Internet Security Best Practices: How to Avoid Viruses, Scams, Malware and Hackers

Introduction

Whether you access the internet at home, at work, or in school, you should always take online security seriously. Falling victim to scams, viruses, trojan horses, malware, adware, and countless other problems is so easy to do even if you are aware of the risks.

Staying safe while online requires sticking to a few basic rules. This guide covers the main risk areas and how to improve your personal cybersecurity whenever and wherever you access the internet.

Use Antivirus Software

New viruses come out every day, and the best way to protect yourself is to use trusted antivirus software on your computer.

Antivirus software is constantly updated to protect your computer from the latest threats as they emerge, and it should be considered essential whenever you go online.

Choose a software package from a trusted vendor, of which there are many (two of the biggest being McAfee and Norton). Bitdefender is another good option, and AVG is popular and has a free version that is suitable for home use.

Antivirus software does more than just protect your computer from viruses and malware. Depending on the product you use, it can also protect your privacy, prevent you from visiting unsafe websites, help you to locate a lost device, and provide secure online storage.

What About Smartphones and Tablets?

The risks posed by viruses and malware to smartphones and tablets are growing. As mobile devices become increasingly important for accessing the internet, the temptation for criminals to target them grows.

Nowadays you can purchase antivirus protection for your phone and tablet as well as your computer.

For example, Norton has a product for that covers phones and tablets, and Bitdefender has a dedicated product for Android phones. AVG also provides a free version for Android devices.

Also be particularly careful when downloading apps. Apps for mobiles and tablets are popular because they are so easy to use.

But while apps in the Apple App Store are generally safe because Apple controls the apps, the situation is different for Android devices. Always make sure you are downloading genuine apps, and read the reviews before downloading them to pick up on any warning signs.

Keeping Your Online Accounts Safe

Viruses and malware are a real threat, and antivirus software is a must. However, many hackers and criminals rely on the weakest link to get what they want: human error.

The actions you take — or fail to take — online can leave you exposed to risks, so it is important to stick to safe online practices.

Passwords are one of the biggest problem areas for everyday internet users. Hackers can often crack passwords that are too basic, allowing them to get access to your personal accounts. To reduce the risk of this happening to you:

• Use a different password for all of your accounts
• Make your passwords as long as possible
• Do not use a password that could easily be guessed
• Make your passwords completely random
• Use a selection of letters, numbers, and symbols
• Never reveal your password to anyone.

The problem with doing all this is that it makes passwords harder to remember, and this is where a password manager comes into place.

Two of the best managers are 1Password and LastPass, and these will both store all of your passwords securely and allow you to access them with one master password. This is one of the simplest ways to make sure your passwords are as secure as they can be.

If you would like to read more on this topic, WordPress and Google both provide detailed advice on password management.

Password Protect Your Devices

On the subject of passwords, make sure you also password protect your computers, phones, and tablets. It may take a little bit longer to access them, but the extra security is well worth it.

Then if someone steals your device, they will not be able to get access to your online accounts and personal information, giving you the opportunity to change your passwords and keep your online accounts safe.

Use Two-Step Verification Where Possible

Another step that you can take to protect your accounts is to use two-step verification. Also called two-factor authentication (2FA). Many services are now offering this, so always use it where it is available.

To use two-step verification, you will usually have to provide the company with your cell phone number. When you type in your password online from a device for the first time, the company will send you a text message containing a code.

You then insert the code to get access to your account. This prevents anyone from accessing your account unless they have access to your phone as well, making it much more secure.

Google provides a detailed guide to its two-step verification process that you can read about here.

Be Careful with Email

Emails are another area where you should exercise caution. Attachments in emails are a common way to transmit viruses, and phishing emails can allow criminals to capture your bank details and steal other personal information.

Ensure you have a powerful anti-spam function in place, and do not even open spam email unless you think it is from someone you know and has wrongly been sent to your spam folder.

Never download attachments unless you are absolutely sure that the email is from someone you trust. Antivirus software can often scan attachments for viruses in case the person you trust has sent you an infected file by mistake.

ComputerWeekly.com provides a useful guide to email security that you may want to read for more information. (Requires email address.)

Phishing emails are fake emails designed to look real. The most common scam is to send you an email that claims to be from your bank asking you to visit the website and insert your details.

When you click on the link you are sent to a fake website, which would look exactly like your bank’s site. You are then asked to login with your username and password and this is where the criminals steal your password and other secure details.

Real banks never send emails asking for your password information, so be very cautious when you receive such an email. Always visit your bank’s website from a new tab and type in their address rather than clicking on a link in an email.

You can learn more about phishing and report phishing emails at US-CERT.

Secure Your Wi-Fi Network

Wi-Fi is the most convenient way to connect to the internet, especially if you want to connect more than one device in your home. However, make sure your Wi-Fi network is secure. This involves:

• using encryption, preferably Wi-Fi Protected Access II (WPA2) because it is the strongest. You should be able to do this in the security settings.
• changing your router settings so that the SSID remains hidden and potential hackers therefore won’t be able to find it.
• changing the name of your network (the Service Set Identifier or SSID) so that hackers cannot guess the manufacturer of the router.
• ensuring you use a strong password to gain access to your network.

