Digital Deadbolts: How to Protect your Security and Privacy Online

Hello readers! This is the first article in a series of articles I'm doing in collaboration with digital-issues advocacy group OpenMedia. You can also read this article on their website. Enjoy!

The front door of your home has a lock on it – and chances are, you use it. That doesn’t make you an elitist who thinks that you’re better than the people outside, nor does it make you paranoid. Rather, a lock on your door is regarded as common sense. It keeps unscrupulous people from stealing your stuff, or from walking into your house and looking at you in the shower.

Security doesn’t end at your front door. You might have windows with stops on them. If your neighbourhood doesn’t always feel safe, you might consider an alarm system. The same goes for your computer, and your online presence. The Internet, as a whole, is kind of a rough neighbourhood. For good or bad, we are all connected to that entire neighbourhood, and some of the residents aren’t so savoury. 

Here are three of the biggest threats to the modern Internet denizen’s security and privacy:

  1. Griefers Looking to Harass:
    “Griefer” is a catch-all term for awful people who engage in online harassment of all sorts. Griefers are out to bully, sexually exploit, or politically silence their victims (and sometimes a horrible combination thereof). Griefers will often try to exploit weak security practices – like bad passwords – to gain access to their victim’s accounts, and otherwise make their victims’ lives  miserable.

  1. Criminals Looking to Make a Buck:
    Wherever there is not-so-great security, you’re likely going to find criminals ready to exploit it. The last several years have seen the rise of several such threats: scams pretending to be PayPal or the victim’s bank designed to fool victims into giving up their money; ransomware programs which lock a user’s computer until they pay the eponymous ransom to hackers; or identity-thieves with various tricky methods. These criminals are difficult for police to track down because they often operate across borders, from far-off countries.

  1. State Actors, Looking Closely:
    Even in fairly healthy democracies with strong civil liberties, we nonetheless have government agencies which engage in some spying on the public. Some nations have it even worse with broad domestic spying programs. Others still are places of pervasive surveillance, where a citizen can be arrested and jailed simply for expressing an undesirable opinion online. For many of us in the democratic world, not wanting the government looking at our online habits is a matter of privacy and comfort. For a dissident living under a surveillance-savvy dictatorship, it can literally be the difference between life and death.

Just as our home security might depend on the neighbourhood where we live, we each have to evaluate our own digital security needs. You might not be worried about the government, or harassment. You might have other areas of concern not covered by the above. There is no “one-size-fits-all” solution for personal security. However, there are a number of great tools and techniques available which, when used in concert, can greatly improve your online security. 

Let’s dive in!

Choose Strong Passwords, and Keep Them Safe

Choosing a strong password is one of the easiest ways to make sure intruders don’t get access to any of your digital stuff. Like a burglar who checks if you left your front door unlocked, the first trick for a hacker is to see if typing “password” in the password field will log them on. There have been several high-profile password database leaks in the last few years, and they all show that people still frequently use terrible passwords like, “password”, “12345”, and “letmein”. Worse yet, attackers can build programs called “bots” to try different passwords automatically until something works (typically called a dictionary attack).

To create a robust password, use as many characters as you can remember, and include symbols and numbers if possible. However, don’t just replace letters with lookalike characters (eg: “P@$$w0rd”), as a hacker’s dictionary attack might account for this. Add some randomness in as well (eg: “P@$5www0rd22”*). The key is to add entropy, or randomness, that will make your password harder for both humans, and malicious programs, to guess.
* Please do not actually use “P@$5www0rd22” as your password. Please.

If you’re having trouble remembering your passwords, you can use a password management program, like the Mac OS X Keychain app, or the multi-platform, open-source KeePass. Never write passwords down where others can easily see them, like on paper sticky notes, or in a Word document.

Lastly, don’t use the same password for everything. Ideally, every account (your computer, email, iTunes, gaming, bank) should use a unique password.  

Use Two-Factor Authentication

Two-Factor Authentication combines something you know, with something you have. In practical terms, this is usually your password (a thing you know) and your mobile phone (a thing you have). Two-Factor (also known as “two-step verification”) is an option available from online services like Google, Twitter, Apple, certain banks, and many others. When you log into such a service with a device for the first time, the service will text a confirmation code to your phone number. You will need to enter this code in addition to your password. This means that unless an attacker has both learned your password and stolen your cellphone, they’re not getting into your Gmail/Twitter/iCloud account.

Two-factor isn’t perfect, but it’s a relatively simple solution which can greatly decrease the risk of your online accounts being compromised.

Be Skeptical of Unexpected Messages

Is that email or text message really from PayPal? Or is it is someone trying to trick you into giving up your password, or installing malware? These kinds of attacks are called phishing (or some creative variation on “fishing”, depending on the precise method), and they almost always involve scammers masquerading as a legitimate website in order to trick you into helping the scammer do something nasty. When you receive unexpected emails, it’s a good idea to question their authenticity. Hover your mouse over links in an email to see where that link will send you. If something doesn’t look right, don’t click! It’s better to be safe than sorry. Both CyberSmile and Apple have more in-depth guides about avoiding phishing attacks.

Back It Up!

There’s virtually no valid reason not to back up your computer. The ever-present danger of losing all your data to a hard drive crash should be motivation enough, but if the aforementioned ransomware rears its ugly head, it’s nice to have an option for getting your data back that isn’t giving money to criminals. Recent versions of Windows and Mac OS X both have basic backup software built in.

Use Security Software

Preventing ransomware or other malware from making its way onto your computer in the first place is even better than restoring from a backup. “Be Skeptical” is advice which will help with that. Security software can help too. There is, admittedly, some debate in the IT community as to whether antivirus software and the like are truly effective anymore, since modern malware can be very sophisticated and often changes too rapidly for antivirus software to keep up. Nevertheless, security software suites will block at least some threats, and often include a combination of  antivirus, firewall, and other proactive protection. If you don’t have security software, and you’re running Windows, pick something that has been well-reviewed by a couple of reputable sites and install it.

Lock Your Device

Having a phone or laptop stolen is bad enough; you don’t want all of your accounts and data stolen along with your device. A password/code lock on your computer or phone ensures that no one can tamper with your email, social media, or other online accounts if they steal or otherwise get physical access to your device. Setting up a screen lock is incredibly easy to do in most OSes, and everyone should do it.

Final thoughts

These are just a few key tips for protecting your digital security, and is by no means an exhaustive list. As I’ve mentioned, you need to evaluate your own needs and potential threats to find what’s best for you. However, employing each of the  techniques on this list (especially backing up!), can save you from a lot of headaches in the long run. 

But before I wrap this up, it’s critical to mention what should be obvious: being the victim of online harassment, exploitation, or fraud doesn’t make you naive or at fault, it makes you a victim. 

Someday, I hope we have a world where online criminals and cyber-bullies can’t hide on the other side of the planet. I hope that governments won’t spy on our personal communications without cause and warrants. I don’t believe that these are mutually-exclusive goals. In the meantime, we can only try our best to help each other. I hope that what I’ve written will help to keep you safe. 

Next time, I’ll be covering some more sophisticated techniques for advanced users, or anyone who needs an extra level of privacy and security.
Good luck out there.

Combination lock by frbird via VectorStock