Kate Bevan   08 February 2018

So you’ve taken our steps to make sure your passwords are more secure – what else can you do to stay safe when you’re online? Here are a few tips to help keep you secure.

1. Update your software

Before you do anything else when you go online, make sure all your software is up to date. Check to see if Apple or Microsoft or Google is offering you any updates to MacOS, iOS, Windows or Android. It can feel like a real drag doing updates, but this really is one of the most important things you can do. It’s worth remembering, for example, that Microsoft released a patch for the vulnerability that the WannaCry ransomware exploited two months before the May 2017 attack. Windows computers that were up to date weren’t hit by the ransomware. 

Also make sure your browsers are up to date: every browser, from Chrome and Firefox to Microsoft Edge, Opera, Vivaldi and Safari, will have security holes.

Of course, that also applies to your antivirus software, which you need with almost every device you use to access the web.

Windows 8.1 and Windows 10 come with antivirus software baked in to the operating system, but you might want to use antivirus provided by one of the big, reputable security companies such as Sophos, McAfee, Avast or Symantec, all of which provide free software for home users.

Don’t think that because you’re using a Mac you’re safe from malware: you’re not, and you need to use antivirus. Again, the big security software vendors offer free software for home users.

If you use an Android phone or tablet, you’d be mad not to use antivirus: Android is a huge target for malware creators.

If you’re an iPhone user, you are using the only platform that is pretty much free of malware – but that doesn’t mean you’re in the clear. Older versions of iOS can’t run many newer versions of apps, and Safari vulnerabilities aren’t always patched by Apple for older phones.

2. Who’s contacting you – and why?

Watch out for emails or SMS messages – or indeed any messages – that come with a link for you to click that leads to a login page as these are often fakes designed to steal your credentials. This is called a phishing attack, and it’s one of the key ways that data is stolen. Victims get an email or message saying that their bank account has been suspended, or they need to renew their iCloud account, or that a package is waiting for them and that they need to sign in.

The link takes them to a page that looks like their bank or iCloud log-in page, and the unsuspecting victim fills in their username and password – and then, rather than actually logging in, they’ve handed over their details to a hacker.

First, you should never click a link in an unsolicited email or text. If you think it might be real, go direct to the website and log in from there – don’t log in from the link sent to you.

How can you check if a website is legit? Look carefully at the URL in your browser bar. Hackers create fake webpages using domains that look like the right name hoping you’ll be fooled. Globalsign has a good guide here on red flags that you should look out for in URLs.

Also look at the email itself: most legitimate providers will use your full name; fake ones tend to say “Dear customer” or similar. And the address they come from is a sign: many fake emails will use something like mysecurity@my-bank.com and a domain name that looks as if it might come from your bank, but doesn’t.

Finally, nobody reputable will ever ask you to send your password by email.


3. Is my connection secure?

When you’re connecting to the internet, especially if you’re away from home, you want to be sure that the data you send from your device to the website is encrypted so that it can’t be intercepted.

Most webpages are encrypted these days, and indeed the Chrome browser will warn you if a website doesn’t offer a secure connection. To make sure you’re not sending sensitive information like your password unencrypted, look at the start of the URL: the first thing you should see is https:// and in the URL window, you should also see a padlock icon. Many browsers colour that green to make it doubly clear that it’s a safe page.

4. Public Wi-Fi and evil twins

Using a public hotspot? Treat it as insecure. If it asks you to sign up before you can use it, check what data it wants you to share with the provider, and also check what marketing emails it wants to send you. Data protection laws in Europe mean that you shouldn’t be tricked into getting these with sneaky tick boxes, but that’s not the case everywhere. Look closely at any boxes it wants you to tick – and at any it has already ticked for you.

Don’t send anything sensitive such as credit card details, logins or online banking details over public hotspots: either use your phone as a hotspot to connect your laptop, or use a trusted VPN.

5. Use a VPN

A VPN provides a secure internet connection between your laptop and the website you’re logging in to – but choosing a commercial provider is a bit of a minefield. This is a good guide to how they work and what to look for when choosing a VPN.

Be very careful of choosing a free VPN – remember that all your sensitive data is being sent via that connection and in return for “free”, the provider is likely at the very least to want to capture some metadata in return.  

Even if you think you’re connecting to a hotspot from a known provider, you should still treat it as insecure: hackers can – and do – set up “evil twin” hotspots, which use the same name as a legitimate provider. They then use special software to steal your details.

By their very nature, these are hard to spot and easy to fall for. One tip is to avoid any network that is completely open and doesn’t require you to sign up for it – and of course, use a VPN.

twins Vivian & Violet

Watch out for 'evil twin' Wi-Fi networks that could steal your personal information. Picture credit: Erin / Flickr

6. Signing out

If you’ve been using a shared computer, or if you’ve been using a public hotspot, when you’re finished, make sure you sign out of every website you’ve visited on that PC, and then clear the cookies from the browser you’ve been using.

Cookies are tiny files storing data in the browser that identify you to the website you’re visiting. As well as, say, returning you to a shopping basket when you come back to a website, they can also save passwords, so clearly it’s not a good idea to leave traces of your browsing on someone else’s laptop. This is a step-by-step guide to clearing them from the main browsers.

We can’t promise you’ll be 100% safe online, but following our tips should reduce your risk.