How to Protect Your Data, Identity, and Business Online

Security risks are constantly present on the internet. Here are some much-needed tips to protect you and your business.

Research shows that the average data breach costs businesses over four million dollars, 60 percent of small businesses have been hit with cyberattacks, and millions of consumers suffer from identity theft online. Cleary, better technology, education, and online security practices are a necessity. How can you protect your business and personal data online?This guide will go over some of the best ways to protect your information and keep your business safe from intrusions, cybercriminals, data theft, and more online threats. If you're worried about your online security, read the tips below for some good internet security practices.

Tips for strengthening your online security

Despite advances in technology, there are still many ways for malicious actors or hackers to infiltrate your online accounts, steal confidential information, or try to impersonate you and exfiltrate credentials or identity. But, don't worry – we've got some tips that can help strengthen personal security and keep you safe online.

1. Use strong passwords, a password manager, and Two-Factor Authentication

Another important way to protect your online accounts is by using strong passwords that are difficult for hackers to guess. In this blog, we outline best practices for managing your passwords, including not repeating the same password, using second factor authentication, and more.An even better practice is to use a password manager, which can autogenerate long and difficult to guess passwords for every single account you use online. Password managers create strong passwords for every service, store them in an encrypted database, and autofill them when you need them. As many internet users maintain hundreds - or thousands - of online accounts, a password manager can be considered a necessity and a critical good practice online.To ensure heightened security, you can also integrate Two-Factor Authentication (2FA) or Multi-Factor Authentication methods. This approach adds an extra layer of security by requiring you to enter a second code, which can be a password, biometric authentication, or SMS confirmation when logging into your account.However, it is important to note that 2FA is not foolproof, and there are ways for hackers to bypass it. For example, if a hacker has access to your phone number, they can use what is called a SIM swap attack to receive the codes meant for you and login to your account. For this reason, it is important to use a strong and unique password for each of your online accounts, and to enable 2FA whenever possible. For more technically minded users, hardware keys - such as a Yubikey - have become preferred over text message 2FA mechanisms as they require a physical device to cryptographically verify login credentials.

2. Be careful what you click on or download

Be diligent to carefully check the URL of any links before clicking on them. Phishing links are a common way for hackers to try and steal your data. These links, emails, and sites can look very convincing, as they often impersonate a trusted brand or website - such as a fake Google, Microsoft, or Apple sign in window.Frequently, malicious links will automatically download software to your computer that could contain spyware, malware, or other dangerous programs. Furthermore, before signing into any service, inspect the URL in your browser window to ensure you never provide your login details to a site that is not legitimate. Given this cybersecurity risk, some sites now offer tools to ensure links are safe; if you’re considering whether to click on a link, consider using one of these sites (such as Norton Safe URL) to investigate.

3. Avoid public WiFi networks

Public WiFi networks can be found everywhere, from coffee shops and libraries to airports and hotels. While it's convenient to be able to connect to the Internet while you're on the go, public WiFi networks are often unsecured, making them a potential target for hackers who could be listening to network traffic, or spyware added to a public WiFi router.If you need to use WiFi while you're out and about, be sure to connect to a secure network and avoid entering any sensitive information (such as login details, social security numbers, credit card numbers) while connected. Alternatively, use a VPN on these networks (read more below).

4. Use a VPN

A Virtual Private Network, or VPN, is a vital tool for anyone who wants to keep their online activity private and secure. VPNs leverage end-to-end encryption of network traffic to ensure you have complete online privacy and security.If your VPN is switched on, your online activity is routed through an encrypted tunnel, allowing you to protect your identity and browsing behavior. In the unfortunate event that a hacker does intercept your encrypted traffic, they would not be able to view the content or decipher any critical information (such as credit card data, financial information, or login credentials).Using a VPN is especially important if you're using public WiFi, as there is a greater likelihood of getting hacked using public WiFi. With a VPN, you can browse the Internet more confidently, knowing that your data, IP address, and network traffic are safe from prying eyes.

5. Keep your antivirus software up to date

In today's connected world, it's important to take steps to protect your devices from malware, malicious software, and cyber threats. One way to do this is to install antivirus software. Antivirus programs help defend against known threats by scanning your device for malicious activity and taking action to remove the malware. It's important to keep your antivirus software up to date, as new threats are constantly emerging.There are a lot of great antivirus software programs out there, but it really depends on your specific needs as to what is the best for you. Some people prefer free programs like Avast or AVG, while others are willing to pay for something a little more robust like Norton or McAfee. It really just comes down to what you are looking for in an antivirus program and how that is reflected in your budget.

