Many or all of the products featured here are from our partners who compensate us. This may influence which products we write about and where and how the product appears on a page. However, this does not influence our evaluations. Our opinions are our own.
Having your data exposed in a breach feels inevitable, so securing your information online is a must. But with terms like VPN, SSO and HTTPS being bandied about, it’s hard to know where to start.
It’s true, there are many, many steps you could take to improve your security — some involving acronyms — but experts say a few basics will help a lot.
“It can seem overwhelming, but it’s really not,” says Kelvin Coleman, executive director of the National Cyber Security Alliance. “Low-hanging fruit can be very, very effective in keeping you safe.”
These simple habits will protect you against some of the most common threats to your personal and financial data, such as identity theft.
1. Update your devices
“Security software is quite effective against known malware,” says Curtis Dukes, executive vice president of the Center for Internet Security. That’s because engineers are constantly creating new versions in response to current threats.
Your computer and mobile devices likely have security software built into their operating systems, and they should notify you of updates automatically. The pop-ups might feel intrusive, but they’re there to protect you.
So you should resist the urge to delay updates. “I wish I could lobby to have that ‘or later’ button deleted,” Coleman says.
2. Use secure passwords (and helpful password services)
“Unfortunately, a significant number of people still use 123456 and password1,” as well as other easy-to-guess login credentials, Coleman says. If you reuse the same password, it’s easy for criminals who’ve hacked one of your accounts to access others.
If you’re not interested in designing and remembering complicated passwords for all of your approximately 500 online accounts, Dukes recommends a password manager — consider 1Password or LastPass — that can suggest and store them for you.
Erin Shepley, Cybersecurity Awareness Month Lead for the Department of Homeland Security, also suggests using multifactor authentication on your most important accounts, such as your email and bank logins. This process requires you to approve a sign-in on a separate device — such as your phone — making it easier to detect and foil unauthorized logins. If your account offers it, the option is typically available under security settings. (Google calls it “two-step verification.”)
“If it takes more time for the malicious actor, they'll move on to someone who doesn't have that in place,” Shepley says.
3. Be wary of public Wi-Fi
You’ve heard it before, but “public wireless ‘hotspots’ are just that, public,” Dukes says. Information you transmit on them — including credit card data or logins — can be intercepted by a hacker on the same network. Networks without passwords, such as the ones you’ll find at some airports or hotels, are especially risky.
Not only that, but criminals might spoof a legitimate access point. It’s always smart to confirm you have the correct network name before you use it, according to the DHS.
If you really must do sensitive tasks — such as shopping or checking your bank balance — outside of your home network, using your own personal hotspot is safer than public Wi-Fi. And always make sure the URLs you’re using for these tasks begin with “https://,” Shepley says.
4. Don’t fall for phishing scams
It’s not new, but criminals still do it because it works: They contact you, claiming to be someone — maybe someone you know — who needs your financial data, Social Security number or other personal information. They can then use this data to access your accounts.
“Phishing is still the threat vector of choice,” Shepley says. “They prey upon the human nature in people.”
It’s not always easy to tell a legitimate message from a scam, but if you’re being asked for money, login credentials or other personal data, you should verify the message before responding. For example, if you receive an email purporting to be from your bank, the DHS recommends calling your bank for confirmation on a phone number you’ve Googled; don’t click any links within the suspicious email.
Safety doesn’t have to be complicated
Once you’ve mastered these steps, you can absolutely take further action to lock down your online presence. You might even be inspired to set up a VPN, or virtual private network, a service that can create a secure connection on a public network.
But the good news is that simple changes — like using unique passwords — can go far in keeping you safe online. “It won't save you every time. But … it's better to have it than not have it,” Coleman says.