Table of contents
Start for free
How to Protect Your Data, Identity, and Business OnlineSecurity risks are constantly present on the internet. Here are some much-needed tips to protect you and your business.
Research shows that the average data breach costs businesses over four million dollars, 60 percent of small businesses have been hit with cyberattacks, and millions of consumers suffer from identity theft online. Cleary, better technology, education, and online security practices are a necessity. How can you protect your business and personal data online?This guide will go over some of the best ways to protect your information and keep your business safe from intrusions, cybercriminals, data theft, and more online threats. If you're worried about your online security, read the tips below for some good internet security practices.
Tips for strengthening your online securityDespite advances in technology, there are still many ways for malicious actors or hackers to infiltrate your online accounts, steal confidential information, or try to impersonate you and exfiltrate credentials or identity. But, don't worry – we've got some tips that can help strengthen personal security and keep you safe online.
1. Use strong passwords, a password manager, and Two-Factor AuthenticationAnother important way to protect your online accounts is by using strong passwords that are difficult for hackers to guess. In this blog, we outline best practices for managing your passwords, including not repeating the same password, using second factor authentication, and more.An even better practice is to use a password manager, which can autogenerate long and difficult to guess passwords for every single account you use online. Password managers create strong passwords for every service, store them in an encrypted database, and autofill them when you need them. As many internet users maintain hundreds - or thousands - of online accounts, a password manager can be considered a necessity and a critical good practice online.To ensure heightened security, you can also integrate Two-Factor Authentication (2FA) or Multi-Factor Authentication methods. This approach adds an extra layer of security by requiring you to enter a second code, which can be a password, biometric authentication, or SMS confirmation when logging into your account.However, it is important to note that 2FA is not foolproof, and there are ways for hackers to bypass it. For example, if a hacker has access to your phone number, they can use what is called a SIM swap attack to receive the codes meant for you and login to your account. For this reason, it is important to use a strong and unique password for each of your online accounts, and to enable 2FA whenever possible. For more technically minded users, hardware keys - such as a Yubikey - have become preferred over text message 2FA mechanisms as they require a physical device to cryptographically verify login credentials.
2. Be careful what you click on or downloadBe diligent to carefully check the URL of any links before clicking on them. Phishing links are a common way for hackers to try and steal your data. These links, emails, and sites can look very convincing, as they often impersonate a trusted brand or website - such as a fake Google, Microsoft, or Apple sign in window.Frequently, malicious links will automatically download software to your computer that could contain spyware, malware, or other dangerous programs. Furthermore, before signing into any service, inspect the URL in your browser window to ensure you never provide your login details to a site that is not legitimate. Given this cybersecurity risk, some sites now offer tools to ensure links are safe; if you’re considering whether to click on a link, consider using one of these sites (such as Norton Safe URL) to investigate.
3. Avoid public WiFi networksPublic WiFi networks can be found everywhere, from coffee shops and libraries to airports and hotels. While it's convenient to be able to connect to the Internet while you're on the go, public WiFi networks are often unsecured, making them a potential target for hackers who could be listening to network traffic, or spyware added to a public WiFi router.If you need to use WiFi while you're out and about, be sure to connect to a secure network and avoid entering any sensitive information (such as login details, social security numbers, credit card numbers) while connected. Alternatively, use a VPN on these networks (read more below).
4. Use a VPNA Virtual Private Network, or VPN, is a vital tool for anyone who wants to keep their online activity private and secure. VPNs leverage end-to-end encryption of network traffic to ensure you have complete online privacy and security.If your VPN is switched on, your online activity is routed through an encrypted tunnel, allowing you to protect your identity and browsing behavior. In the unfortunate event that a hacker does intercept your encrypted traffic, they would not be able to view the content or decipher any critical information (such as credit card data, financial information, or login credentials).Using a VPN is especially important if you're using public WiFi, as there is a greater likelihood of getting hacked using public WiFi. With a VPN, you can browse the Internet more confidently, knowing that your data, IP address, and network traffic are safe from prying eyes.
5. Keep your antivirus software up to dateIn today's connected world, it's important to take steps to protect your devices from malware, malicious software, and cyber threats. One way to do this is to install antivirus software. Antivirus programs help defend against known threats by scanning your device for malicious activity and taking action to remove the malware. It's important to keep your antivirus software up to date, as new threats are constantly emerging.There are a lot of great antivirus software programs out there, but it really depends on your specific needs as to what is the best for you. Some people prefer free programs like Avast or AVG, while others are willing to pay for something a little more robust like Norton or McAfee. It really just comes down to what you are looking for in an antivirus program and how that is reflected in your budget.
