If you’ve followed the latest celebrity or political hacking scandals, or even watched an episode of Mr. Robot, you probably know that everyone’s passwords are terrible and that we’re all doomed. But there are several ways you can proactively minimize the risk of this happening.
In honor of Computer Security Day, we put together some major takeaways to increase your website security and keep your information safe(r) online.
1. Choose a strong password
First step: Change your password.
Here’s an experiment. I’m going to guess the password for your Jimdo website. Is it 124345678? Or jimdo123? Am I close?
In the U.S. and Western Europe, 12345678 was the most common password for the fifth year running. And when someone hacked millions of Adobe accounts, one of the most common passwords among their customers was adobe123.
If you’ve got a few minutes to kill, take a look at the list of the most common (and cringeworthy) passwords. Here are a few lessons from the list: Don’t pick your cat’s name (Buster and Tigger, anyone?) And sorry, don’t pick your favorite thing either (“cheese” and “football” are already on there).
You can find some great tips on how to come up with a strong password on websites like howtogeek.com. No matter what you choose, the best thing you can do right now is to change your password to something that’s not on that list above.
The best metaphor I’ve found to describe password security is:
Passwords are like underwear.
- Don’t leave them in the open
- Change them regularly
- Don’t share them
2. Use HTTPS
HTTPS stands for Hypertext Transfer Protocol Secure. It may sound like jargon but in layman’s terms, it’s a way to encrypt and protect information as it travels between your computer and a website you’re visiting.
As a consumer, you should always look for that lock icon in your browser that ensures you have a secure connection, especially when making purchases. If you’re not sure, click the lock icon in the address bar to display the security certificate for the website. If the certificate isn’t displayed, or you get a warning message that the address of the website doesn’t match the certificate, don’t continue.
If you have a Jimdo website (or you purchase on a Jimdo website) you’re already covered—all Jimdo websites have free HTTPS encryption.
3. Be wary of free Wi-Fi
You may have heard of the experiment in England which led to a handful of Londoners giving up their eldest child in a hidden “Herod clause” after agreeing to the terms and conditions of a Wi-Fi hotspot. However, it isn’t only the terms and conditions you should be looking out for.
Wireless transmissions aren’t always secure or encrypted, which means your data could be intercepted. If you have to use a free Wi-Fi channel, be sure to check the website you send information to is HTTPS-encrypted and don’t use mobile apps that require sensitive information. Mobile apps don’t have any obvious indicators that they are secure. So if you plan on using a website that involves sharing your credit card or accessing your bank account then use a secure network or your own mobile data.
If you really can’t avoid using an unsecured Wi-Fi for a transaction then use the company’s website instead of the app so you can check for HTTPS in the web address.
4. Avoid saving passwords in your browser
We’ve all been tempted and I put my hands up to having done it myself—saved passwords in browsers. You know it’s wrong but those pesky passwords can be hard to remember. Not only does this leave your password accessible to anyone who uses your computer so they can log in to accounts or see actual passwords but also a thief if your laptop gets lost or stolen. Even if you want to sell or dispose of your old laptop and the data hasn’t been fully erased you stand the same risk. The simplest and safest way to keep your password safe is by using a password manager such as LastPass. That way you still have your password saved but it’s protected by extra layers of security.
5. Trust your gut
We’ve all received “get rich quick” or “I’m a prince that needs $1000” spam emails that you delete straight away knowing it’s a scam. Sophisticated attackers though, may deploy spearphishing email campaigns where the content is specific to you based on what they can find out on the internet. These emails can have some accurate personal information but something may not be quite right, so trust your instincts and if something looks suspicious or too good to be true, don’t open it. Email is a great way for scammers to get into your computer and into your company. If you’re wary but the email was sent by a trusted friend or colleague, always check with them.
How to prevent email spearphishing from happening
- Be suspicious of any email or communication (including text messages, social media post, ads) with urgent requests for personal information.
- Keep in mind that unless an email is digitally signed, you can’t be sure it wasn’t forged or spoofed.
- Phishers typically include upsetting or exciting (but false) statements to get people to hand over their personal information.
- If anything feels suspicious, don’t click on the links.
- Pay attention to the website you are being directed to and hover over URLs.
- Don’t send personal information via email, and avoid filling out forms in an email that ask for your information.
We hope these tips help you stay safe online and if there’s any more you want to share let us know in the comments!