Once upon a time, during what some fondly called the “good old days,” misplacing personal items like a passport or checkbook on the street was deemed a breach of personal data. Fast forward to 2024, our lives are deeply entrenched in the online realm, and the internet, once a serene paradise, has evolved into a landscape fraught with challenges.
Certainly, cybersecurity stands as a vital necessity, but like any facet of human endeavor, it has accumulated a plethora of rumors, myths, and recommendations. Distinguishing truth from fiction and current advice from the outdated can be a daunting task. Yet, people are diligently attempting to navigate this complex landscape, evident in discussions such as this insightful thread on the AskReddit community.
#1
Avoid recycling passwords and make regular changes. In the event of a breach on one site, if your accounts are linked to your email address, the vulnerability extends across all connected accounts.
Edited by writer to insert a comment from Aleksandr Valentij, Cyber Security Lead at Surfshark:
Frequent password rotation is no longer recommended by the NIST organization and the broader InfoSec community. Ultimately, it proves counterproductive with questionable benefits. Managing numerous accounts and regularly changing passwords often leads to the use of weaker passwords due to a lack of creativity.
A more effective approach involves utilizing password managers to generate unique, lengthy passwords exceeding the 12-14 character range for each protected resource. Additionally, adopting 2-factor authentication (2FA) wherever feasible is crucial. Relying solely on passwords for account protection in 2024 is deemed insufficient. For highly sensitive accounts, the use of physical security keys, such as Yubikey, Google Titan, Thetis, Feitian, SoloKeys, etc., is strongly recommended.
#2
Prioritizing VPNs and data encryption is essential, particularly for individuals initiating online businesses or engaging in financial transactions on the internet. These security measures serve as crucial safeguards, protecting sensitive information from potential threats and ensuring a more secure online experience.
The lamentable aspect of the current technological landscape is encapsulated in Arthur C. Clarke’s assertion that “Any sufficiently advanced technology is indistinguishable from magic.” Today, this sentiment holds true, as the marvels accessible through various online services can be both awe-inspiring and perilous. Innovation is harnessed not only for benevolent purposes but also for malicious intent.
A report by the Identity Theft Resource Center (ITRC) unveiled a disheartening reality in 2022, with 1,774 data breaches across the U.S., affecting over 442 million individuals. Although marginally fewer than the record 1,862 cases in 2021, the insidious nature of these breaches lies in the fact that victims may remain unaware for extended periods, with consequences manifesting months or even years later.
ITRC isn’t the sole repository of such disconcerting data; cybersecurity firms conduct their analyses, yielding equally troubling figures. In the third quarter of 2023, according to a study by Surfshark, a prominent cybersecurity company, the United States led in breached accounts with a staggering 2.767 billion. This translates to 816 breaches per 100 people in the U.S. On a global scale, Surfshark’s research reveals that since 2004, a staggering 16.6 billion accounts have been breached, with approximately 6.0 billion having unique email addresses. In essence, a single email account is compromised around three times on average.
#3
Exercise caution by reading before you click, thinking through your actions, and staying vigilant against common online threats.
Indeed, you are your most effective antivirus, but simultaneously, you constitute the potential weak link in your cybersecurity. Stay mindful of your online actions to fortify your digital defenses.
#4
Correct! If a website’s URL begins with “https://,” it indicates a secure connection, encrypting the data exchanged between your browser and the site. Conversely, “http://” signifies an unsecured connection, and it’s advisable not to input any personal information into such websites to safeguard your data.
Edited by writer to insert a comment from Aleksandr Valentij, Cyber Security Lead at Surfshark:
Absolutely, you’re spot on. While the presence of the padlock SSL certificate in the URL indicates data encryption, it’s crucial to recognize that these certificates can be obtained for a minimal cost, starting at $9, and added to potentially malicious websites. Merely having the HTTPS lock doesn’t guarantee the overall safety of a web resource; it only assures that data transmission is encrypted. Importantly, getting a virus through an encrypted channel is still a possibility.
