To read the headlines these days is to get the sense that the Internet has become a scary place.
Cyber espionage and identity theft abound while organized criminals and national spies lurk.
In recent days, Kaspersky Labs announced the unprecedented theft of $1 billion or more from hundreds of European banks and a Stuxnet-like bit of malware that has secretly and permanently installed itself on millions of hard drives across Russia, China, India, Iran and elsewhere.
As President Barack Obama recently said at a California summit, cybersecurity is an issue of paramount importance, and one that everyone -- from governments to private firms to individuals -- needs to address.
But how can one person fight back against the skills of highly sophisticated cyber criminals or the resources of nation-states?
In truth, they can’t. If a government or criminal wants to hack your computer badly enough, they will.
But individuals can make it more difficult for the hackers, and even technically challenged Web users can prevent a lot of petty Internet hacking by simply practicing what Internet pioneer Vinton Cerf calls “good Web hygiene.”
Here are a few "hygiene" habits you can put into practice right now:
Harden your password: Take a moment and try to guess the most popular password currently in use. If you said “password,” you wouldn’t be far off. In SplashData’s annual list of the most commonly used passwords, “password” ranks No. 2. “123456” ranks No. 1. Those aren't passwords, they're wet cardboard.
If you don’t want someone breaking into your data, you have to put a firm lock on the door. Hard passwords include a mix of upper- and lowercase letters, digits and special characters. They should be at least eight characters in length and they should definitely not spell out words like your pet’s name or your high school mascot. If you do nothing else suggested here, harden your password.
Change it up: A second and very common mistake made by users is to create one hard password, but then never change it or use it across a variety of accounts.
To be sure, managing an ever-changing list of complicated passwords is a pain. But ultimately no password is unbreakable, and using them across accounts is an invitation for a catastrophic hack. If you’re having trouble keeping track of all those hard passwords (do not write them down), there are a variety of password managing services and ideas out there that are relatively easy and secure.
Clear that cache: This goes for all the devices you use in a day -- your home computer, your work computer, your friend’s iPad, etc. Every time you use a browser like Firefox or Chrome, it keeps track of where you’ve been and what you’ve done. Often by default, records of every site you visited and all your uploads and downloads can be kept for days or even weeks.
It’s very easy for anyone else to view that cache and steal a detailed record of your online activities. Thankfully, it’s even easier to clear your cache once you’re done or set your preferences to not record any of your activities.
Don’t use free Wi-Fi: The old adage “there’s no free lunch” was rarely truer than when it comes to Wi-Fi. Increasing numbers of cafes, bars, stores or other public places are offering data-hungry mobile users free wireless access to the Internet, often even without passwords. These services might be convenient, but they’re also an open door to everything on your device. Unless you really need it, don’t use it.
Use HTTPS: Officially known as “hyper-text transfer protocol secure,” HTTPS is a variant of the HTTP web protocol that adds an extra layer of security and encryption while online. Communications between users and sites that support HTTPS are encrypted, and also authenticated, meaning that HTTPS can be used to sniff out phony websites often employed in so-called “man-in-the-middle” hacks.
Be careful with flash drives: Often called “thumb drives,” flash drives are small and easy to use across platforms, and can store amazing amounts of data. That’s why they’ve become so popular to trade and store data. But they can also spread viruses and malware user-to-user without your ever knowing it. Before you plug any drive into your computer, take a moment to think through the chain of users who preceded you.
Watch what you click: This is one of those tips that most everyone knows, but still trips many up. One of the most popular and still successful ways bad guys infect your computer, or even entire networks, is through a technique called “phishing.” While there are many variants, a phishing hack begins when someone opens an email attachment that looks legitimate, but in fact immediately infects the user’s computer.
If someone sends you a file or a website you didn't ask for, no matter how much they promise "You'll love this!", don't click on it.
Try not to use public computers: Depending on your circumstances, this can be difficult. For those without a computer or Web access, Internet cafes are still a very popular option to get online. However, the more a computer is used by different people, the greater the odds that it has been infected or contains spyware that can log keystrokes, email accounts and websites visited.
Some users work around this by bringing circumvention software on their own flash drive -- tools like Tor or Psiphon that can help dodge around firewalls and protect your anonymity. These, however, can still be a bit tricky, and are not fool-proof protection.
Use anti-virus protection: In the struggle to keep the Internet as hygienic as possible, you have a doctor of sorts in your corner. There are dozens of anti-virus services you can use, from the aforementioned Kaspersky to Norton to TrendMicro to many others. Some are free, some aren’t, and they offer a wide range of protections. But in the end, anti-virus is a great way to have professional help keeping one step ahead of the hackers.
Don’t assume you know to whom you’re talking: It’s natural to assume that when you get an email from a friend or go to a website that you’ve been to many times before, that what you’re seeing is what or who you believe it to be. Yet increasingly, hackers are learning how to mimic your friends and contacts or create fake websites that look like a trusted site but are actually just there to gather intelligence and data about the user.
The best advice is that if something about a friend’s email seems off -- maybe an unexpected topic or odd language -- consider sending them a note in reply, or better yet, contact them through a different channel to ask about their message.
Avoid trackers. It’s no coincidence the news website you always visit knows your name or that your favorite retailer somehow seems to know exactly what you’re looking for. Websites of all types routinely track us now through the use of “cookies” -- small files placed in your browser’s files. The cookie allows a website to track our activity online and tailor an experience in response -- sometimes verging on the creepy.
Every browser has an option in the privacy settings that allows users to erase cookies or allow you to refuse accepting them. But keep in mind that websites often limit services to those who don’t accept cookies.
If you don’t want the big search engines like Google knowing everything that you’re looking for (they use cookies, too), consider using one of the “non-track” search engines such as DuckDuckGo.com, which has a no-cookie and no-tracking policy.
If you want to learn more about how to keep yourself safe online, and tools you can use to protect your privacy and evade government censors, visit our "Circumventing Censorship" digital handbook.