I’m cautious to say the least when it comes to keeping myself safe online. So over the years I’ve developed some habits to minimize my risk online which I’d love to share with you. These are tips that will significantly reduce the odds of having your personal and business internet based accounts hacked.
There are a lot of items in this list so I realize this can be overwhelming at first, so work with each recommendation one at a time so that you can understand and gain comfort with it before moving on to the next.
- Always use strong passwords for all your online accounts. The use of compound words with numbers is a great way to create a strong password that’s easy to remember. There is a great non-technical description of this approach here. A more technical explanation is available here.
- Hackers have been known to steal usernames and passwords from less secure sites and then use those same usernames and passwords to attempt to login to other sites. So if you use the same username and password on multiple sites this means your security is based on the least secure site that you are using. In short, do not use the same usernames and passwords across your different online accounts. At the very least always use a different password and make that password as strong as possible.
- My email provider supports creating multiple aliases for my email account. With this feature, I can create up to 100 distinct aliases which all deliver emails to the same base email account. If you have this feature available, use it to create different email addresses for each online account. For example, I’ll create a one alias for Dropbox,: “firstname.lastname@example.org” and other for OneDrive: “oneDrive@mydomain.com”. This strategy also makes it easier to track the source of email spam if it ever appears from a specific email alias. And these aliases allow you to easily move responsibility for a service to another person in the company but just re-pointing the alias to their email address.
- To simplify login either allow your browser to store the username and passwords for the sites you visit or use password safe software which lets you store your username and password for all of your sites.
If you use your browser keep track of usernames and passwords, be sure to secure the passwords with a master password so that those passwords are not easily accessible by someone who gains access to your computer or smartphone (for example, Firefox supports creating a master password to protect all your saved passwords).
- Always enable two-level authentication for online sites that support it. Using this feature means that even if your username and password are discovered, it will still be impossible for that person to login unless they also have your cell phone where the second level authentication code is sent.
- Use “zero knowledge” encryption software to encrypt sensitive documents you store in the cloud (such as on Dropbox or Google Docs). Zero knowledge means that even the encryption software vendor does not know the password you are using to encrypt your documents. This does mean that if you lose this password, you’ll loose access to your documents, so keep that password in a safe secure place. I use Boxcryptor for this purpose and highly recommend it for both personal and business use. It has a number of great features and in my opinion is reasonably priced given the protection it affords.
- Avoid using visiting websites where you enter sensitive information (such as credit card numbers) when connected to a public network such as in a coffee shop. Even though you may be using a secure website, there are attacks which can compromise even secure websites in a public network. It’s not worth the risk so do all your online purchasing from the relative safety of a secure private network (i.e. at home behind a firewall).
As a final thought, provide a written and signed policy document that lists all these expected behaviors to all your employees to ensure they use safe online practices like these. And follow that document up with training to help them successfully learn and apply each of these practices in their daily online lives.