Also be careful when you use a public Wi-Fi network such as in a café. Never visit a sensitive site like online banking on a public Wi-Fi network because criminals can quite easily steal your data in this way.

Detailed information about Wi-Fi security can be found at OnGuardOnline.gov for further reading.

Be Careful of Dangerous Links

Sometimes your computer can get infected by a virus if you simply click on a bad link while browsing the internet. There are endless stories in the press about viruses on Facebook and social media sites — this story on TweakTown is just one recent example.

Sometimes antivirus software will tell you when a link is not trusted, but not always. So always be vigilant and be especially careful of adverts promising easy riches or those related to pornography.

Keep Everything Up to Date

Whatever operating system you are using, always install updates when they are released. Apple and Microsoft regularly send important security updates, and downloading these will help to keep your devices safer.

Apps on smartphones and tablets will also release updates regularly, and it is a good practice to update these as soon as they become available.

Use Trusted Video Plugins

When you want to watch a video online, you may be asked to download a plugin to view it. Always research the plugin before you download it — quick search online should reveal if there is anything to be wary of.

You can also download trusted video software to your computer like Windows Media Player, QuickTime Player, Microsoft Silverlight, RealPlayer Cloud, or VLC, which should allow you to watch most video content.

Staying Up-to-Date on Security

The news is always full of stories about computer attacks sweeping the world. The only problem is that most of these stories don’t contain much useful information. When you’re running a computer network, you need enough details to know how to stay safe.

The information is out there, if you know where to look. Keep the right bookmarks and subscriptions, and you can get the details behind the headlines. Then you’ll be well-armed against the forces of evil.

Blogs and News Sites

Specialty blogs are a great source of information. Following their feeds can let you know all about shifting trends and new kinds of attacks. It’s frightening news, but you need to know it. Most of them offer multiple RSS feeds by topic, email subscriptions, and social media feeds. Pick your favorite reading style.

Dark Reading, a service of Information Week, runs several stories a day on current security topics. It provides lots of specifics on threats and responses, but you don’t need a degree in computer science to understand it. Besides the blog, you can get its information through newsletters or peruse its webinar archives.

Threatpost, from Kaspersky, Lab, bills itself as “the first stop for security news.” It provides serious technical detail along with the occasional news of the odd. It also presents a podcast. You can read the site in English or Russian.

Security through Education focuses on the human factor, with intriguing titles like “Children Hacking Websites.” Most security incidents involve user error, so understanding how people are being tricked and manipulated is important. You can subscribe to the newsletter or listen to the podcast as well.

In 2016, Krebs on Security was hit with one of the biggest DDoS attacks in history, so you know that the bad guys take Brian Krebs seriously. He specializes in covering online criminals who are after people’s money. The articles in his blog are very readable while giving ample details on how attacks work.

WeLiveSecurity provides a mix of current news and general security advice. Many of the pieces are informative as well as entertaining. You can watch a video on how to make a strong password or find out the details on the latest wave of ransomware. The “How To” section provides useful security tips from cyber risk analysis to Pokemon Go. The site includes editions in Spanish, Portuguese, and German.

Cisco’s security RSS feeds are pure technical information on current security issues. Some are Cisco-specific. Others, like the Threat Outbreak Alerts and the Multivendor vulnerability alerts, are of broader interest.

Podcasts

If you like to get your information by voice and video, lots of security podcasts are available. Some are long and chatty, others short and to the point.

Security Now is a weekly program available in either video or audio format. You can subscribe or download individual episodes. Spyware expert Steve Gibson and Leo Laporte make security discussions entertaining and lively. Some of their advice may surprise you. (How much does antivirus software really protect you?)

Short on time? StormCast is a daily fifteen-minute audio podcast from SANS on the latest online threats. It’s at a concentrated, serious technical level, so you have to listen closely to absorb it. The web page for each podcast has links to diary entries with additional information on the day’s topics.

Brakeing Down Security isn’t a typo. It’s named for its host, Bryan Brake. The discussion can get technical, and it helps if you know something about how operating systems work. Even if some of the content goes over your head, you’ll get a lot of useful advice on staying safe. It’s available through a YouTube channel, SoundCloud, iTunes, or Google Play.

Unsupervised Learning “curates 3 to 5 hours of reading into a 15 to 30 minute summary.” It’s heavy on news, without idle chatter. It includes large numbers of short news items. You can listen to it through iTunes, Android, Overcast, or your favorite player using the RSS feed. The same information is available in newsletter form.

Other Resources for Staying Up-to-Date

Have I Been Pwned? offers to check if your account or domain has been compromised. There’s nothing surreptitious or magical about it; it just uses a list of public records of breaches. If it tells you “no pwnage found,” that doesn’t mean you’re safe, but it might report breaches you were caught up in. You can enter a common name like “JohnSmith” to see what sort of information it turns up. It’s less likely to turn up minor sites that have been breached but didn’t get publicized.

