you online and how you can maintain your privacy and security whenever you’re surfing the web.
The number one spot on this list is obviously going to be your social media accounts. Social media tracking is perhaps one of the most treasured methods utilized by advertisers and attackers. This is because through social media, we tend to provide a very detailed profile of our user habits, our likes, our hobbies and a lot more. It can be described as a gold mine of hyper-targeted information just waiting to be tapped by third parties, especially advertisers.
When you post a photo online, send a tweet or participate in a discussion on a social network, it is important to keep in mind that you’re sharing a lot more than you might think. Obviously you’re sharing the things that are in your post – photos, videos, your username – but there’s also other data that gets shared.
A post on a social network might also include:
Your location at the time you submitted the post.
Links to your social media profile.
Personal details such as contact info, birthday or gender.
Links to your friends and people you have connected with.
What time you submitted the post.
Identified locations from a photo or video.
Be extremely cautious when using social media. Take a closer look at your social media connections and don’t accepts invites from people you don’t know.
Most search engines have the ability to track every search you perform online. For example, Google attempts to track whaever you do online, such as the sites you visit, who you communicate with and what you might currently be in the market for. When you use Google and its affiliated services, information about you including the keywords you search for is compiled and stored in the form of a user profile. All of this data becomes part of your search history and online profile with Google.
If you are concerned about your privacy being infringed upon in this manner, you can opt to use a private search engine that maintains your privacy and delivers good search results. Note however, that these search engines may not offer the same level of sophistication or search results that Google offers. What they offer however, is privacy.
Here are the best private search engines:
Duck Duck Go is a very popular US-based search engine. According to their terms and conditions, the service never ties saved searches to individual users, although it does use your IP address to serve local search results.
Metager is a German metasearch engine, that provides search results in English, German and Spanish. The service has it’s own web crawlers and indexers, but also gets its results from up to 50 search engines, including Yahoo and Bing.
Qwant is metasearchengie that primarily uses and presents Bing’s search results to users. It is based in France and delivers search results in a variety of languages including English, French and Italian. According to their terms and conditions, this search engine doesn’t track you or your computing device, and promises not to record anything about your search history.
Device fingerprinting is a creepy, privacy-invasive practice that is used to identify and track you online. It works by combining various characteristics of a computing device to identify a computer as a unique device. This includes the device’s IP address, screen resolution, operating system, computer settings, software, web browser preferences, and other similar things. This process is used to create a digital portrait of you. This information is used to pinpoint you and follow you as you browse the web and use apps. Once enough device characteristics are learned, the data can be compiled into a profile that helps identify you in the same way that a fingerprint would.
Digital fingerprinting can provide a more consistent way of tracking people online, and there is not really a way to stop companies from using this technique to track you on the web.
Cookiers are the best-known tools for identifiying and tracking users online. A cookie is a small piece of information that websites place in your browser whenever you navigate to a website. This cookie allows the website to keep track of your visit details and store your preferences.
There are several advantages of using cookies. For example, when you sign in to a particular website, the cookie remembers your login details so that you don’t have to keep typing in the same details when you visit that same site again. This increases the speed with which you visit that same website again. But this is also how companies are able to see what items you are viewing when shopping online, what articles you’re reading, or what you’re researching on any particular day
But cookies can also track your browsing activities across various website. By knowing what pages a user visits, it can tailor the user’s experience for that website.
Third party cookies
What can be really deceitful are third-party cookies. While they can have legitimate uses, third party cookies are often used by advertising networks to track you across multiple websites, even if you are using a VPN to cover your tracks. Most websites use third-party advertising or tracking scripts. If two different websites are using the same advertising or tracking network, they can track and link your browsing history across both sites. However, Chrome give you the option of blocking cookies.
A very special type of cookie is called the super cookie and an example of such is the ‘evercookie’. As the name suggests, this particular cookie is ever present in your computer no matter what you do to try to get rid of it. It is able to achieve this because unlike regular cookies that are stored in one location, the evercookie stores cookie data in several places – for example, in Flash cookies, your browsing history, and HTML5 local storage.
A very clever tracking method the evercookie employs is to assign a unique color value to a few pixels every time a new user visits a website. The different colors are stored in each user’s browser cache and can be loaded back. The color value of the pixels is a unique identifier that identifies the user.
When a website notices that you’ve deleted part of the super cookie, the information is repopulated from the other location. For example, you might clear your browser cookies but not your Flash cookies, so the website will copy the value of the Flash cookie to your browser cookies. Super cookies are very resilient.
DNS leaks can occur when a VPN or a DNS is not configured correctly and when your device gets compromised by hackers. These leaks can breach your privacy by exposing what you do online. The best way to avoid DNS leaks is to use a VPN that provides you with their own DNS addresses.
Now the apps you install on your phone can be used to profile you on social media sites such as Twitter. Also the apps you’ve downloaded may be tracking your location without your knowledge by using your phone’s GPs. This is why it’s important to keep tabs on which apps have access to such sensitive information.
Panopticlick analyzes your current browser setup, including add-ons and extensions, to find out just how many trackers are tracing your browser session. To use Panopticlick, hit the giant orange “Test Me” button and wait for the analysis to complete. Depending on your list of add-ons and extensions, you’re going to experience different levels of tracking.
Am I Unique? is a tracker analyzer with a focus on the unique fingerprint your browser broadcasts. Navigate to the Am I Unique site and click on the View My Browser Fingerprint button. Wait for the analysis to complete, then check your results.
Tools That Make You Harder to Track
1. VPN (Virtual Private Network)
If you use a VPN, your IP address is changed and your online activity is encrypted, so you cannot be tracked. Some internet service providers (ISPs) or websites may be aware that you’re using a VPN, but they will not be able to see or monitor your actual online activity. A VPN minimizes your chances of being tracked online. It does a powerful job of protecting users from things like digital spying, online tracking, data collection, invasive advertising, and cybercriminals.
Disconnect blocks over 2,000 individual trackers from following you around the internet. According to Disconnect, by blocking such a large amount of trackers, websites actually load up 27 percent faster. Disconnect is currently available for Chrome, Firefox, Safari, and Opera. Once you install Disconnect, head to a website, and open the extension. The drop-down panel shows you the entire range of trackers currently logging your browser session.
3. Adjust your privacy settings on social media.
Stay in control of your social media by choosing what things you share, and who gets to see them. By managing your privacy settings, you can choose what gets shared, where and with whom. The Office of the eSafety Commissioner provides list of all games, apps and social networks, including necessary information about how you can control your privacy settings and report abuse on each of the services. You can learn more about controlling your Facebook privacy settings from the Office of the eSafety Commissioner Facebook eSafety information page.
4. Use Piriform to delete certain aspects of your digital footprint.
Using this powerful tool will erase all cached data to help you avoid being tracked online.
5. Use an adblocker and a secure browser.
You can increase your privacy by using an ad blocker such as Privacy Badger, along with a privacy-respecting brower. These powerful tools will make a lot harder for advertising agencies and other third parties to track you online.
6. Clear your browser cache.
Every browser you use can be used to track your browsing history. This is why you should make sure that you clear your search engine browsers cache as often as you can.
Here’s how you can clear your browser cache in Chrome
At the top right, click More .
Click More toolsClear browsing data.
At the top, choose a time range. To delete everything, select All time.
Next to “Cookies and other site data” and “Cached images and files,” check the boxes.
Click Clear data.
5. Your phone keeps track of everywhere you go, all the time. If this makes you uncomfortable, you are able to opt-out of location-tracking on Android and iOS. You can adjust your location services on your mobile device by disabling GP as tracking.
How to disable GPS tracking on Android:
Power on your phone and navigate to the home screen.
Press the “Menu” button on your phone, followed by the “Settings” option that appears.
Touch “Location & Security” under the “Settings” menu and then uncheck the option that says “Use GPS Satellites.” The GPS on your Android is now blocked.
How to disable location tracking on iPhone
Open the Settings app.
Scroll down and tap on Privacy.
Select Location Services.
In the next menu, untoggle Location Services at the top.
Some of the best methods of fighting against super cookies is to avoid running Adobe Flash or Microsoft Silverlight in your browser as these two apps are used by super cookies to replicate themselves. Using VPN services like Tunnel Bear or Tor is perhaps the best way of fighting cookies.
We try to be as jargon free as possible, but in the world of internet security, technical terms cannot be avoided. We’ve therefore created this glossary where we explain common terms that you are likely to come across in the world of cyber security.
Ad injection is a black hat technique where ads are secretively inserted into a webpage without the website owner’s knowledge or permission. According to Google, over 50,00 browser extensions and more than 34,000 software applications engage in the practice. With ad injection, ads can be inserted on top of those that already appear, obscuring the original ads, replace ads entirely or get shown on pages that weren’t meant to show ads.
An anonymizer is a collective term to describe a tool such as a VPN that you can use to make your activity on the Internet untraceable. An anonymizer accesses the Internet on your behalf, protecting your personal information by hiding your identifying information. It does this by masquerading your real Internet Protocol (IP) address and substituting it with another IP address, making it difficult to for hackers and other cybercriminals to target you online.
Furthermore, an anonymizer can be used to bypass censorship in countries where internet access is restricted, allowing access to online information. Note that when you use any type of anonymizer, your internet speed is going to be reduced because you are now going through at least one extra layer of security.
There are two types of anonymizers. The single point anonymizer passes your browsing through a single point such as a proxy server to protect your identity. The networked anonymizer such as a VPN transfers your communication through a network of computers.
