1. Neil Rubenking, Lead Analyst PC Magazine
- Use a strong, unique password for every website. Yes, that means you’ll have to install and use a password manager.
- Set your smartphone to lock after a short idle time, and set it to require authentication for unlocking. If at all possible, use something stronger than a simple-minded four-digit PIN.
- Never click links in emails or texts that seem to come from your bank, the IRS, or any other institution. If you think the message might be valid, log into your account directly, without using the supplied link.
2. Kelly Jackson Higgins, Executive Editor Dark Reading
There are no foolproof ways to stay safe online, but here are a few tips:
- Use a VPN connection, whether you’re on a corporate network or a public wired or WiFi network. Most corporations obviously have VPN clients for their users, but employ VPN connections even outside of work—including on mobile devices.
- Keep all applications up-to-date with the latest patches, and use a less-targeted browser such as Chrome or Firefox.
- Create very strong and complex passwords and change them often, and never, ever reuse a password on another site or account.
3. Andrei Petrus, Product Manager, Avira
While people understood how critically important the essential protection of antivirus software is, there is more each of us must do in order to augment our cyber armor. Here’s a top 3:
- PUAs (Potentially Unwanted Applications) are the new foemen in the online realm.
Free software always come at a price, most frequently by side installing adware, browser extensions or other software you didn’t ask for. For that matter, things just worsened last week, when a notorious torrent client started to use customers’ computers for bitcoin mining. The advice here is to read carefully all the notes throughout the installation wizard and avoid installing apps from untrustworthy download portals / vendors.
- Mobile devices are an open gate to our privacy, secrets, and money (mobile banking).
Be very careful what apps you choose to install and pay special attention to what permissions each app is requesting. For instance, it doesn’t quite make sense for a weather app to demand access to your photos, does it?
- Ask loudly for your right to privacy.
Don’t ever say I have nothing to hide, because that’s equivalent to I don’t care about this right.
4. Lee Munson, BH Consulting’s Social Media Manager of SecurityWatch
- Never use the same password twice.
As we sign up for ever more accounts and services it becomes extremely tempting to reuse the same password over and over again but this is extremely risky behaviour.
If your login credentials are ever grabbed by a hacker – and with the number of data breaches in the news every week it’s a case of when, not if – the attacker will have inadvertently gained access to your entire digital world.
If creating a large number of complex, hard to guess passwords is a challenge consider using a password manager such as LastPass which can store all your credentials for you, leaving you with just one master password to remember.
- Think twice before clicking on links found in emails, especially if you don’t know the sender.
Whether you’re at home or at work, chances are, you’ll receive emails from time to time that are not quite what they seem. Cyber criminals often create convincing emails that appear to come from bank, credit card company and other popular websites that hold financial or other sensitive data. Contained within will be links to copycat sites under the bad guys’ control which will steal your personal data – and maybe your money too – should you visit them and enter your username and password.
- Be careful what you download, and ask questions about the site you are downloading from.
We live in a digital age in which we can download just about anything we want to watch, listen to or use… and have access to it almost immediately.
While there are hundreds of legitimate sites from which digital content can be downloaded, there are thousands more that offer bogus, and harmful content, filled with malware designed to steal your financial and other personal information.
So, if you must download the latest movie or song, think twice about where you are downloading it from.
Is the site well-known? Have any of your friends used the site without incident or unexpected surprises? Is it actually the site you think it is rather than a clone? (Check your browser for a padlock or a URL beginning with https:// for some certainty and don’t ever visit a download link sent you via email – see point #2 above)
5. David Harley, Senior Research Fellow of ESET N. America
After more than a quarter century in security, it still seems to me that many people still expect to find a 100 per cent solution for all the security issues that plague us, and are furious when a solution doesn’t meet their expectations. Unfortunately, vendor marketing isn’t good at expectation management, often offering simplistic solutions to complex problems, single solutions that are supposed to render all other products obsolete.
