So you’ve taken our steps to make sure your passwords are more secure – what else can you do to stay safe when you’re online? Here are a few tips to help keep you secure.
1. Update your software
Before you do anything else when you go online, make sure all your software is up to date. Check to see if Apple or Microsoft or Google is offering you any updates to MacOS, iOS, Windows or Android. It can feel like a real drag doing updates, but this really is one of the most important things you can do. It’s worth remembering, for example, that Microsoft released a patch for the vulnerability that the WannaCry ransomware exploited two months before the May 2017 attack. Windows computers that were up to date weren’t hit by the ransomware.
Also make sure your browsers are up to date: every browser, from Chrome and Firefox to Microsoft Edge, Opera, Vivaldi and Safari, will have security holes.
Of course, that also applies to your antivirus software, which you need with almost every device you use to access the web.
Windows 8.1 and Windows 10 come with antivirus software baked in to the operating system, but you might want to use antivirus provided by one of the big, reputable security companies such as Sophos, McAfee, Avast or Symantec, all of which provide free software for home users.
Don’t think that because you’re using a Mac you’re safe from malware: you’re not, and you need to use antivirus. Again, the big security software vendors offer free software for home users.
If you use an Android phone or tablet, you’d be mad not to use antivirus: Android is a huge target for malware creators.
If you’re an iPhone user, you are using the only platform that is pretty much free of malware – but that doesn’t mean you’re in the clear. Older versions of iOS can’t run many newer versions of apps, and Safari vulnerabilities aren’t always patched by Apple for older phones.
2. Who’s contacting you – and why?
Watch out for emails or SMS messages – or indeed any messages – that come with a link for you to click that leads to a login page as these are often fakes designed to steal your credentials. This is called a phishing attack, and it’s one of the key ways that data is stolen. Victims get an email or message saying that their bank account has been suspended, or they need to renew their iCloud account, or that a package is waiting for them and that they need to sign in.
The link takes them to a page that looks like their bank or iCloud log-in page, and the unsuspecting victim fills in their username and password – and then, rather than actually logging in, they’ve handed over their details to a hacker.
First, you should never click a link in an unsolicited email or text. If you think it might be real, go direct to the website and log in from there – don’t log in from the link sent to you.
How can you check if a website is legit? Look carefully at the URL in your browser bar. Hackers create fake webpages using domains that look like the right name hoping you’ll be fooled. Globalsign has a good guide here on red flags that you should look out for in URLs.
Also look at the email itself: most legitimate providers will use your full name; fake ones tend to say “Dear customer” or similar. And the address they come from is a sign: many fake emails will use something like firstname.lastname@example.org and a domain name that looks as if it might come from your bank, but doesn’t.
Finally, nobody reputable will ever ask you to send your password by email.