Biometric authentication involves the use of biometric data such as the face, fingerprint or voice as part of the two-factor authentication in order to get access to restricted accounts.
A bot is a type of application that has been programmed to perform a series of automated and repetitive tasks on behalf of humans on the internet. More than half of the internet’s traffic consists of bots performing one type of task or another, depending on what they have been programmed to do.
Types of bots
There are several types of bots on the internet which can be good or bad, depending on how they have been programmed. Here are examples of different types of bots.
Search engine bots
A botnet (also known as a zombie network) is a network of thousands of remote-controlled malware bots that the owner remotely manages using a server which functions as a control and command centre.
Cybercriminals use social engineering tactics to breach the security of users’ computers and turn these machines into malware bots that can be used as part of a botnet. Once infected, the devices can continue to act perfectly normal with no symptoms or warning signs.
A cookies is a small text file that collects certain pieces of information about you when you visit a website. Every time you navigate to a website for the first time, cookies are created by your browser and saved to your computer. When you return to the website, the cookies will help it to remember certain things such as login details, information about the pages you visited and create customized web pages and ads tailored to your online preferences. The main objective with cookies is to increase the speed with which you visit that same website again.
Cookie syncing is a user identification and data collection process that is used to enhance the effectiveness of online advertising campaigns. It allows the entities that are tracking you online to share the information they have about you, and link together the IDs they’ve created to identify your device. They can compare notes and build a better profile of you, all of which is done without your knowledge or approval.
Canvas fingerprinting is a type of browser fingerprinting technique designed to uniquely identify and track visitors to a particular website without having to use browser cookies. When one of these scripts is running on a website you visit, it will instruct your browser to draw an invisible image behind the scenes. This action is completely invisible to you. Because every device will draw this image in a unique way, this process can be used to effectively create a fingerprint for your device. Your browsing can then be tracked using this fingerprint whenever you are online.
Every web server has a daemon which is a program that is designed to wait specifically for HTTP requests and then handle them when they arrive. That’s it’s job. Now your web browser whether it’s Firefox or Google Chrome or Safari is an HTTP client, and they make requests to the web server on your behalf. So when you enter a particular site or click on the hyperlink of a web site, your browser builds an HTTP request and sends it to the IP address indicated by the URL that you’ve added to the browser. The daemon will receive your request and send back the requested file or files associated with your request.
Data harvesting is the process of extracting data from specific websites with the use of malicious bots. For example, data can be collected from users of a particular app or social media site like Facebook or Twitter. That data is then analyzed and processed. The end result is a user profile which includes user details such as age, gender and location. Now, that profile of that individual can be used to determine things like what that individual would be likely to buy in the future, if they’re likely to take out a financial loan or the kind of causes are likely to support, the kinds of politicians they are likely to vote for, etc.
A DDoS (Distributed Denial-of-Service) attack is a malicious attempt to render a website or online service inoperable by overwhelming the bandwidth of the targeted system. According to the Q2 2018 Threat Report, the number of distributed denial-of-service (DDoS) attacks increased in size by 500%.
DNS stands for Domain Name System, and it is responsible for translating domain names into IP addresses. So, if you wanted to go to www.dreamspath.com which has an IP address of 22.214.171.124, DNS would translate www.dreamspath.com into 126.96.36.199. Web servers and browsers don’t understand names; they only understand IP addresses. Without DNS, the alternative would be to memorize and type in an IP address whenever you want to navigate to a particular website. It is essentially the phonebook of the internet.
Now, the domain name system isn’t just one large central database that has a list of all of websites and corresponding IP addresses. It delegates the responsibility of assigning domain names and mapping those names to IP addresses by designating authoritative name servers for each domain. There are several DNS servers all over the world that can help you map IP addresses to domain names.
A DNS leak refers to a vulnerability in a VPN through which the real identity of a user is revealed. DNS requests are revealed to ISP DNS servers, despite the use of a VPN service to attempt to conceal them. This flaw allows an ISP and other eavesdroppers to track websites a user may be visiting. Normally, the VPN automatically changes the ISP DNS to the anonymous VPN DNS. In a DNS leak, however, the browser’s DNS requests are sent to the ISP DNS server directly bypassing the VPN. You can perform standard tests at www.dnsleak.com or www.dnsleaktest.com.
Domain spoofing is when cybercriminals try to deceive users by faking the name of a legitimate website. The main objective of domain spoofing is to fool users into interacting with the malicious website as if it were the legitimate site. It is used to steal personal information such as login credentials or credit card info, or trick the visitor into downloading malware onto their computer.
Here are examples of how spammers may spoof the domain name in order to trick you into clickingon it.
https://fa-cebook.com -> “fa-cebook.com” is not the same as “facebook.com”
https://facebook.com.realwebsite.com — “realwebsite.com” is the main website. Note that “facebook.com” here, is a subdomain of “realwebsite.com”
https://facebook.co — “facebook.co” is not the same as “facebook.com”
https://www-facebook.com — “www-facebook.com” is not a subdomain of “facebook.com”. Note the hyphen in “www-facebook.com”. A genuine subdomain would be separated from the main website domain (SLD) by a period like in “www.facebook.com”.
https://faceboek.com — Note that the “o” in the domain name has been replaced with “e”.
Drive-by Download Attack
A drive-by download attack refers to the inadvertent download of malicious code to your PC or mobile device that exposes you to a cyberattack. This virus starts to infect your PC as soon as you navigate to a particular website. A drive-by download doesn’t rely on you to click on anything, press download, or open an email attachment to actively enable the attack. These downloads can be on any site, including safe, legitimate sites. This also includes downloads of bundled software onto a computing device that leaves you vulnerable to a cyber-attack.
Some password managers provide the ability to grant one-time access to your Vault to one or more designated users. You can also specify an access delay. This means that the user you have designated tries to gain access to your information, that person would have to wait a specified time period of your choosing. During this period of time (e.g. two hours), you have the power to decline the requested access. If you do not deny the request within the specified time period, the emergency access user will be able to access your Vault.
Encryption is the process of converting your data (such as a text message or email) into unreadable format so that its content cannot be understood even if it intercepted by hackers. When you need to send a confidential mail and you use a program that obscures the content of that email, that is an example of encryption.
Geo-blocking refers to the process of limiting access to certain online services based on geographic location. These include streaming video services like Netflix, Hulu and BBC iPlayer, dating sites, news sites, etc. For example, if you live in the UK, you won’t have access to Netflix’s full catalog of movies and TV shows that is avaiabe to US residents. Geo-blocking works by using your IP address to track your location. This means that if you are an American visiting the UK, you will only access content that is available in the UK.
This stands for the Hypertext Transfer Protocol. It defines how messages are formatted and transmitted over the web. It also determines what actions web servers and browsers shall take in response to various commands. So HTTP basically is the mother of all protocols involving the World Wide Web. It’s basically behind how every single requests are handled between a web browser and web server.
This is Hypertext Transfer Protocol secure. It is the secure version of HTTP. It’s secure because communication between your web browser and the web server is encrypted. HTTPS is a must for Web sites with sensitive information like passwords and credit card details are exchanged. You should never provide your password on a site that doesn’t have HTTPS. Encryption is implemented on HTTPS through the use of TLS and SSL. Never ever provide your password or your credit card details on a site that doesn’t have HTTPS.
IP address stands for internet protocol address. It is a uniquely identifying number that is allocated to a device (such as a computer or smartphone) that is connected to the internet. However, if you are connecting to the internet through a router, it is the IP address of your router that will be visible on the internet. Your router will dynamically assign a private IP address to the network card in your computer. This IP address will not be visible on the internet.
Your IP address is what identifies who you are and where you are browsing from on the internet, and allows you to send and receive information. Note that your IP address is publicly visible on the internet and you can find out yours by navigating to whatismyipaddress.com.
An IP leak occurs when your VPN leaks your real IP address to a website that you visit. When you’re using a VPN, no website should be able to see your real IP address. This can happen when your computer is unknowingly accessing default servers rather than the VPN provider’s servers.
Keyloggers are monitoring software used to record the keystrokes that are used on a smartphone or computer keyboard. They are one of the oldest types of online threats used by cybercriminals to steal confidential information such as passwords, credit card details and other personal data. Some sophisticated keyloggers – such as those that target mobile devices – are able to record information such as calls, information from messaging applications and GPS location.
Also known as VPN Kill Switch, Internet Kill Switch or Network Lock, a kill switch is a special VPN security feature that is triggered when the VPN connection suddenly drops. The VPN automatically disconnectsyour device from the Internet until the VPN connection is restored. This means it blocks traffic leaving your device if your connection is ever compromised. With a kill switch, there’s no possibility that your IP address accidentally gets exposed.
Latency refers to the amount of time between a user action and the result of that action. For example, the delay between a user clicking an image and the user’s browser showing that image. If you click a link and it takes several seconds before the image appears, you are experiencing significant latency.
A Mac address (media access control address) is a unique identifier that is assigned to a network interface controller (NIC) for use as a network address in communications within a local area network (LAN). Unlike an IP address that can be changed every time you connect to the internet, a MAC address is a hardware address that is embedded into the device and can never be changed.
This is a rogue network that fools users into thinking they are connecting to a legitimate network. Hotels are often the prime target for malicious hotspots. For example say you’re staying at The GoodNight Inn and you want to connect to the hotel’s WI-FI. When you browse the network, you may find GoodNight Inn which you might think is the hotel’s Wi-Fi, but isn’t. If you connect to that network, you’ve just connected to a rogue network that can now browse your sensitive information.
