Home Security Heroes independently tests and reviews every product. We may earn a commission when you buy through our links. Read more here.
Internet use is ubiquitous in this day and age. Pretty much everyone has a home internet connection, or easy access to some place with free Wi-Fi Whether for business, school, or entertainment, most households use the internet on a daily basis.
Despite this, many seem unaware of the dangers that can lie in wait for you if you’re not careful when browsing, and how surprisingly easy it can be to protect yourself.
Here are some of the things you can do to make sure you keep yourself safe from viruses, identity theft, and other nefarious acts out there.
Layers of the Internet
You can vaguely divide the internet into “layers”. There are some sites at the top of the heap, backed by major corporations with a vested interest in making sure that, at the very least, malware attacks aren’t originating from their sites.
Just below those is where the majority of the internet sits. Popular community sites (like forums and message boards) and smaller store pages and the like sit here.
Both of these layers can typically be trusted to provide what they say they will, whether it be a product, a place to discuss a specific topic, or education info on various topics.
Below that, however, are sites that can be described as shadier. These are usually exceptionally niche sites (like very small-scale single topic blogs) or ones that sit in some kind of gray area in terms of savoriness or legality. Torrent sites and the like which are usually safe on their own, can be used to inadvertently access harmful programs, however. These types of sites are usually a complete crapshoot in terms of safety, because they’re largely unregulated. This is where you’ll need to practice some of the other best practices we’ll talk about below.
Below even this is what is typically referred to as the “deep web”. Not to be confused with the “dark web”, these are simply sites that are not casually accessible. They don’t show up on standard search engines, and can be pretty much anything, not all of which are nefarious; most email servers are kept here, for instance. You need the exact URL to access one of these, so it’s impossible or at least exceptionally unlikely to do so by accident.
And finally, the “dark web”. Like the deep web, you don’t access the dark web by accident. You need a specific type of browser to access these specific networks. These sites require extreme caution to operate on, and typically, an average citizen should not have a need to access dark web content. While not all of it is illegal or immoral content, enough of it is, and the encrypted, secretive nature of the dark web makes it rife with people who can use the near total and assured anonymity to wreak havoc on unsecured, unprepared systems. Use extreme caution if using Tor or a similar system to access the dark web, or better yet don’t do it at all.
What Does This Mean?
It means you should, primarily, be sticking to the top two layers of the internet in your day-to-day browsing. These sites can mostly be entrusted to not infect your system with malware or collect your information to disseminate it to other people (though even these trusted sites will often collect your information and sell it to other corporations).
A lot of the other practices below are going to be helpful, mostly with this rule of thumb in mind, because honestly, the biggest thing you can do to protect yourself from cyber-attacks is to simply never make yourself a target in the first place.
Many sites make you choose a username for a reason. Not only does it allow for self-expression, it allows for anonymity.
While this anonymity does come with its own issues, primarily in that people are more prone to being rude or unhelpful in interactions without moderation, it does serve to protect people from casual attempts to harass them in more direct ways.
When interacting on a website, give as little information as possible. Many forums and the like will let you choose a number of personal details that you can share or keep private. These generally include things like your real name, gender, birthday, location, and so on.
My advice is to share none of this. Your username should suffice for most interactions. Keep in mind that even larger, more reputable companies (like Google) do not necessarily have your best interests in mind. Your information is a commodity, and you have no real reason to give them this information unless it’s an absolute requirement.
It’s also good to keep in mind that simple lists of your information are not the only source for bad actors to get ahold of a surprising amount of information if they pore over your past posts and such. Try to avoid giving out any more information than necessary in a conversation. This goes double for chat and instant messaging apps like Discord or WhatsApp, as you have less ability to seek out and remove these posts if you regret posting something.
Depending on the website, it may be unavoidable. If you are, for example, part of a forum dedicated to woodworking techniques, establishing your credentials as a 15 year veteran of the industry may be necessary to lend credence to your advice.
In isolation, these bits of info are largely useless. However, accruing enough of them could let people piece together enough information across multiple posts, or even multiple SITES if you use the same username, to paint a picture of exactly who you are.
This information can be used to track you down in real life, or help to crack the passwords on your various accounts and access more detailed information. Speaking of which:
Password Security is Paramount
Using personal information in your password is something any security expert will tell you is a bad idea.
The prevalence of people who simply use “password” as their password is astounding, being the 4th most popular password in the world (behind similar simple passwords as 123456), and passwords that use personal information aren’t much better.
Things such as your daughter’s name, spouse’s birthdate, wedding anniversary, pet’s name, and so on are exceptionally easy passwords to crack for anyone who knows what they’re doing, and getting that information from you is depressingly easy, due to the prominence of one of the biggest cyber-security threats out there: social media.