Rather than becoming complacent, it’s advisable to click on the lock symbol and inspect the certificate. Check if the recipient of the certificate and the website name match. It’s a prudent practice to scrutinize these details. In summary, treating websites with bare HTTP cautiously is wise, and you should refrain from providing sensitive information, such as login credentials, on such unsecured sites.
It is indeed concerning to note the extent of sensitive information exposed in data breaches. According to the ITRC study on the 1,774 data breaches in 2022, a significant number of victims had their names (1,560 cases) and full social security numbers (1,143) disclosed. Other critical compromises included date of birth (633), current home address (565), driver’s license and/or state ID numbers (499), detailed medical histories (465), and bank account numbers (443). The frequency with which individuals fall victim to similar online security pitfalls is both surprising and alarming.
In the midst of the 21st century’s first quarter, it might seem amusing that people still utilize easily guessable passwords like “123456” or their own birthdates (the third most common leaked information in data breaches). However, the statistical reality is unforgiving. According to Statista data from 2021, the three most prevalent poor password practices among hacking victims in the U.S. included using a password more than once (89%), sharing personal passwords (74%), and employing a password with fewer than 8 characters (61%). Evidently, there is a significant gap in cybersecurity awareness or a disregard for its importance among a substantial portion of the population.
#5
Absolutely, safeguarding your important data is paramount. Ensure that you have offline backups for crucial information, completely isolated from the internet. This precautionary measure acts as a defense against worms, viruses, and ransomware. In the unfortunate event of an online attack, having offline backups allows you to recover your data by simply reloading it, providing a resilient response to potential threats. Stay vigilant and prioritize data security by keeping offline backups of your vital information.
Edited by writer to insert a comment from Aleksandr Valentij, Cyber Security Lead at Surfshark:
Indeed, adding an extra layer of security to your backups is a prudent step. Consider encrypting the backups or storing them on a drive with physical encryption features, such as disks equipped with PIN code buttons or fingerprint protection. This additional safeguard helps fortify the confidentiality of your data, ensuring that even if the physical backup device is compromised, unauthorized access remains a formidable challenge.
#6
Great advice! Password managers are indeed valuable for maintaining strong and unique passwords. Checking for the padlock in the URL bar ensures a secure connection. Being cautious about the information shared on social media is crucial for privacy. Employing a firewall and internet security adds an extra layer of defense. Additionally, using a VPN enhances online privacy and security. Combining these measures contributes to a robust and well-rounded approach to personal cybersecurity.
The tips provided by cyber security experts from Surfshark offer a comprehensive approach to ensuring online safety. Summarizing their advice into ten key points:
- Clear cookies after each browsing session
- Utilize a password manager
- Implement two-factor authentication
- Employ an adblocker to prevent malicious software
- Use a VPN to safeguard your data
- Employ antivirus software
- Keep your browser up to date
- Enable private browsing or use a private browser
- Opt for privacy-focused search engines
- Steer clear of HTTP websites
Following these guidelines can significantly enhance your online security and protect against potential threats.
#7
Indeed, relying on common sense is a valuable defense mechanism in the digital world. Your observation about the design inconsistency, like a big yellow download button that doesn’t match the website’s theme, is spot on. Cybercriminals often use such visual tricks to mislead users. Always be cautious, and if something seems off or doesn’t align with the typical design of the website, it’s wise to avoid clicking on it. Trusting your instincts and being skeptical of unusual elements can help protect against potential threats.
#8
These are excellent and concise cybersecurity tips:
- Use a password manager.
- Think before you click. (Hover over the link to preview the URL. Be cautious of suspicious content.)
- Embrace 2-Factor Authentication, ideally on a single platform.
- Leverage browser add-ons and extensions, such as ad/script blockers, for a customized and privacy-oriented experience.
- Explore VPN options for enhanced privacy.
- Ensure malware/virus protection is in place.
Absolutely, using a VPN is a smart move for both privacy and security. In situations like accessing public Wi-Fi, where the network may be less secure, a VPN helps safeguard your data from potential threats. While free VPN services and Tor browser can provide some level of protection, the connection speed can indeed be a limiting factor.