Short for malicious software, malware is a computer program that is designed to infiltrate and cause damage to computers or websites. Malware covers all types of threats to your computer including spyware, viruses, worms, Trojans and so on.
This type of phishing utilizes digital ad software to publish otherwise normal looking ads with malicious code implanted within.
Man-In-The-Middle Attacks (MitM)
This attack is a form of eavesdropping. When you connect to different websites on the internet, vulnerabilities can allow an attacker to get in between these transmissions and read the content of those transmissions. These attacks are often carried out by establishing fake public Wi-Fi networks at various public locations such as coffee shops and shopping malls.
The master password is the only password you are required to create when using a password manager. It is the key to unlock access to all of your stored credentials, including your passwords.
Multi-layer security is all about having multiple safeguards in place and using them in conjunction with one another so that if one fails, you’ve still got others to protect you. For example, instead of using just passwords as your only layer of security, you should have additional layers like two factor authentication, encryption and private networks. This ensures that even if your password is breached by a cybercriminal, they won’t be able to access your account because you have two factor authentication as an additional layer of security.
Multi-factor authentication is a method of access control where a service grants you access only after you present multiple pieces of evidence that you are who you claim to be. This evidence comes in three forms: something you know (such as your password), something you have (such as your phone) and something inherent, which include biometric methods such as fingerprint readers, retinal scanners and facial recognition systems.
No Logs Policy
A no logs policy is about protecting your private information from everyone. It means that no information is saved about your personal details, the websites you visit or what you search for. So in the event of any unforeseen circumstance such as data breach, server hack or government investigation, nothing can be held against you because no information was recorded about you in the first place. This policy is used to safeguard your privacy and anonymity so that you can feel safe in the knowledge that what you do online is protected from everybody.
Every VPN claims to deliver anonymity and privacy with a no logs policy. However, the reality is that some VPN vendors might be unable to deliver 100% privacy, and this doesn’t have anything to do with the service provider’s technology. If the VPN provider has its headquarters in a country that’s part of the 5/9/14 Eyes Alliance, a VPN service provider can be forced to log user data and to provide logs by request of the authorities. This means you could be at risk of being exposed to the government. If online privacy is a top priority, you’ll be better off choosing a VPN provider that is not located in a country that is a member of the 14-eyes alliance
Protocols (for VPNs)
A Virtual Private Network (VPN) protocol is a set of rules that govern how data is transmitted between your computing device and a VPN server. Consider a protocol as a kind of language that multiple devices have to understand in order to be able to communicate with each other. With VPN protocols, the VPN software that you install on your device has to use the same protocol on the VPN server in order for your computer to be able to use the VPN service.
One Time Passwords
One time password is a password that is valid for only one login session. This password makes it impossible for hackers to get into your account even if your login credentials are compromised. You can also use one time passwords as part of the two factor authentication process
A password generator is a tool that randomly generates unique and complex passwords. When using a password generator, you have the option of specifying how long it should be or whether it can include combinations of numbers, uppercase and lowercase letters, and special characters. Some password generators are capable of creating very long passwords that can be understood and memorized.
A payload when used in the context of a computer virus or worm refers to that component of the virus that implements malicious activities. A virus or worm that has a destructive payload will be relatively more dangerous than one with a much more benign payload.
Perfect Forward Secrecy
A component of an encryption system that keeps data safe by automatically and frequently changing the key used to encrypt and decrypt information on every login and at least each hour thereafter. This means that even if one session is compromised, only a small portion of the user’s sensitive data is exposed. Keys are switched every time a user loads or reloads an encrypted web page, or every time a text message is sent. Without perfect forward secrecy, when a user logs in to a VPN for example, the entire session is encrypted based on the client’s key. But if that session is hacked, the entire conversation is compromised.
A proxy server is a type of anonymizer that functions as an intermediary for requests made by clients seeking resources from web servers. The proxy sits between you and the web server that you’re trying to access. Internet traffic flows through the proxy server on its way to the address you requested. The request then comes back through that same proxy server and then the proxy server forwards the data received from the website to you.
The proxy masquerades your real Internet Protocol (IP) address and substitutes it with another IP address, making it difficult to for hackers and other cybercriminals to target you online. This allows you to defeat restrictions and censorship. In addition, proxy servers do not provide any type of encryption.
Secure notes is an all-encompassing term that is used to describe any credential that is not a password. This includes credit card info, national insurance numbers, online receipts, etc. All of the data that is contained in secure notes is encrypted in the same way that passwords are.
Sideloading is a term similar to uploading and downloading. It involves the installation of an 3rd party application on a mobile device without using the device’s official app distribution channel. These apps are downloaded from third-party app stores. Some of these apps are particularly vulnerable to malware infection due to the fact that they aren’t installed through official channels.
If you’ve decided to run your VPN off your router rather than through your devices or apps, split tunneling allows you to decide which of your traffic goes through the encrypted VPN tunnel, and which traffic accesses the internet directly with your regular IP. For example, you can choose to protect all of the computers on your network by routing their traffic through the VPN, but keep your printer open for normal traffic. This way, you can allow some people on the web to use the printer. This is a very useful feature to have because you can lose access to some services if you use a VPN.
These are files that are designed to bring a software program back to life after it has been successfully removed from a computing device.
The concept of social engineering refers to a situation when an attacker engineers a social situation that encourages a potential victim to feel comfortable with the attacker and let their guard down. The attacker plays some sort of mind game with the potential victim, which allows them to accomplish their malicious goal.
Snooping and Sniffing
Cybercriminals can buy special kits and devices that allow them to access everything you’re doing online, from viewing pages you have visited to being able to capture your login credentials and even hijack your accounts.
A software vulnerability is a security hole or weakness discovered in an operating system that renders it susceptible to exploitation by hackers.
Spoofing is the process of substituting a message from a shady source as coming from a recognized, trusted source. It can be applied to text messages, emails, phone calls, IP addresses, DNS servers and websites. Spoofing can also lead to the rerouting of internet traffic, which can lead visitors to malicious websites designed to steal information or distribute malware.
SSL stands for secure sockets layer. It establishes a secure link between your browser and the web server to ensure that eavesdroppers and hackers are unable to see what you transmit which is a must if you process sensitive information like credit card payments on your website. SSL and TSL can help you securely process that data so that cybercriminals can’t get their hands on it.
Your web server requires an SSL certificate to be installed on it. So, if you have a website and you want to establish a secure link between your web server and any browser that wants to have any access to your website, you need to install a current SSL certificate. This certificate will serve as proof that your web site is secure with SSL. So, any time a browser from around the world tries to access your website, it will check to see if the certification has expired before completing the connection.
Torrent IP leak
A torrent IP leak occurs while torrenting. Torrenting is typically anonymized and encrypted when you’re using a VPN. A torrent IP leak occurs when the torrent client unveils the user’s real IP address while torrenting.
TLS stands for Transport Layer security, and it is the successor to SSL. It is more advanced, and offers a higher degree of encryption and security. It is just a more recent version of SSL, and it fixes some security vulnerabilities in the earlier SSL protocols. As an end-user, you don’t need to worry too much about TLS vs SSL or whether you’re using an “SSL certificate” or a “TLS certificate”.
Two-factor authentication –also known as 2FA – is a type of authentication method that requires presentation of two different authentication factors in order to access certain data on a password-protected site. Two-factor authentication is probably the most effective way of securing your online accounts because attackers have to crack your password and be in possession of your smartphone to gain access to your account.
An unlocked phone is a phone that is not associated with a specific provider. This means that the phone can be activated on any phone service provider through the use of the provider’s SIM card.
A computer virus is malicious code named after the biological organism. A computer virus resides in your device’s hardware and software. Like the biological specimen, a computer virus steals resources from your use of the device and renders the device seem “sick,” i.e. slow or unresponsive. In some cases, a virus can be designed to destroy information or even render a device completely unusable.
A VPN protocol is the technology used by the VPN provider to ensure that you get a fast and secure connection between your device and their VPN servers.
A web server is a computer that runs websites. The main objective of the web server is to store, process and deliver web pages to users using the HTTP protocol.
Website spoofing is the process of creating a fake website that is almost indistinguishable from the real thing. The aim of this scam is to steal your login credentials by getting you to login to the fake site. The best way to determine if a website is bogus is to look at the domain name area. A fake website will always contain a variation of the actual name. For example, instead of www.nike.com, the domain name will read www.nikesales.com.
On average 30,000 websites are hacked every day (source Sophos Security Threat Report). It is estimated that WordPress makes up about 30% of all existing websites today. This popularity makes WordPress a massive target for hackers and malwar. Statistics show that more than 70% of WordPress installations are vulnerable to hacker attacks. 83% of the roughly 90,000 websites that get hacked each day are using WordPress.
This is why it is so important to take as many precautions as possible to secure your site. Now, if you have a small blog, you might be thinking “no hacker could possibly be interested in my tiny site“. Unfortunately, that’s the type of mentality that keeps you from taking any action to prevent these attacks from occurring in the first place.
It is important to realize that most attacks are automated. Hackers simply use software to automatically identify websites with vulnerabilities which they can take advantage of, no matter how big or small the websites are. So if you leave the front door to your website wide open, so to speak, they’re likely to just come right in.
Google have stated that they blacklist 10,000 websites that have been infected with malware every day and around 50,000 for phishing every week. If a site is blacklisted by Google, it will be removed from their index. This is what can happen to you if you don’t take proper care of your website.
Whilst you cannot prevent a hacker from attacking your site, there are things you can do to make their job as difficult as possible and to encourage them to go elsewhere. Read on to find out 15 things you can do today to reduce the risk of an attack and keep your website as safe and secure as possible from attackers and other threats that exist on the web.