It doesn’t help that many people use the same password, or a variant, for every website they use instead of making them completely different.
Whether you use Facebook, Twitter, Instagram, or are even one of the few holdouts for MySpace out there, any information you put on any social media site is at risk.
Not only is it up for grabs for any corporation who wants it (if you’ve ever wondered why you get so many emails and phone calls about certain types of product, you can likely blame Facebook and similar sites), it’s a treasure trove of information for hackers and crackers of all varieties, who can use posts you’ve made to create a complete profile of your information that can be used for a variety of purposes.
Not only can they use it to crack into your accounts and get all kinds of usable information (even bank account or credit card info if you’re unlucky), they can use it to try and target scams directly at you.
These scams often come in the form of emails, and while spam filters are much better now than they used to be, sometimes scams still get through.
Never Click Suspicious Links
If you click a random link from an email you got from someone you don’t know, chances are you’ve been had, and need to immediately start making steps to protect your information. It’s as simple as that.
Links can have all sorts of malware attached to them, some of which are incredibly insidious and can lie in wait for months before springing a surprise on you in the form of some blackmail or ransom request where they threaten to lockdown your system or release sensitive information to the public if you don’t pay them.
Banks and similar groups with a vested interest in keeping your money safe will often warn you about these. Take these warnings seriously, but use the same amount of caution even when interacting with an email that looks legitimate. The scam warning can sometimes also be a scam in disguise. Always double check that the email address these warnings are sent from matches up with official emails you’ve gotten from that entity before. If it looks like a private email, steer clear. Official correspondence from a bank will always be from a company email, not a private one (like a Gmail account).
This doesn’t apply to just emails either. If you’re tooling around one of the “middle layers” of the internet, you need to highly hone the skill of weeding out fake links from the real deal.
If you’re lucky, some will just be advertisements, designed to basically just farm clicks for their pay-per-click advertising campaign.
If you’re unlucky, clicking an errant link on a site like Mediafire or Mega Upload can result in the same situation as above, with ransomware installed on your computer.
Always, always, always mouse over links before you click on them for any reason. Make sure the URL matches what you would expect, and will lead where you need it to go. This is a good practice to get into anywhere (for links posted on forums or social media, for example), but especially for these less regulated sites.
Use an Ad Blocker
You know what one of the best ways to ensure you never click on an unwanted link is? Reduce the number of them you even see.
A good ad-blocking program is going to block a lot of static ads on websites, as well as most popups out there.
Not only is it a good safety feature that most antivirus programs (which you should also have) won’t offer you, it’s an excellent quality of life feature that will save you a ton of time loading pages or getting to where you want to be. This is great if you have slower internet, as it could save you hours over the course of the day that would otherwise be spent loading advertisements you have no desire to see.
While some sites will throw up an error if you have an adblocker on, generally speaking it’s either easy to temporarily disable the adblocker when needed…or simply find the same information elsewhere on a site that ISN’T going to attempt to undermine your own safety and convenience for their profits; journalistic websites that started out as print media (like newspapers) are the biggest offenders here.
Read More: Identity Theft Protection Services Review
It’s Okay to Lie
Sometimes, you’re going to need or want to sign up for a site you may not be sure about. Maybe it gives you a bad vibe, or you know there’s something wrong with it but, in some ways, it’s worth the risk.
In these cases, it’s easy to circumvent many of the inherent issues brought on by sites like this by simply giving them nothing useful to work with.
If they ask you for a username? Use one you don’t use anywhere else. An email? Create a new one expressly for this purpose (bonus points if it’s with a provider you don’t usually use at all). Listing your name, birthday, or some other personal info is a mandatory part of the process? Make up every single one of these “facts”. Randomly generate a password instead of using one you would normally think to use (this helps cover any unconscious biases you might have in password creation). That last one is especially good if you only ever need to use a site once for whatever reason.
Even if you nominally trust a site, this is a pretty good habit to get into. There is absolutely no reason the average site needs to know your actual name to function. Chances are, they simply want that info so they can sell it to another corporation for a bit of extra cash.
And if the site requires your credit card info to continue…it’s usually not worth it unless it’s a service you absolutely need for work or something similar.
These are some good practices, but not the only ways to keep yourself safe out there. In general, it’s best to think of the internet the same way you would think of something like a mixer, or going to a party with a bunch of people you don’t know.
There’s a lot of opportunity to make new friends, connections, and even business deals…but you have to be careful who you trust, and your default mode of interaction with any new website or people should be wariness bordering on paranoia.
If you get into the habit of initially distrusting and vetting EVERYTHING online, you’ll find it’s pretty easy to keep yourself safe when you go surfing the Web.
Last Updated on