• Vaultree

10 Golden Rules To Safely Surf The Internet

Updated: Feb 22

As the world is getting digitised a bit more every single day, data leaks and hacks are becoming sadly common occurrences. As mentioned in one of our previous articles, cybercrime is expected to damage the global GDP by $6 trillion in 2021 and the increase of ransomware attacks for small & medium sized businesses are calling for attention. But what kind of strategies should we apply in order to not become part of the statistics?

There are many best practices which will become the norm of tomorrow. But one moment…why wait until tomorrow if you could already use them today to stay safe?!

We made a selection of 10 golden rules helping everybody to safely surf the internet:

1 - Use strong passwords

Most people tend to have weak passwords because not every site requires a strong one with special characters and numbers, but why wouldn't you have a strong password if it's not needed? Well, passwords are keys and as the complexity of the key is higher, the complexity of the invasion increases as well. So, instead of using your mum’s birthday or your pet’s name, try to use something abstract with special characters, upper and lowercase letters as well as numbers.

2 - Be careful with phishing emails Phishing emails are one of the most common practises of cybercrime. There are many types of phishing, the most common type basically works like a bait, trying to deceive the victim. The hacker sends an email to the victim, pretending to be a company, with a very similar domain, asking the victim to click on a link and fill out a form. That way the hacker is able to steal (your) sensitive data that could be used to harm the victim (you) in many ways, from selling the data to illegal parties, to hijacking your credentials to make purchases or steal money from your bank account. With that in mind, always pay attention to the email addresses and never open links from unknown senders, especially the ones that ask for personal information.

3 - Be careful opening email attachments

It works very similar to phishing email: you receive an email from a hacker asking you to download an attachment. The hacker might be mimicking a big company or even someone you know and when you open that attachment an embedded script runs on your computer. This script can do whatever it’s developed to do, from deleting files on your hard drive to transforming your computer into a “zombie” and do whatever the hacker has in mind.

Again, pay attention to the sender and never download files from strangers, as you will never know who is behind it.

4 - Don’t click on pop-ups

Pop-ups are very tricky to deal with because it’s impossible to know what is behind them. An advertisement pop-up can contain malware and as you click to close the window it’s not guaranteed that the pop-up will close. Actually, if there is bad intention behind it, the close button will most likely instantly download a file to your computer. With that in mind: be very careful with pop-ups, especially the annoying ones literally popping up in a random place at a random time. You can avoid these by updating the security settings on the web browser. Many browsers, such as Brave, automatically block pop-ups to keep their users safe.

5 - Don’t use your browser to store your passwords

Many browsers suggest storing your password for you so you don’t need to type it in every time you access a site. Have you ever asked yourself how the browser stores your passwords? Google Chrome for example stores your passwords in the folder “%UserProfile%\AppData\Local\Google\Chrome\User Data\Default\Login Data”. If you have any software for database visualisation, you can simply open it. Of course it’s encrypted, but it’s not hard to decrypt it. So, instead of using your browser to store passwords, think about using a specific software to manage them, such as: 1Password or KeepassX.

6 - Don’t give out your personal information

When it comes to personal information, be very cautious about what you sign up for a free service or app, there are a lot of companies literally selling your data as a product. Embedded in their privacy policy or terms & conditions, you allow the company to collect your data and sell it to third parties through trackers (e.g.: cookies) that supply advertisers with detailed information about where you live, work, and shop. There are lots of ways to avoid it, from disabling the collection of data in your browser settings to simply denying sites and apps access to your location or your microphone if it’s not absolutely necessary (e.g. Instagram for example listens to your conversations and displays targeted ads in your feed and uses your data in many other ways; again, which you have agreed to when signing up). So be careful with the privacy policy and terms & conditions that you agree to, reading them is never wrong. It might take some time but will protect you from bad surprises and lets you keep control over your data.

7 - Use Two-Factor-Authentication every time you can

Two-Factor-Authentication, in simple words, is a second-step verification of identity. The most common form of it is embedded in the login process of a site or app. When logging into your account, besides having to enter your password, you will receive a code via SMS or email which you then need to paste or type into the required field. It adds a second layer of security, meaning in order to hack you, the hacker will not only need your password but also your phone or email credentials (if you don’t use the same password twice). You can check in your account settings if it’s possible to activate Two-Factor-Authentication.

8 - Use a safe browser (e.g. Brave)

As a user, access to your web activity and data is sold to the highest bidding internet giants which are becoming richer every second by using your data. Choosing a safe browser which doesn’t save your private information not only avoids being possibly breached but also that your personal data is not sold. This means that you can surf safely on the internet without being spied on by those internet giants. For that, you could use browsers which simply don't save or sell your data, like Brave or Firefox.

9 - Never download files from unknown sources As mentioned before, when it comes to downloading files from people with bad intentions, the results can be very harmful. An analogy to downloading a file is letting someone enter your house. Would you let anyone enter your house? Therefore always check the integrity of the source that you are downloading from, and always scan files with your antivirus software before opening it.

10 - Avoid HTTP sites

HTTP is the default protocol for the web. Using it allows browsers to request web pages from servers. The problem is that this protocol is based on plaintext, it has no encryption whatsoever, literally just plain text. With that in mind, anyone between the client and the server could manipulate the data sent from the client and sent from the server. Hackers could easily abuse that to fake transactions involving money or sensitive data. To solve that, HTTPS was created which is basically a HTTP protocol but with security principles like: confidentiality, integrity and authentication.

In order to stay safe, especially when it comes to personal or financial transactions, always pay attention to the page URL (the link in your browser search bar). If it starts with HTTP, better avoid it.