In fact, the promotion of the idea that single-layer/single-solution security is enough is not only obsolete (if it was ever valid, which I don’t think is the case), but irresponsible. I often read that solution S makes passwords obsolete. Password methodology has lots of problems, but the way to improve authentication isn’t simply to replace one (flawed) method with the latest method du jour and hope it’s more reliable.
- Rather, use 2-factor (or more) authentication.
Many social media sites now allow you to augment password authentication with at least one secondary authentication method, such as Facebook’s Login Approvals, which uses a token (security code) sent to your cellphone by SMS or its own authenticator app. I really hope that most people nowadays know that viruses are not the only security threat they need to worry about, but all too often, all that they do is install an (often free) anti-virus program.
- AV (free or for-fee) is much better than nothing.
As long as it’s a genuine security program rather than some kind of alluringly marketed malware – but it’s not enough to provide anything like complete protection. What security do your internet provider, applications and operating system provide? How can you configure them to make the best of that security? If you can’t bear to spend money on security software (preferably a full-strength security suite), then at least look into the possibility of reinforcing your free anti-virus with other free but genuine, reliable security software such as a browser sandbox.
- You are a security layer.
Having argued (convincingly, I hope) for multi-layering, on the grounds that where one approach fails, another might succeed, I’m going to mention a security layer that often gets overlooked: you. Many kinds of threat rely on social engineering, psychologically manipulating a victim into doing something which will enable the attacker to achieve his aims. I can’t teach resistance to sophisticated social engineering in a paragraph – and even grizzled security researchers can be fooled sometimes – but if you can maintain a reasonable level of skepticism and remember that successful social engineering may use the carrot or the stick (or both), you can save yourself a lot of grief. Above all, don’t fall into the trap of thinking that security software or your favourite operating system will save you having to make sensible choices about what links and attachments you open.
6. Peter Kruse, Partner & Security Specialist of CSIS Security Group
- Think twice and remain critical when opening attachments in e-mails or files downloaded from the Internet.
Ask yourself if you trust the source and why you’d want to open it in the first place.
- Update your programs and applications.
Patch your software whenever new security patches are released.
- Install an antivirus solution.
Make sure you download antivirus software from vendors that you trust and never run more than one AV tool on your PC at the same time. If you can’t afford to buy a license there are plenty of free options for home users such as AVIRA, AVG, AVAST and Microsoft etc.
7. Marcin Kleczynski, CEO and Founder of Malwarebytes
- Exploits are a growing infection vector for people and businesses at the moment, make sure you run specialized anti-exploit technology and use a browser that’s less prone to exploits.
- Keep your day to day software, such as browsers, Java, Flash and PDF readers, up to date at all times. Patch quickly.
- Layered security is important! Run dedicated anti-malware alongside your traditional anti-virus solution. Don’t forget to keep back ups as well.
8. Liviu Arsene,
Senior E-Threat Analyst, Bitdefender
- Be Suspicious.
Online or email scams are no longer identifiable by poor grammar and spelling mistakes. Whenever you see ads or emails claiming to give you a free iPhone or iPad, ask yourself “Would it happen to me walking down the street?”;
- System Updates.
Make sure you have the latest version of all installed software. Although Java or PDF software is commonly targeted, few actually take the time to install the latest security updates;
- Run Security Software
An up to date security solution will keep your PC infection free, provided you follow a minimum of best practices for online browsing and file downloading.
9. John E Dunn, Co-founder of Techworld
- Buy a low-cost Chromebook for everyday browsing and online banking. As cloud computers, they are an order of magnitude more secure than any PC, no matter how well defended.
- Start using a good online password manager (e.g. LastPass) to store and generate strong passwords. Ideally, buy the paid version for a few dollars and activate two-factor authentication. Money well spent.
- Enable and setup 2-step verification on your primary Google account and do the same for other important services such as Twitter and Facebook.
10. Simon Edwards, Technical Director of Dennis Technology Labs
- If you use public WiFi, use a VPN.
- Update your software as often as possible.
- Turn off Java in the browser.
Two of those tips are related to web-based exploit protection while the first is fairly obvious. I can explain why I think those are important but for now here are some links that helped form my opinion:
If I was allowed a 4th tip I’d say, “Use two factor authentication whenever possible” and a 5th, “If you are using Windows, you should use anti-malware software.”