1. Change your WordPress admin username.
Changing the default WordPress username is one of the simplest and quickest things you can do to protect your WordPress site. This is because the most common WordPress attack is focused on gaining administrative access to your website by attempting to log in with your admin user name. So, if your user name is admin, you’ve already given potential hackers half of the information that they need to gain admin access to your Web site.
When choosing a username, avoid using the following names:
Your domain name
Your first, middle or last name or full name
Any common English names
The name you use to moderate comments on the site
If you’ve already setup your blog, you’re going to have to change the username to something that is unique and hard to guess such as a name with alpha-numeric characters.
2. Use a strong password that is virtually impossible to crack.
A unique and complex password that is not easy to guess is vitally important for the security of your WordPress site. You can use the password that your WordPress site generates automatically. That password typically contains a variety of numbers, nonsensical letter combinations and special characters like % or ^. That is a very strong password. But the problem with that password is that it is impossible to remember.
A better option would be to use a passphrase, which would be a lot harder for a hacker to guess. A passphrase can be anything. It can be a phrase from your favourite song or your favourite quotation. It is always going to be longer than a password and contains dashes in between words such as this: “You-cannot-have-a-harvest-without-planting-a-seed.” But the main reason you’ll want to use a passphrase is that they will be a lot easier to remember, and they will be next to impossible to crack by password cracking tools.
Click here to learn how to create a strong and complex password that would be easy for you to remember.
3. Hide your username from being found.
An attacker can easily find out your WordPress administrative username by using a tool such as WPScan. They can also find your username by typing in ?author=1 into a browser. For example: www.domain.com/?author=1. If the author ID is valid then they will be redirected to the author URL, for example: http:://www.example.com/author/admin
It is the same process even when you change the WordPress administrative username. For example, if you changed the username to iron25dude, then by requesting the URL, the user will be redirected to http://www.example.com/?author= iron25dude.
WordPress usernames can also be found in the source code of blog posts and pages. This is why it is so important to hide the username, and avoid publishing anything using the WordPress administrator account username.
Take the following actions to avoid the display of your administrative username:
Go to your profile page by going to Users -> Profile and make sure the First Name, Last Name and Nickname fields are populated. Note that the nickname field is typically auto filled with your username. The nickname allows you to set the display name to something other than your username or first and last name,
From the Display name publicly as drop down menu, choose a name that should appear in blog posts, pages etc. You can choose something like Admin to give attackers the impression that you’re using admin as your username.
The quickest way to hide the login page is with the WPS Hide Login plugin. However, note that this also means you’ll be adding yet another plug-in to your WordPress.
4. Disable error login hints.
By default, WordPress displays an error message if you type in the wrong username or password on the login page.
For example, WordPress displays this error message when you enter the wrong username:
WordPress displays this error message when you enter the wrong password:
This may be helpful for you, but the problem is that it is also helpful for hackers because they now know which part of the equation they have to work on. Furthermore, since WordPress 4.5, you’re able to login to your WordPress site with your email address instead of a username. All of this can make it easy for hackers to compromise your account. Removing these error messages will make it a lot harder for hackers to know what they’ve guessed right or wrong.
To do so, you need to edit your functions that PHP file by adding the following code:
This will remove the default error messages from your login screen. Now if you or anyone else enters incorrect username, password, or email, WordPress would simply show the following error without providing any hints as to what you’ve typed in wrong.
If you don’t feel comfortable editing the functions.php file directly, you can do this using the code snippets plugin.
5. Limit the number of login attempts that a single user can make.
By default, WordPress allows unlimited login attempts. This can lead to passwords being cracked through brute force attacks. Many people use plugins in order to prevent this from happening and to stop users from continually trying to enter a new password. You can use a plugin such as the Limit Login Attempts plugin to limit the number of times a user can enter a password.
However, this is not necessarily the best option because the plugin has not been updated in years. A better option would be the Brute Protect plugin, which is now owned by the creators of WordPress. You now have Brute protect as part of Jet Pack, which, as you may be aware, comes pre-installed when you install WordPress. All you have to do is go into jetpack and activate that from your plug ins. This plug in will protect your log in when it notices too many log in attempts.
If you don’t want to add yet another plugin to your WordPress site, you can secure your login page by pasting the following piece of code to your .htaccess file:
Deny from all
Allow from xx.xxx.xxx.xxxx
This code will deny anybody from logging in to your site except for the IP address that you have specified in the piece of code. You can also include the IP address of anybody else that you want to allow access to your website.
6. Setup two-factor authentication (2FA) on the login page.
You can add an additional layer of security to your WordPress by enabling 2-factor authentication. This means that before anyone can login to your site, they will have to present additional pieces of information to gain access to the WordPress backend. You can configure this with the freemium plugin Google Authenticator – Two Factor Authentication. You don’t have to upgrade to the premium plan because the free plan is probably enough for what you need.
7. Set directory permissions carefully.
If you look through your directories and files in File Manager in your CPanel, you may have noticed a permissions column with various numbers. What you may not realize is that these numbers determine the level of access anyone can have to your website.
In the image below, you can see the permissions on the right, and you’ll be able to click on the permission number, enter the numeric value and click save, But what number should you change it to? Generally speaking, the lower the number that you have for your permissions, the more secure that directory is going to be.
But one number you must absolutely avoid when setting permissions is 777. This number will allow an intruder to gain complete ccess to your files. They can modify a file, upload malicious code and take over full control of your website. To protect the entire files system, including directories, subdirectories and individual files, set directory permissions to 755 and files to 644. This becomes even more important especially if you’re using shared hosting.
8. Do some due diligence when choosing your shared hosting provider.
Hosting can play a big part in just how vulnerable your website is. Shared hosting is the most popular type of hosting plan because of its relatively low cost. However, this type of hosting is also the most vulnerable to issues of security. This is because if you’re on a shared hosting plan, your website can be hosted alongside thousands of websites on a single web server. This means that all of those sites coexist in the same directory, and are accessible with the same FTP account. They also all use the same public IP address. This poses a certain amount of security risks.
For example, if any one of the hosted sites do not adopt proper security measures and gets hacked, then that hacker can use that access to attack other sites on the same server.
You can also opt for a managed WordPress hosting account, so you don’t have to share space with other website owners. If you must go with shared hosting, here are some things to check about security before signing up to a shared host:
Supports the most updated versions of software such as the latest PHP and MySQL versions.
Isolates one website’s environment from another with a Firewall.
Have intrusion detection mechanisms in place for when there are intruders on your account.
9. Update your WordPress to the latest version
Updating to the latest version of WordPress is vitally important for the security of your site. If you’re not using the latest WordPress version, it means that you’re using software with known security vulnerabilities. Hackers are always on the lookout for loopholes that will provide the opportunity to get into sites. If you have not updated to the latest version of WordPress, you’re effectively increasing the security risk by leaving the door open to attacks.
Hackers can easily look at the WordPress security log to see the loopholes that have been fixed and take advantage of sites that aren’t up to date. They can then do an automated search for websites running these older versions, which will be easy for hackers to find. The good news is that WordPress automatically rolls out updates and informs users by email whenever they do so.
10. Only login to your site from a safe and trusted computer.
When you think about protecting your WordPress website, you should also consider the computer you’re using to access the site. This is because the device that you use to login to your site can harm your website if it has already been infected. This is something to also consider if you’re working in a public place with an insecure connection such as a Wi-Fi hotspot.
No matter how secure we make our website, if the device that we are using to access the site then the chances off our website getting hacked is higher. Before you login to your website, be sure to scan the device you’re using for any viruses or malware by running antivirus software to make sure your computer is safe.
11. Hide your database from hackers.
A WordPress website consists of both files and a database, and all of the data on your website is actually stored in this database. This is why the database is a hacker’s favourite place to attack a website because it allows them to attack multiple WordPress sites simultaneously by running automated codes for SQL injections. The default database table prefix is wp_, so hackers tend to run automated code targeting that database table.
You can easily prevent this by renaming the database table when you are installing WordPress, and it doesn’t really matter what you rename this to. Just make sure that you pick something unique and that you stay away from the wp_ database prefix. If you’ve already installed WordPress, you may have to get a developer involved because you’ll have to change the prefix in several places.
12. Avoid WordPress plugin vulnerabilites.
Plugins are wonderful because of the functionalities they can add to your site. But the way you manage plugins is crucial to your site’s security. And that is because badly coded, out-of-date plugins or rogue plugins are enough to bring your entire site down.
According to a survey by Wordfence, 55.9% of WordPress websites were breached due to plugin vulnerabilities. This is why it is so important that pay particular attention to the way you manage pluginson your website.
Here are tips for keeping your site safe through effective plugin management
Scan for WordPress plugin vulnerabilities. If you’re unsure about any plugin, start by checking WPScan Vulnerability Database, which lists plugins and their known vulnerabilities.
Choose the right plugins. No plugin is 100% secure; but you can significantly reduce plugin vulnerabilities by doing some due diligence before installing them. This means only installing plugins from reputable sources like Code Canyon, the WordPress plugin repository or trusted third-party sitesHere’s what to check to find out if a plugin is worth installing:
Updates and compatibility
Support and documentation
Average user ratings.
3. Update plugins regularly.
Out-of-date plugins are one of the most popular methods that hackers use to attack WordPress websites. Most times, plugin developers will release new updates for the plugins and include security updates. It is vitally important to keep updated to the latest plugins.