Paid VPN services often offer better performance and reliability, ensuring that your internet speed is not significantly compromised. The combination of comfort and security makes it a worthwhile investment for many users who prioritize both aspects. It’s a valuable tool for maintaining online privacy, especially when using public networks or when privacy concerns are a priority.
#9
Deactivating or deleting old email accounts is a prudent step in maintaining your online security. Unused or abandoned email accounts can become vulnerable targets for unauthorized access or exploitation. By deactivating or deleting them, you reduce the risk of potential security breaches and unauthorized access to personal information associated with those accounts. Additionally, it helps declutter your online presence and ensures that your active accounts receive more focused attention in terms of security measures.
#10
You’re absolutely right. Older individuals can be more susceptible to email scams, especially those involving fake notifications about account issues on platforms like Amazon or PayPal. Encouraging them to verify such claims by independently navigating to the official website through their browser is a wise precaution. This way, they can avoid falling victim to phishing attempts and maintain the security of their personal information. Reminding older individuals to approach such emails with caution and to independently verify any claims can contribute significantly to their online safety.
#11
Changing passwords regularly is a good practice to enhance security. Storing them offline in a secure file adds an extra layer of protection against potential online threats. It’s essential to strike a balance between password complexity and manageability to ensure both security and convenience.
It’s unfortunate that often, security lessons are learned through experiences like data breaches. The MyFitnessPal incident serves as a reminder of the importance of maintaining robust cybersecurity practices, including changing passwords regularly and taking extra precautions, such as storing them offline. Learning from such incidents can help individuals strengthen their overall online security posture.
#12
Absolutely, geolocation data embedded in pictures can pose a significant privacy risk. When sharing photos online, especially those taken in or around your home or other identifiable locations, it’s crucial to be aware of the potential geolocation information associated with them. Stripping metadata or disabling geotagging on your device can be effective measures to prevent unintentional sharing of your location. Practicing caution with the content and context of the photos you share can help protect your privacy in the digital space.
#13
Absolutely sound advice! Verifying the identity of the individuals you communicate with online, ensuring the security of your communication channels, and being mindful of your surroundings are critical aspects of maintaining cybersecurity. Your vigilance plays a key role, as you are indeed your own best defense against potential threats. Understanding the security features of the tools you use and staying aware of your digital and physical environment contribute significantly to overall online safety.
#14
Excellent advice! Hovering over links in emails to inspect the domain name before clicking is a smart and proactive approach to avoid falling victim to phishing attempts. Verifying that the domain aligns with your company’s or the legitimate company you’re interacting with adds an additional layer of security. This simple yet effective practice can help prevent potential security threats and protect sensitive information.
Your cautious approach is very sensible. Verifying that links in emails from your bank or financial institution lead directly to their official domain is a strong security practice. Using such vigilance helps protect against phishing attempts where malicious actors may attempt to imitate legitimate organizations. It’s understandable that you prioritize dealing with institutions that prioritize the security of their communications and maintain a direct link to their own domain. Cybersecurity awareness and skepticism are crucial in today’s digital landscape.
#15
Absolutely, exercising caution when clicking on links in emails is crucial for maintaining online security. Email phishing attacks often involve malicious links that can lead to phishing websites or initiate downloads of harmful content. Verifying the legitimacy of the email sender and the link destination, especially if unexpected or suspicious, can help prevent falling victim to phishing attempts and protect against potential cybersecurity threats.
You’re absolutely right. Despite our best efforts, data leaks can still occur, making it crucial to detect such incidents promptly. Quick awareness allows individuals to take immediate measures, such as changing passwords and monitoring bank activity, to minimize potential damage and prevent identity theft.
Services like Surfshark’s Alert, providing instant warnings if your email is involved in a data breach, play a vital role in ensuring timely awareness and response. This kind of proactive approach empowers users to swiftly take necessary actions to safeguard their personal information, underscoring the importance of staying vigilant in the ever-evolving landscape of online security.