11. Daniel Cid, Founder & CTO of Sucuri
That’s an easy one.
I will share the tips that I “force” my family and friends to do online:
- Enable “click to play” for flash on your browser.
- Use a password manager.
12. Matthew Pascucci, Cyber Security Engineer and Privacy Advocate
Here are a few things non-tech savvy people should be doing to stay safe online:
- Patch all third party applications (I.E Java and Flash). These third party applications are normally so vulnerable that you could compromise your workstation just by visiting an infected website or link.
- If you don’t know who sent you an email don’t click on the links or open the attachments. Since so many people have vulnerable workstations, phishing has been an extremely successful way to get malware installed, or to trick users into divulging information.
- Verify your privacy settings on mobile devices and social media. Make sure you’re not over-sharing information with the world that could potentially be used against you.
13. Morten Kjaersgaard, Heimdal Security‘s CEO
These are the 3 security tips that you can follow to stay safe online:
- Keep your software up-to-date, your Windows operating system and the 3rd party software. Online hackers always target software vulnerabilities and security exploits present in unpatched applications, so make sure you have them all covered with the latest security patches.
- Use very complex passwords and 2 step authentication. Don’t use your dog’s name or any easy to guess password. The 2 step authentication is a great way to add another layer of security to your system protection, by making sure that you will add another code sent to your phone number.
- Consider yourself a target for hackers when using your computer and think about what you are doing. In today’s security landscape, we need to acknowledge that sensitive information and private data is always under threat from cyber-criminals. At the same time, use common sense and make sure you don’t access strange looking websites or answer phishing e-mails.
14. Xavier Mertens, Security Consultant and Blogger at TrueSec
- Take care of your passwords
If possible enable 2FA (2-factors authentication – some you have/know/are) when the online service proposes this feature. Generate a strong and unique password for every service. Don’t spend your time to remember all those passwords, use a password manager to generate and store them. They can even fill the login pages for you!
- Keep your devices up-to-date
By devices, I mean your laptops/desktops but don’t forget that today, most electronic devices are also… computers! Think about your access points, ADSL modems, SmartTV’s, mobile phones, IoT (fridges, thermostat, etc). They also must be upgraded!
- Trust nobody!
Internet is not a world of care bears! You received a gift, an invitation, found a USB stick or are asked to perform a specific action to your computer. Have the good reflex to ask Why? or Do I know the person who’s asking me this? Don’t be afraid to decline or ask more information. Exactly like we learn to our kids: Do not talk to strangers.
15. Dave Piscitello, Vice President, Security and ICT Coordination, ICANN
- Nothing is free. This is particularly true for apps or software. Free often means if you give us access to your personal data.
- Third party data collectors are as great a threat to privacy as government surveillance.
- Learn who’s collecting your personal data, how they intend to use it, for how long, and whether they will share what they collect from you.
16. Rahul Kashyap, Chief Security Architect at Bromium
- Don’t trust anything on the internet (even legit sites could end up delivering malware).
- Always patch regularly, it definitely decreases chances of infection.
- Any deal that is too good to be true, probably it isn’t. Be cautions every time you encounter such offers (or emails).
17. Brian Donohue, Social Media Editor, Threatpost
- Install software, application and operating system updates as early and as often as possible.
- Protect your accounts with strong, unique passwords.
- Never disclose sensitive information or download an attachment from an unexpected or unsolicited email.
18. Troy Hunt, Microsoft MVP for Developer Security
- Password manager for everything!
Randomly generate them all (bar the ones you actually need to remember) and use a good password manager like 1Password.
- Use multi-step or 2 factor everywhere.
It’s increasingly common on large services and is enormously effective.
- You can’t lose what you don’t have.
Think twice before creating anything digital you wouldn’t want exposed including malicious email and nudie pics.
19. Mikko Hypponen, F-Secure Chief Research Officer
- Back up. Now.
- Back up – not just your computer, but also your phone and your tablet.
- Back up your systems so that you can actually restore them – even if your house burns down.