According to a Sucuri analysis, three popular out-of-date (Gravity Forms, Timthumb and RevSlider) plugins caused 18%of the hacked WordPress sites they looked at in Q3 2016. So, even if you choose the right plugins for your site, your site will still be at risk if you don’t keep them up-to-date. And the best way to keep your plugins updated is to enable automatic updates, which you can do with Easy Updates Manager. This plugin is free of charge.
4. Delete unwanted plugins. Go through your list of plugins and delete any ones that you are not using to avoid leaving yet another loophole for hackers to exploit.
5. Only install well-maintained plugins. This means you should only use plugins whose last update was no more than a year from the last update. This is because when a plugin isn’t maintained, they’re going to become vulnerable to hacking. One great thing about WordPress is that for every plugin out there, there’s always one or two alternatives to choose from. Use as few, well-maintained plugins as possible.
13. Delete any themes you’re not using.
Another way to keep your site safe and secure is to delete any themes you’re not using. Not doing so can leave you wide open to hackers who will always try to inject malicious code into vulnerable themes So, the less you have, the fewer the chances are that they will succeed in doing so. If you ever decide to switch to a new theme, you can install several themes to identify the theme that you like or prefer to use on your site. But once you have confirmed your preferred theme, be sure to go back and delete the other downloaded themes so that no malicious code can be injected into any of them.
14. Keep a record of everything that happens on your WordPress.
It is important to take control of what is happening with your WordPress website. You need to know who’s logged in, where they are logging in from and what they are doing once they are logged in. The WP Activity Log plugin keeps track of everything that happens on the site in the WordPress activity log. Once installed, the plugin keeps track of everything that is done by everyone who has logged into the site.
15. Install a security plugin.
There are several WordPress security plugins available for your website. Here are 4 free and freemium security plugins that you can use to protect your site and keep it safe and secure.
WordFence is one of the most widely used security WordPress plugins. it includes an endpoint firewall and malware scanner and will scan all your WordPress files including themes, plugins, posts and comments to look for malware infections.
Monitors everything that takes place on your site, such as file changes, last logins and failed login attempts
Protects against SQL injections, XSS and all known attacks
Protects against brute force attacks
Improves site performance by blocking malicious traffic
There’s a free version and the pro version is $299 per year.
All-In-One WP Security & Firewall
The All In One WordPress Security plugin is comprehensive and 100% free. Unlike most of the other plugins, it doesn’t slow down your site. This powerful plugin covers various aspects of WordPress security, and is well supported and regularly updated. It has a user-friendly interface which makes it a lot easier to setup than most of the other security plugins. Security and firewall rules are categorized into “basic”, “intermediate” and “advanced”. This allows you to implement the firewall rules using a progressive points system.
Scans for malicious patterns
Uses IP filtering to blacklist specific IP addresses
Allows you to generate strong passwords
Login lockdowns after failed login attempts
This plugin provides security for various types of online threats. The free plan offers a diverse range of security features including malware scanner, firewall, login security, DB backup, anti-Spam & much more. You can upgrade to the premium plan if you are interested in advanced security features, but the basic plan is sufficient to secure most small business websites.
Scans for malware
Automatically logs out idle sessions
Cerber Security, Antispam & Malware Scan
Cerber Security, Antispam & Malware Scan is a free to use security plugin. This plugin mitigates brute force attacks by limiting the number of login attempts. The plugin defends against hacker attacks, spam, trojans and malware. Additional features offered for a premium plan.
Reduces brute force attacks
Limits login attempts
Automatically identifies and deletes spam comments
Advanced malware scanner
Hides wp-admin for users that are not logged in P
rotects wp-login.php, wp-signup.php and wp-register.php from attacks.
So, there you have it. Securing your WordPress site from online threats should be a priority. I hope you now have the info you need to choose the ideal security tool for your needs.
The website haveibeenpwned.com is one of the oldest and most well-known tools that you can use to determine whether your confidential data may be in the hands of hackers. The site has been featured by the BBC and has received great reviews from a number of tech blogs such as Wired.com.
On the site, you are presented with a basic search engine along with a list of the latest data breaches. All you have to do is to type in the email address that you used to register on sites that you know have been hacked. You also have the option of signing up for email alerts, and you’ll get a notification if your email address is discovered in any new breach so that you can take immediate steps to change your password as soon as you receive an alert.
BreachAlarm is a freemium tool that allows you to check if your confidential data has been compromised by a password hack on a site that you are currently registered with.
The site offers a free email-checking service, but also offers paid notification and protective services. You probably don’t need more than the free email services. However, if you are searching for a service that is geared more towards small businesses, you may prefer to use BreachAlarm. You may also want to check your confidential data with more than one hack verification tools.
DeHashed works in the same way as the other solutions on this list in that it is able to find out where your data has been compromised or leaked. The difference is that DeHashed does more than focus on just email addresses. You can use the search engine to find out whether your full name and/or address and phone number appear in hacked lists It presents options to search for a variety of options including your username, IP address, name, address and phone number.
Note however, that this tool is more suited to businesses, and is not as user-friendly as the other tools. In addition, you will have to purchase a subscription to perform some of these searches. Prices range from from $5.49 for a single week to $180 for a 12-month subscription.
Sucuri Security Scanner is a more powerful tool than other options on this list because it offers a more comprehensive suite of security solutions. It allows you to scan an entire website for malware, viruses, errors, blacklist status, security vulnerabilities such as out-of-date software & plugins as well as the presence of hackers. It is typically used alongside other email and username checking tools.
Using the Internet for business and leisure is essential in today’s digital world. But as the technology that allows us to work more efficiently online increases, it also includes several risks.
Identity theft is a main focus for most cybercriminals. Computers can fall victim to viruses, spyware and other dangerous malware simply by clicking the wrong link or visiting the wrong website.
With a growing amount of malicious and increasingly sophisticated software prowling the Internet, here are 101 cyber security tips to help protect your digital life on your computing devices.
1. Keep software up-to-date.
Installing updates for your browser, applications and operating system is critical. Failing to install these updates could lead to security vulnerabilities in your computing device that an attacker could exploit. Switch on automatic updates for your operating system. Use safe browsers such as Firefox or Google Chrome that receive automatic security updates. Keep your browser plugins up-to-date.
2. Unhide file extensions in Windows.
File extensions are hidden in Windows computers by default, making it more difficult to identify potentially malicious software on your computer. Configuring Windows to show file extensions can help you avoid dangerous files. Hiding file extensions makes it easy for attackers to trick you into running malicious programs because you don’t know what type of file you are opening. That is why it is so important to unhide file extensions so that you can identify potentially dangerous files and attachments on your computing device before you click on them.
3. Be cautious about downloading apps from 3rd party app stores.
The Google Play Store for Android and the Apple App Store for iOS are the two largest distribution platforms for mobile applications. But there are also third party app stores which distribute third party apps, of which there are over 300 worldwide. Each store has its own security vetting processes towards the apps they allow to be listed in their app stores, some of which may not be up to standard. This means there’s a higher chance that some of these third party stores might offer pirated and malicious apps that can infect your mobile device with dangerous malware like ransomware, adware and Trojans.
Keep in mind though, that not all 3rd party stores pose the same level of risk. For example, the app stores created by mobile manufacturers like Samsung, as well as the Amazon App Store for the Kindle Fire are 3rd party app stores.
4. Install anti-spyware programs.
Spyware protection is necessary. Many types of spyware used today can be fairly harmless. But some types are inimical to internet safety and security. These malicious programs secretly record everything you do on your computer and send them to 3rd parties. They can collect all types of information, including passwords, web pages visited, hard drive information, social media and email account logins to sensitive financial and business credentials. This can lead to identity theft, fraud and other types of cybercrimes. Use antimalware programs to scan your computer for spyware, browser hijackers and other malicious applications.
5. Install a premium VPN.
A good VPN is the best way to keep you safe and secure online. It makes you anonymous by spoofing your IP address, making you practically invisible, and your online activities private. The VPN does this by creating a virtual, encrypted tunnel between your device and the VPN server whereby your computing device assumes the IP address of the server. To everyone else, you’ll appear to be browsing from the location of the VPN server rather than your actual location, which should prevent you getting caught out by an opportunist hacker or badly secured network.
6. Use a safe browser.
Surfing the web with a safe browser is absolutely essential to your online safety and security. Safe browsers have a white list of authorized programs, and they prevent certain functions that are not on that list from starting up. Without a safe browser, anything you do on a computing device whilst browsing the internet is at risk of being infiltrated by an unauthorized 3rd party.
Using a browser that isn’t safe puts a lot at risk including your login credentials, banking details, browser history, personal information and other sensitive data. To better protect your identity, use secure browsers such as Google Chrome, Firefox, Brave or Tor along with a VPN.
7. Block Pop-ups with an ad blocker.
An ad blocker is typically a browser extension that blocks block pop-ups from websites and advertisements from showing up as you browse the web. This will reduce the chances of clicking on an ad that could infect your computing device with malware.
8. Find out if your email account has been hacked.
Spammers use various techniques to spam people, but using hacked email accounts to spread spam has been booming for years. Find out if your email address is in the hands of spammers so that you can take the necessary steps to protect your reputation.
9. Use a standard account as your day-to-day account.
There are security risks associated with using your admin account as your main account. If your computing device gets compromised by malware or a hacker, they can do a lot more damage with an admin account than they could with a standard account. This is why you should create a user account that is separate from the default administrator account.
You can protect yourself by only logging in as administrator when you are installing software updates or making other administrator changes to the computer. Click here to learn how to setup user accounts in Windows 10.