6. Back up your data regularly

One of the most important things you can do to protect your data is to back up your devices regularly. Backups can save you a lot of time and frustration if your computer crashes, if you accidentally delete an important file, or if your device is infected with ransomware or malware.There are a few different ways to backup your data, so you can choose the option that works best for you. For example, you can copy your files to an external hard drive or use a cloud-based storage service, such as Dropbox or Box. Apple devices also offer cloud sync features to iCloud, and Mac’s Time Machine feature can subsequently restore your entire computer to a previous state.Whichever method you choose, be sure to store your backups in a secure and memorable location - either using a cloud service, or a physical hard drive. That way, if something happens to your computer, you'll be able to restore your data effortlessly.

7. Use encrypted cloud storage

Using an end-to-end encrypted cloud storage provider yields even greater privacy and security benefits when navigating the web online. Unlike most cloud storage, such as Dropbox or Box, end-to-end encrypted cloud storage mandates that only you - and not service providers - can access your information. For medical records, credit reports, and other sensitive documents, these privacy and security benefits enable greater peace of mind and security.Skiff Drive and Tresorit are two of the most popular end-to-end encrypted cloud storage services; both offer sync across multiple devices, mobile apps, and sharing mechanisms for safely communicating your important documents to other individuals online. They also offer additional privacy settings, such as expiring access and password protection, for even more control over your data.

8. Have good mobile security practices

Today, our mobile applications store more personal information than our physical homes - so good mobile security is essential. In particular, use caution when installing applications: Not all mobile applications are safe, and many contain malware (designed to infect your device) or mobile spyware (designed to track your behavior across applications, steal your credentials, or access other data, like your contact list). Before installing any application, do research on their privacy policy and practices. On Android devices, where it is possible to install applications from many different sources, it is essential to vet and trust software providers. Furthermore, make sure you limit permissions for all mobile apps, such as permissions to access your contacts, social media profiles, location data, or other sensitive information.Using a secure lock screen is a good practice on any device, including on iPhones, Android, tablets, and desktop computers. Adding a PIN code provides peace of mind whenever you leave your devices unattended (which you should generally avoid), or when working in a public place, such as a co-working space or airport. Choose a PIN or password that is difficult to guess but easy to remember.Remote wipe capabilities are also important for all mobile devices and tablets. On iPhone, the Find My iPhone service offers Apple device users remote wiping capabilities; on Android devices with a Google account, wiping remotely can also be done from an online dashboard.

9. Be aware of social engineering attacks

Social engineering attacks may surprise you in their unique combination of danger and creativity. Scammers are becoming increasingly adept at using social engineering - where an adversary uses deceptive questions, misleading information, or tricks to obtain information from individuals.One of the most common methods is spear phishing, where hackers send an email masquerading as a person or organization you know in an attempt to acquire your login details or other personal information. For example, an adversary may pretend to be your employer, boss, or friend in a text or email message.Once information is exposed, you may be pressed to send a form of payment, purchase items for your adversary (such as gift card scams), or install malware that would give unauthorized users access to your system. In recent years, hackers have tried to convince unwitting individuals to purchase cryptocurrencies (Bitcoin, Ethereum, or others) and transfer them. An FTC report on hackers’ use of cryptocurrency scams show that they have become increasingly used to send funds to attackers.Social engineering attacks can be very difficult to spot, so it's important to be vigilant in all of your online communications. If you ever receive an unexpected email or message from someone who may be impersonating a well known contact, be sure to verify their identity through a trusted channel before responding.

10. Keep your software up to date

One of the simplest and most effective ways to protect your data is to keep your software up to date. Outdated software can be full of security vulnerabilities that hackers can exploit to gain access to your data.So, ensure that all your software, including your operating system, web browser, and any plugins or extensions, is updated with the latest security patches. Many operating systems will prompt you to automatically update - don’t ignore these warnings!

11. Use privacy-first or anonymous email

Email is frequently used as a main form of identity online. Email accounts are used to sign into bank accounts, social media accounts, and for all personal or professional communications. As a result, using a privacy-first email service is a natural decision for better navigating data privacy online. Popular privacy-first email providers include Skiff, ProtonMail, and Tutanota and are now trusted communication providers for hundreds of millions of individuals.All of these email services offer end-to-end encryption, meaning that your emails are completely private and can only be read by the intended recipient. These providers also both offer a number of other privacy features, such as the ability to create disposable email addresses, which is great for when you need to sign up for something but don't want to give out your real email address.

Wrapping up

Phishingscams, social engineering attacks, and identity theft have the potential to derail your business or cause significant personal pain. From gift card scams to impersonation, the financial and reputational risks are quite significant. Using a combination of software and good practices online can mitigate these risks, protecting you, your business, and your contacts online.