Do you want lots of security information in your Twitter feed? Here are ten accounts you can follow or put into a custom list.

• Cisco Security: lots of updates on current threats.
• Sophos Labs: security news and tips.
• IT Security News: worldwide security news.
• Cybersecurity: security information from DHS.
• Eugene Kaspersky: CEO of Kaspersky Lab.
• Infosecurity Magazine: links to articles on infosecurity-magazine.com.
• NCSC UK: information and advice from the National Cyber Security Centre.
• Norton: news from the security software company, not just about its own products.
• Global CyberSecurity: worldwide news from the Global Cyber Security Center.
• Security Affairs: news from Pierluigi Paganini on security developments.

Finally, a business which is serious about security needs to know about the Cisco PSIRT OpenVuln API. This is a body of structured technical information about known software vulnerabilities. It’s not something you read directly; you need a software tool like OpenVulnQuery to get the information that’s relevant to your installation.

Stay Up-to-Date

However you choose to get your information, you need to keep up with computer security in order to keep your systems safe. Information is available on the Internet at all technical levels and in all styles. Try a few till you find the ones that work best.

CISPA and CISA

The Cyber Intelligence Sharing and Protection Act (CISPA) is a piece of legislation designed to thwart cyber-criminals by allowing corporations to share data about users with the government.

CISPA is essentially an upgrade to the 1974 National Security Act, and it aims to empower the government to acquire cyber threat intelligence. While CISPA is widely supported by corporations, it has been hit with criticism from privacy and civil liberties organizations.

CISPA appears to be dead as a practical matter. But it spawned a related bill, the Cybersecurity Information Sharing Act of 2015 (CISA).

CISA is very similar to CISPA, however. In 2015, CISA was signed into law in the United States.

Pros and Cons

CISPA was designed to protect against two main outcomes: information security breaches, and cyber-security threats.

It proposed a mechanism where private companies would be allowed to share data with the government, in an effort to highlight suspicious activity or communications that could indicate threats.

The bill would have given the US government the power to monitor the use of networks and services, as well as allowing data sharing to prevent crime and threats to children.

Importantly, CISPA would also have allowed the government, and the NSA, to monitor private communications that take place online. That data could have been accessed without a warrant.

The Two Sides

The Electronic Frontier Foundation is one of many organizations that believe CISPA would have opened the door to infringing civil liberties, and they say that the amendments added to it didn’t go far enough.

CISPA was supported by more than 800 companies, represented by an array of trade organizations. These include Verizon, IBM, Microsoft, and Intel, as well as the United States Chamber of Commerce.

CISPA vs CISA

Privacy campaigners say that CISA gives corporations and governments near-identical powers as CISPA.

However, under CISPA, the NSA would handle the data. Under CISA, it is managed by the Dept of Homeland Security. However, the bill grants the same immunity to companies that actually share that data. And the data could still be passed — uncensored — to the NSA, as well as the FBI.

CISA was brought into law in December 2015 as part of a much bigger piece of funding legislation. Critics say that this was a way to bring CISA into law without further debate, simultaneously bypassing the President’s right to veto it.

CISA Implications for Non-US Citizens

Like many US laws, CISA may affect citizens of other countries too. CISA could result in non-US citizens being prosecuted under US law, if they are thought to be involved with a cybercrime that affects a company based in the US.

In a Guardian article, the given example is a French hacker who compromises a Spanish person’s MasterCard account. That could result in the French hacker being jailed in the USA.

In practice, many countries have similar legislation already. For example, the United Kingdom has its own Cyber Security Information Sharing Partnership, which has a similar purpose.

CISPA and CISA Resources

• Everything You Need to Know About the Recently Passed, Privacy-Decimating CISA Bill: a thorough analysis of CISA.
• Your Complete Guide to the 5 Cybersecurity Bills in Congress: learn about the differences between CISA and CISPA, as well as three other cyber security bills: CTSA, PCNA and NCPAA.
• Why You Should Be Concerned About the Cybersecurity Information Sharing Act: an analysis of the contents of CISA and the threat to personal privacy.

Stay Safe Online

You should not be overly paranoid about your online activity, but do take precautions. As you get into the habit of using stronger passwords, avoiding suspicious links, and installing system updates, most of it will become second nature.

The internet offers so many benefits, whether you use it for study, work, or leisure. But always be aware of the risks when you are online, and make sure you stay safe.

Further Resources for Online Safety Information

There are many websites where you can get access to further detailed information on staying safe online. Here are a few where you can find up-to-date information:

• ConnectSafely: Tips, news, and advice for staying safe online
• Kids.gov: Online safety guide for kids
• FBI.gov: Online safety guide for parents.

Text written by the various members of WhoIsHostingThis Team with major contributions by Gary McGath and Claire Broadley. Compiled and edited by Frank Moraes.