10. Always switch off your PC.
Whenever you aren’t actively using your computer, shut it down or disconnect from the Internet. Most Mac computers do this by default. Note that if you are not frequently active on the web, the chance of being infiltrated by a malicious source decreases.
11. Lock your computer whenever you step away.
Taking a break from your computer even for only a few minutes is enough time for your computer to be compromised. When you lock your computer, it password-protects your session until you return and blocks anyone else from physically or remotely getting access to your information. If you’re running Windows 10, you can configure dynamic lock to automatically lock your device when you’re not in the same room as your comuter.
12. Educate your child on cyber security.
Educate your child about how they should behave when using the web. Let them know the dangers and pitfalls of the internet, and explain why it is not a good idea to share private information with people they don’t know.
13. Consider using an Apple computer.
Since Windows personal computers are much more prevalent in the marketplace, they are more susceptible to cyberattacks. Even though Mac computers can get compromised, it is mcuh less likely for a Mac to be infected with malware compared to a Microsoft PC.
14. Download freeware with care.
The ability to download software programs for free is compelling, and there are thousands of freeware including games, software and utility programs on file sharing sites and perfectly reputable sites. Not every free download available on the web is malicious. However, many of these freebies contain malware such as adware and spyware. Download programs only from well-known manufacturers and trusted sites.
15. Consider a security suite.
If your operating system doesn’t contain security features or you want that extra layer of protection online, a security suite will include all the products you require to keep your computer safe. A security suite typically contains antivirus software, antimalware, website authentication, parental controls, password storage and protection against identity theft.
16. Activate your antivirus software.
Simply installing antivirus or antimalware software is not enough to prevent your computer from being attacked. You still need to configure your software to perform automatic scans at a certain time every day. A quick scan will do a pretty good job, but it is recommended to perform a full scan at least once a month.
17. Increase your spyware protection.
Spyware can be hard to detect on your computer, so you may want to install more than one security application to search for spyware. Configure the stronger program to constantly monitor your PC and use the second for occasional scans to verify that nothing was missed by the first program. For example, you can configure Microsoft Defender and Malwarebytes to run simultaneously and without conflict. Both applications are also free.
18. Try disposable email addresses.
A disposable email address involves using a unique email address for a limited number of uses by creating different free e-mail addresses for specific purposes. For example you could use one disposable email address to sign up to services or complete surveys that may lead to more spam to your inbox. If you find that you’re getting too much spam to that address, simply delete the account and setup another. This will ensure that spam is kept away from your standard e-mail account.
You can continue to use your main e-mail address for business or personal communication.
19. Don’t use debit cards when shopping online.
Debit cards are connected directly to your current account. This means that whenever you buy something online, the account is immediately debited. If a cybercriminal gets hold of your card – either the card of just the information from it, and uses your card to buy stuff anywhere, you lose the cash spent. So, when you are shopping on-line, use credit cards rather than debit cards because they offer a level of protection that is not offered by debit cards.
20. Dedicate one credit card to online shopping.
Devoting a single card to online shopping will allow you to quickly detect fraud or identity theft than if you use several cards. Using one card will also reduce the amount of damage you may have to deal with if a fraudster gets hold of your card.
21. Do not save your passwords in your browser.
Saving your passwords in your browser may be convenient, but if your computing device is compromised, any info that you have saved will now become available to the attacker. This is why it is really important for you to totally avoid saving credit card numbers and other sensitive information in your browser.
22. Check for SSL.
You should only enter personal information on websites with the https:// prefix or a padlock icon in your browser window. What this indicates is that the site has been officially secured and any information transmitted between your browser and the site is encrypted and protected from prying eyes.
23. A secure site is not always a reputable one.
The https:// prefix and padlock symbol guarantees that the data that will be transmitted between your computing device and the website is secure, but that does not necessarily mean that you are dealing with a safe or reputable site. Attackers also use SSL and HTTPS to facilitate their attacks. This means you need to be wary about the websites you share your personal details with, and search for reviews to learn about other peoples’ experiences in their dealings with the company.
24. Protect your personal information.
Ignore emails that ask for personal information such as banking details, login credentials, passwords and other confidential information unless you are expecting such an email. Legitimate businesses would never ask for such sensitive information by text or in a cold email.
25. Do not click on deceptive hyperlinks.
Be suspicious of any link in an email shows one address but appears to take you to another. To find out where a link is taking you, hover your cursor over the link. If the address that appears at the bottom of your browser window is different from the one that you intend to visit, then you should definitely avoid clicking on the link as it is likely to be malicious.
26. Be cautious when typing web addresses.
Cybercriminals often setup sites that mimic other sites and use basic misspellings of the legitimate site as the URL. If you’re not careful with your typing, you may find yourself on the fake site which may be designed to download malware to your computing device as soon as you land on the home page.
27. Beware of phishing attacks.
Phishing attacks are one of the oldest scams on the internet, and have become more effective than ever before. With the exponential rise in smartphones over the years, duping users into divulging sensitive information through these devices is still easy low hanging fruit for attackers. If you have any reason to believe that the email you have received is a phishing attempt, forward it to Suspicious Email Reporting Service (SERS) at email@example.com. Forward suspicious text messages to 7726. This allows your provider to look into the origin of the text and take necessary actions.
28. Review your accounts.
Get into the habit of scrutinizing your financial records for unauthorized transactions as they can indicate identity theft. If you spot any irregularities, it is important to make your bank aware as soon as you find out.
29. Use a password manager.
A password manager is an online utility program that stores, generates and manages the passwords for your online accounts in an encrypted database or vault. The best thing about using a password manager is that you can have lots of long and complex passwords but don’t have to remember any of them.
30. Beware of fleeceware.
Fleeceware is a type of mobile app that comes with hidden, exorbitant subscription fees for basic services. The apps often offer users a free trial to “test” the app, prior to starting excessive, automatic payments. Analysis from Avast showed that some of those subscriptions can reach over $3,400 per year. Users are often charged long after they’ve deleted the app.
The apps are not overtly malicious, and include musical instrument apps, palm readers, image editors, camera filters, fortune tellers, QR code and PDF readers, so they often get through the vetting process at the official app stores. Many of these apps are marketed at children. Parents often only figure out the source of the charges weeks or months later.
These apps are able to prolifierate because they are not considered malware and are available on official app stores, with access to official advertisement channels.
31. Create strong, private passwords.
Create a long and complex password that is easy for you to remember but would be really hard for other people to guess. The best type of password to create is a personal passphrase because it would be a lot easier to remember than a random collection of symbols and letters combined together.
32. Use a firewall to protect your computer.
Firewalls are designed to protect your computer and prevent unauthorized access. Windows 10 comes with a rock solid and trustworthy firewall that does a good job of blocking incoming connections as well as other firewalls. Using a firewall can help to prevent theft of any confidential or sensitive information stored on your computing device.
33. Disable file and printer sharing for extra security.
File and printer sharing is a Windows OS feature that allows wireless access to your file and printer over the network you’re connected to. But sharing your resources in this way is a security risk, and leaves your computing device vulnerable to hackers. This is why you ought to disable file sharing on your operating system to mitigate these risks.
If you have installed a file sharing application on your computing device, ensure that it is not configured to run automatically every time you reboot your computer.
Follow these steps to disable File and Printer Sharing in Windows 10:
Type control panel into the Windows search box and select the app.
Select Network and Internet and click on View network status and tasks.
In the left pane, click on Change advanced sharing settings.
Select Turn off file and printer sharing, and save your changes
34. Create a regular backup of your files.
For peace of mind, make it a habit of backing up the contents of your hard drive to an external USB drive. Losing your data can be detrimental to your personal and professional life. Even if the process of backing up your data does not offer protection against online threats, it insures that nothing will be lost should something catastrophic occurs.
35. Protect your computer from power outages.
Surge protectors are designed to safeguard your computing devices against abrupt and sudden power failures. Whenever you’re in a storm and a power surge is a possibility, shut down your computer and unplug it to prevent any loss of information that may occur.
36. Constantly evaluate your computer’s security.
After you may have installed antivirus, antimalware, a VPN and other security applications on your computing devices, review these programs on your computing systems at least twice annually to be certain that everything is working as it is supposed to. Make sure that your operating systems and applications are updated to the most current versions, and be sure to replace any applications as required. Complete this process for all of your computing devices.
37. Delete software programs that you’re not using.
Unused programs run in the background and take up valuable space in your computer’s memory and hard drive. In addition to slowing down your computing system and wasting resources, these rarely-used applications are often not updated to the current versions which means they are not likely to have essential security patches that could protect your computer from compromise by hackers.
38. Be wary of unsolicited emails with attachments.
Email attachments are one of the oldest and most common tactics that attackers use to infect computers with malware. This is why you should avoid downloading email attachments from unfamiliar individuals, even if your computer is fully protected with antivirus and antimalware.
It is particularly important to delete junk mail you receive that includes an attachment. Note that there are certain attachments that you should avoid opening under any circumstances. These includes any file with an extension that is .exe, .pif, .com or .bat unless you’re expecting to receive those files from someone known to you. These are some of the most harmful files used by attackers. Whenever you receive these types of files, always scan them with Microsoft Defender before opening them.
39. Activate your operating system’s protection features.
Most operating systems come standard with a built-in firewall, spam blocker, antivirus software or other security application. On some operating systems like Windows 10, these tools come enabled by default. On others, you may have to activate them. Your ISP may also provide an email spam filtering software that you should also switch on.