6. Back up your data regularlyOne of the most important things you can do to protect your data is to back up your devices regularly. Backups can save you a lot of time and frustration if your computer crashes, if you accidentally delete an important file, or if your device is infected with ransomware or malware.There are a few different ways to backup your data, so you can choose the option that works best for you. For example, you can copy your files to an external hard drive or use a cloud-based storage service, such as Dropbox or Box. Apple devices also offer cloud sync features to iCloud, and Mac’s Time Machine feature can subsequently restore your entire computer to a previous state.Whichever method you choose, be sure to store your backups in a secure and memorable location - either using a cloud service, or a physical hard drive. That way, if something happens to your computer, you'll be able to restore your data effortlessly.
7. Use encrypted cloud storageUsing an end-to-end encrypted cloud storage provider yields even greater privacy and security benefits when navigating the web online. Unlike most cloud storage, such as Dropbox or Box, end-to-end encrypted cloud storage mandates that only you - and not service providers - can access your information. For medical records, credit reports, and other sensitive documents, these privacy and security benefits enable greater peace of mind and security.Skiff Drive and Tresorit are two of the most popular end-to-end encrypted cloud storage services; both offer sync across multiple devices, mobile apps, and sharing mechanisms for safely communicating your important documents to other individuals online. They also offer additional privacy settings, such as expiring access and password protection, for even more control over your data.
9. Be aware of social engineering attacksSocial engineering attacks may surprise you in their unique combination of danger and creativity. Scammers are becoming increasingly adept at using social engineering - where an adversary uses deceptive questions, misleading information, or tricks to obtain information from individuals.One of the most common methods is spear phishing, where hackers send an email masquerading as a person or organization you know in an attempt to acquire your login details or other personal information. For example, an adversary may pretend to be your employer, boss, or friend in a text or email message.Once information is exposed, you may be pressed to send a form of payment, purchase items for your adversary (such as gift card scams), or install malware that would give unauthorized users access to your system. In recent years, hackers have tried to convince unwitting individuals to purchase cryptocurrencies (Bitcoin, Ethereum, or others) and transfer them. An FTC report on hackers’ use of cryptocurrency scams show that they have become increasingly used to send funds to attackers.Social engineering attacks can be very difficult to spot, so it's important to be vigilant in all of your online communications. If you ever receive an unexpected email or message from someone who may be impersonating a well known contact, be sure to verify their identity through a trusted channel before responding.
10. Keep your software up to dateOne of the simplest and most effective ways to protect your data is to keep your software up to date. Outdated software can be full of security vulnerabilities that hackers can exploit to gain access to your data.So, ensure that all your software, including your operating system, web browser, and any plugins or extensions, is updated with the latest security patches. Many operating systems will prompt you to automatically update - don’t ignore these warnings!
11. Use privacy-first or anonymous emailEmail is frequently used as a main form of identity online. Email accounts are used to sign into bank accounts, social media accounts, and for all personal or professional communications. As a result, using a privacy-first email service is a natural decision for better navigating data privacy online. Popular privacy-first email providers include Skiff, ProtonMail, and Tutanota and are now trusted communication providers for hundreds of millions of individuals.All of these email services offer end-to-end encryption, meaning that your emails are completely private and can only be read by the intended recipient. These providers also both offer a number of other privacy features, such as the ability to create disposable email addresses, which is great for when you need to sign up for something but don't want to give out your real email address.
Wrapping upPhishingscams, social engineering attacks, and identity theft have the potential to derail your business or cause significant personal pain. From gift card scams to impersonation, the financial and reputational risks are quite significant. Using a combination of software and good practices online can mitigate these risks, protecting you, your business, and your contacts online.
Skiff TeamThe Security Benefits of Encrypted EmailThere are numerous benefits to using an encrypted email service as your primary email provider.
Andrew MilichHow to send anonymous and secret emailsLooking for a secret, privacy-first email address for sensitive communications? You’ve come to the right place.
Andrew MilichWhat's the best encrypted cloud storage provider?Choosing a cloud storage provider? Consider these platforms, security guidelines, and tips when setting up your account.
Andrew MilichAre emails to attorneys confidential?Communicating privately with your attorney is a fundamental legal right. How can it be done privately and securely?
Andrew MilichQuick guide: Get your custom domain set upHow can you add a custom domain to your Skiff account? Learn more in this guide.
Peter LuHow to add a shared custom domainYou've set up your Skiff workspace with your team. How can you add a shared custom domain?
Andrew MilichBlock trackers and remote content on Skiff MailStarting today, all Skiff Mail users on every plan can disable remote content loading by default in their inbox.
Eli MacKinnonHow to send secure documents via email—what is the safest technique?Learn how to send secure documents via email—we present various methods and explain how end-to-end encryption protects your data and online correspondence.