40. Avoid clicking on pop-ups.
As you browse the web, you may come across fake pop-up ads that look like they originated from your operating system, telling you that your computer is at risk. Some of these malicious ads that appear in your browser may have been produced by adware or malware that is already on your computer. The objective here is go entice you to click on the ad; and if you do, more malware will be downloaded on your computer.
When you come across these ads, close them by clicking on the X in the top right corner. Sometimes, these ads may be hard to close. If clicking the close button doesn’t work, try closing the window.
41. Beware of fake anti-spyware programs
If you’re in the market for some anti-spyware software, be wary of what you buy. Some products marketed as free anti-spyware software are fake and disguised as helpful anti-malware utilities or ‘PC tune-up software’. These programs will actually download malware to your computer. Only purchase anti-spyware products from legitimate manufacturers. The best way to avoid downloading a fake anti-malware program is to stick with well-known brands such as Malwarebytes, Microsoft, Kaspersky and others.
42. Read the license agreement.
Before you start to download or install any freeware on your computing device, check out its license agreement. Many of these type of programs come with adware, spyware and other programs that you would not want to have on your device. Carefully reviewing the agreement will often reveal exactly what you’re about to install on your computer.
43. Avoid pornographic web sites.
The majority of malicious adware and spyware programs are actually distributed through pornographic and online gambling sites. These types of sites are some of the biggest sources of dangerous malware, and clicking on pop-up ads on these sites is one of the quickest ways to infect your computing device with malware.
44. Do not use unlicensed software.
Apart from the obvious illegality of using pirated software, sites that distribute it are often laden with malware. Unlicensed software is usually incompatible with security patches, and can be more vulnerable to viruses and other forms of malware. It might even come with virus already installed.
45. Take advantage of free online virus scans.
If you have a Windows computer, you can run a free online virus scan to make sure your computer has not been infected with malware or spyware. These online scanners are safe to use, and can work with any other security software that is already installed on your computer.
46. Visit Windows Update.
If you have a Windows computing device, visit Windows Update regularly and consistently to check for Windows updates. The tool will scan your system for any security patches or updates that are not currently installed. It will then build a list of items that are recommended to keep your computer updated. To keep your device safe and secure, install anything that is marked as a critical update.
47. Encrypt and password-protect sensitive files on your computer.
In addition to installing security software on your computer, you can increase the protection of your computer by encrypting or password-protecting files or folders that contain sensitive information.
48. Visit Apple Security Updates.
If you have a Mac computer, check the Apple Security Site on a regular basis to find and install software updates for macOS, built-in apps and apps that you have previously downloaded from the Apple App Store.
49. Use privacy settings to guard your identity.
All that a cybercriminal needs is your personal information to begin impersonating you. This is why you should protect your address, birth date, national insurance number, bank details and credit card information by restricting how you share information on-line. You can take a strong step towards protecting your personal information by switching on privacy settings and using strong passwords.
50. Use parental controls to protect your child online.
The internet exposes children to a broad range of risks. That’s why it is so important to keep an eye on everything your child does online. Use filters and parental controls as a safety net to shield them from content that they are not old enough to see.
51. Avoid websites that use ActiveX.
On your browser, go to Tools > Internet Options > Security > Custom level.
Go to the ‘ActiveX controls and plugins’ section and then select Enable for Automatic prompting for ActiveX controls.
Click OK > OK.
ISO recommends using Click-to-Play or NoScript. These are browser add-on features that prevent the automatic download of plug-in content (e.g., Java, Flash) and scripts that can harbor malicious code.
52. Be careful with USB flash drives.
USB flash drives are a simple and convenient way to store information, but they are easy to misplace thanks to their size. If you will be storing sensitive data in a portable USB drive, consider encrypting the information to protect your data in case of loss. USB flash drives are also a leading form of malware infection. When a USB drive becomes infected with malware, it is likely to infect any device into which it is plugged. This is why you should never plug random flash drives you found into your computer.
53. Keep a record of websites your child has visited.
Make sure that your child keeps a record of any sites that they visit so you can go through such sites for potential security risks. Find out if they have registered as members of any website, and do not allow them to do so without your knowledge or permission.
54. Use a spam filter.
Spam filters prevent your inbox from being overwhelmed by non-essential emails. If you have an email application that separates junk mail, take advantage of these features by preventing malicious messages from reaching your inbox. Spam filters offer an additional layer of protection.
55. Be wary of suspicious messages.
Cyberattacks can arrive in your inbox in the form of spoofed emails from people that you recognize. This is why you should be on your guard if you receive suspicious emails, even when you recognize the name of the sender, because their email might have been hacked.
Be wary of messages you receive that include attachments with odd file extensions or words that seem incoherent in the message body. Treat these strange messages in the same way as you would treat messages from strangers and delete them as soon as you receive them.
56. Change your passwords regularly.
Changing your passwords on a regular basis restricts the effectiveness of keylogging technology, which can be used to steal passwords. If your password is less than 12 characters long, get into the habit of changing your passwords every 90 days. This will help keep your login credentials safe.
Fraudsters use number spoofing to make it appear as if you’ve been contacted by a legitimate organisation via text or a messaging app. They accomplish this by using identity masking technology to alter the name displayed as the sender to try to get you to divulge confidential information.
58. Stay informed.
You can stay informed by subscribing to updates from the National Cyber Security Centre. If you live in Northern America, you can get information about the latest internet security issues, vulnerabilities, and exploits by subscribing to updates from the Cyber Security Alert System. These updates provide timely information about current Internet security issues.
59. Verify an email’s source when you’re not sure.
Sometimes, it can be difficult to determine that a professionally written phishing email is not the official one of the organisation it is meant to come from. It will often have the organisation’s logo and format and look exactly like the organisation’s official email. But always keep in mind that no legitimate organisation would ever ask for personal information, especially in an unsolicited email.
60. Limit the info you provide when registering for a website.
It is really important to be cautious when completing an online registration form. Name and email are often standard requirements, but some sites may ask for more personal details like your date of birth, address and phone number. Be sure to check out the site to which you are providing such details. Generally, you should only fill in the required fields, often denoted with an asterisk.
61. Take care when meeting an online friend.
Take proper precautions when planning to meet someone you just met online. Plan to meet at a public place and be sure to inform your family and friends about your arrangement.
62. Protect the e-mail addresses of your family and friends.
Do not use a website’s ‘recommend to friends’ feature unless you are absolutely sure of the site’s reputation. If you are planning on doing so, perform a background check on the site to ensure that you’re not sharing peoples’ personal details with spyware distributors and spammers.
63. Mark junk email as spam.
Even after using spam filters, some junk mail may still find their way into your inbox. The most effective way to deal with this is to configure your email service to recognize junk email by marking those in your inbox as spam. This will ensure that the email service redirects similar messages to the spam folder in future.
64. Always read the fine print.
It is critically important to always read the terms and conditions for any site you sign up to. Most sites will always give you the option of receiving updates and offers from 3rd parties. Leave this box unchecked to avoid receiving tons of junk mail and spam. Look for the box that promises that the site will not sell or share your e-mail address with other companies.
65. Be cautious about what you share online.
Avoid mentioning anything online that you would not say to someone you never met, especially on social media sites such as Twitter or Facebook. Take care not to divulge your home address or full names of people you know. Sharing too much information online can be particularly dangerous in today’s world.
66. Use caution with Out-Of-Office responses.
It might seem perfectly reasonable to create an automated response explaining that you won’t be able to check your emails whilst on vacation. However, such a message also lets people know that you’re going to be away from your computer and your home. If you’re going away, configure the Out-Of-Office response settings so that your message is only sent to members of your email address book. Be vague about where you are, and leave a simple message that explains why you’re not able to check your email.
67. Be careful where you download from.
If you’re in the market for anti-malware software, be particularly cautious of where you get the program from. Ensure that you download these programs from the manufacturer’s website and not from an unknown source of copies that may very well be fake. Trusted software sites like Cnet’s download.com is a perfectly safe alternative.
68. Be cautious when using public Wi-Fi.
A 2017 Wi-Fi Risk Report by Symantec showed that people are generally addicted to free Wi-Fi. Free, public Wi-Fi hotspots are often unsecure and carry an element of risk. Even though most sites now use encryption to secure the transmission of data, you’re still at risk especially when using apps on a mobile device.
If you’re using the same network as a sophisticated hacker, it won’t be difficult for them to breach your computer’s security and gain access to your personal information. Avoid sending or viewing sensitive information when accessing public wireless connections unless you’re using a premium VPN.
69. Reduce the chances of getting your mobile device stolen.
Don’t show off to the world that you have a laptop by openly using it whilst on the go. Avoid attracting attention by carrying it in a plain and inconspicuous laptop bag. Consider getting a security cable lock for additional security.
70. Always log out of secured sites.
When you have finished using secure websites such as your online banking service, make sure you log out before closing the browser window. This will ensure that the session is completely closed and cannot be viewed or reopened by other users. This is particularly important if the computer you are using is not your own.
71. Clear your cookies often.
Websites store personal information in cookies. Even though not all cookies are malicious, some companies may sell the information in those cookies to 3rd parties for marketing and advertising purposes. That is why it’s a good idea to delete these files now and again. Doing so will also free up hard drive space and speed up your web surfing.
72. Prevent your email account from being hacked.
If you’ve inadvertently downloaded malicious apps on your Windows 10 computer, you can prevent your email account from being hijacked by disabling email access for any apps that are currently installed on your Windows 10 device. This will prevent any fake app from being able to take over your email account.
73. Always use 2-factor authentication.
Always use 2-factor authentication wherever possible for your most important or valuable accounts. When used in combination with a password, 2-factor authentication greatly enhances security.
74. Enhance your security by forwarding your emails
With most email clients, you can forward email from one account to another in the same way as you do for your phone calls. This feature can help to enhance security. If you’re going away for a few days but will not be using your regular computing device, try forwarding your email to a new account that you’ve setup for the trip. This way, you’ll be able to retrieve any email that is sent to your regular account.
75. Beware of keyloggers.
Whenever you are using a public computer, always bear in mind that it can be infected with a specific kind of malicious software called a keylogger, which keeps a log of your every keystroke. This allows a cybercriminal to access whatever you typed in during your session. To be safe, avoid accessing your online banking and credit-card accounts from an insecure computer.
76. Stay away from dodgy sites.
Whenever you’re online, you’re either on safe sites, low risk or dangerous sites. Simply visiting a fake website could result in malware (such as spyware, Cryptoware and banking Trojans) being downloaded to your computer through the use of exploit kits. Using a free program such as Malwarebytes Anti-Exploit will protect your web browser against such threats.
77. Use separate devices for leisure and personal business.
As identity theft becomes more prevalent, it is essential to be super vigilant in keeping confidential information out of the wrong hands. very time you conduct some type of transaction online, be it monetary or an exchange of information, your identity is at risk from cybercriminals. If you can, avoid using the same computer that you use to surf the web to conduct business such as online banking or shopping. This can help to reduce incidents of identity theft.
78. Use native apps whenever possible.
We share a lot of personal information on our phones, including email and social media. Using dedicated apps is an effective way of keeping sensitive information from prying eyes. Instead of logging on to your online accounts via potentially insecure mobile browsers, use apps from your bank, credit card companies, favourite retailers or social media sites for activities like banking, shopping or posting on social media.
79. Take control of your social media privacy settings.
If hackers are able to get hold of your personal information, they can take control of your social media profiles. This is why it is essential to manage your privacy settings on Facebook, Instagram, Twitter, Pinterest and LinkedIn to keep your personal details secure. Make confidential information such as your last name, email address and phone number invisible to anyone except for trusted family and friends. Do not automatically accept friend requests. Configure each site to approve each request personally.
80. Keep sensitive information out of chat rooms.
Even if you are talking with someone in a private chat room, chat services often archive conversations on a server. You have no control over what happens to archived conversations. Even if you feel that everything is secure on your end, remember that you don’t know if the person you are chatting with has someone watching his or her interactions with you.
80. Use a unique password on each website.
Using the same password or close variants for different websites is one of the leading causes of security breaches. Make it very difficult for yourself to get hacked by uncrackable and easy to remember passwords for your email social media and online banking.
81. Keep your IP address hidden.
Most websites are able to harvest information from your computing device, such as IP address and the applications that you use, for marketing and advertising purposes. While this information collection may not necessarily be harmful from trustworthy sites, less legitimate web sites can use this information maliciously.
82. Change the default Wi-Fi administrator password.
Most routers come with a generic password to provide easy access to router settings. This is different from the Wi-Fi password, and should be changed once you get in the first time. If you do not do so, then it will be easy for an attacker that gains access to it to change its settings and possibly lock you out.
83. Erase the data from unwanted computing devices.
When you finally decide to get rid of your old smartphone or other computing device and get a new one, make sure you get rid of all of the data on your hard disk. Many people are under the mistaken impression that just deleting files is enough to remove all of their old files, but it doesn’t quite work that way. Deleted files remain on your hard drive, and have to be erased before the machine is handed over to someone else. You can use utility programs such as wipe applications to overwrite data with random patterns to make them unreadable.
84. Change the default SSID name of your router.
Routers use a network name called the SSID (which stands for Service Set Identifier). You’ll see a list of SSIDs when you open the list of Wi-Fi networks on your laptop or phone. Sticking with the generic SSID won’t make your wireless network more susceptible to threats, however, potential attackers can see it as a sign that the network is poorly configured, which makes it more of a target. You can also hide the SSID so that potential attackers will not be able to see it.
85. Use Ultimate Windows Tweaker to avoid Windows 10 from spying on you.
Windows 10 is constantly harvesting your information and sending it off to Microsoft. Fortunately, there are different options available to stop this from happening. The Ultimate Windows Tweaker is a powerful free tool that you can use to change all of Windows 10’s privacy settings and prevent Windows 10 from spying on you.
86. Disable SSID broadcasts.
You can disable the SSID broadcast to prevent other users from detecting your wireless network name when they attempt to view the available wireless networks in your area. Note, however, that this will only hide your network name, and not the network itself. This means your router can still be attacked by hackers.
87. Sign in to Windows 10 with Windows Hello.
Windows Hello is a more secure way to sign in to your Windows 10 device instead of the standard username or password. This feature gives you the ability to sign in using a PIN or facial recognition, which are stored locally on the device. To manage how you sign in to your device, go to Start > Settings > Update & Security > Windows Security > Account Protection > Windows Hello > Manage sign-in options > Windows Hello Pin > Add
88. Take precautions when using a used computer.
Do not enter your password in a second-hand computer without installing antivirus. The computer may have been infected with malicious software such as keyloggers that are designed to steal your personal information.
89. Beware of generic posts you like and share on social media.
Avoid clicking on cute, seemingly innocuous photos that you might find on Facebook. Some of these photos are posted by cybercriminals knowing that they are going to get tons of likes and shares. Once the posts have garnered enough likes, the attacker will link the post to a webpage that downloads dangerous malware to the computing device of any user who clicks on the photo in future. Only interact with photos or posts that your friends have posted in their timelines.
90. Beware of prize giveaway scams on Twitter.
If you don’t remember entering a particular sweepstakes contest but receive notification via tweet that you’ve won a prize, take a moment to make sure that the tweet is actually legitimate. Be cautious, because it could be a ruse to lure you into giving up sensitive information.
91. Always sign out of your online accounts.
Make sure that you sign out of your favorite apps and services by logging out of all open sessions except for one that you’re currently using. You’ll be leaving the door open for intruders by not signing out. Your Google and Facebook accounts are the most important, mainly because they can also be used to access other platforms.
92. Be cautious about apps that ask for unnecessary permissions.
Most of the time, an app requests permissions because it needs them in order to work. But if you have an app from an unknown developer that requires a ton of permissions but doesn’t explain why each permission is required at Google Play or on the developer’s website, think twice before installing that app on your phone.
93. Don’t call any number for Facebook tech support.
There are currently no tech support numbers for Facebook. If you come across an advertisement on the internet or on Facebook itself asking you to dial a particular number for Facebook tech support, it is fake. These numbers are being spread by cybercriminals who use the information you provide to break into your Facebook and other online accounts.
94. Secure your Android smartphone with a strong PIN or password.
Securing your Android smartphone with a strong PIN (Personal Identification Number) is absolutely essential for the security of the information contained on your phone. Android phones allow you to have a screen lock enabled to secure your phone, and there are various types you can use including a password, PIN or pattern. Once you have activated your PIN, anyone that gains access to your phone will be unable to view the information on the phone because they won’t have your PIN. For the best security, setup a six-digit pin. If the phone cannot be unlocked, it will be worthless.
95. Prevent your Windows 10 email account from being hijacked.
Cybercriminals have the ability to hijack your email account and send out spam through the use of bots, Trojans, viruses and worms. You can prevent your email account from being hijacked by simply disabling email access for any apps that are currently installed on your Windows 10 device. This will prevent any malicious app that you have inadvertently downloaded from being able to take over your email account.
Configure Microsoft OneDrive to protect your Windows 10 computer from ransomware.
Microsoft OneDrive is a powerful tool that allows you to backup personal files on your computing device. The great thing about OneDrive is that if the system becomes compromised in the event of a ransomware attack, you’ll be able to easily restore your information from OneDrive. Note that Microsoft will store all of your backed up data in the Cloud.
97. Avoid using easy to remember English words in your password.
Passwords with English words, non-English words or any words that can be found in any dictionary are extremely easy for hackers to crack. Furthermore, if your password contains one or more recognizable words with a few of the letters changed to numbers and even with some random characters at the beginning and/or end, be aware that it could get cracked in as little as 3 days.
98. Prevent your computing device from auto-connecting to networks.
Don’t allow your computing device to auto-connect to networks, because you might think you are logging on to a legitimate network, but in fact you might be logging on to a malicious hotspot setup by a cybercriminal for the purpose of stealing information from unsuspecting users.
99. Setup a remote device locator.
One of the easiest ways to find your lost smartphone is by setting up a remote device locator such as Find My on iOS or Find My Device on Android. These tools use GPS to identify exactly where your device is at any point in time, so if you simply misplaced your device, you’ll know exactly where to go and pick it up.
100. Disable Bluetooth when you’re not using it.
As convenient as Bluetooth can be, it is a bad idea to keep it on all the time when you’re not using it. In and of itself, Bluetooth comes with a plethora of security issues and concerns. By leaving Bluetooth enabled on your phone all the time, you’re exposing yourself to this type of security issue. It can be an incredibly convenient tool when you need to use Bluetooth, but once you’re done using it, you should turn it off. And if you don’t use it at all, then you should make sure that it is off.
101. Beware of counterfeit phones.
If you’re in the market for a new smartphone, the phone you’re interested in buying might look like the real thing from the outside, but that’s no guarantee that it is actually the real thing. The marketplace is full of millions of fake Chinese or Korean phones that are hard to discern knockoffs. To avoid getting ripped off, check the IMEI number, serial number and model number. Every genuine smartphone comes with a unique IMEI number that can be verified.
So… What do you think?
What do you think of this list?
Let us know by leaving a comment below!