By Charles Joseph | Cybersecurity Advocate
It’s become an all too common occurrence in the news — our most sensitive information leaked through vulnerable online software. Sometimes for-profit, and sometimes for blackmail.
In an age where data breaches are becoming more common, it’s important to take steps to protect yourself from being hacked.
Unless you plan to disconnect from the internet, taking proactive measures to safeguard your data is not only prudent but paramount.
What can we do to protect ourselves?
We mitigate the risk of being hacked by applying well-thought-out security measures, which we’ll discuss in this guide.
The following list of cybersecurity best practices will significantly help you to safeguard your personal information from hackers.
Facts About Hacking
Getting hacked is nobody’s idea of a good time: in 2021, 59% of Americans said that they’re more scared than ever about becoming a victim of cybercrime, and 88% said that they’re concerned about data privacy.
But 40% of them said that they don’t know how to protect themselves from cybercrime. And 87% want to do more to protect their digital privacy.
Those statistics aren’t set in stone, though — and doing your part to make the internet more secure isn’t as hard as you might think. Follow these 13 cybersecurity tips to maintain your privacy, ensure your safety, and avoid getting hacked.
Avoiding Hackers: the Quick Version
- Using a password manager takes the pain out of otherwise cumbersome secure password practices.
- Take advantage of firewalls and antivirus software, and enable automatic updates and security alerts for your OS, web browser and apps.
- Train yourself to recognize phishing emails, fake websites, online scams, and fraudulent downloads, and keep your devices on your person at all times.
- Multi-factor authentication adds a little time and hassle to the login process, but the massive security boost is well worth it.
- Opt for secure, encrypted apps and services — and delete accounts on unused, insecure websites when possible.
How to Protect Yourself from Being Hacked (Video)
Top 13 Ways to Avoid Getting Hacked
1. Use a Password Manager
You probably know all the typical password advice: don’t reuse passwords, don’t use generic or simple passwords, use many types of characters, and make your password as long as possible.
The problem with this advice is that it’s impossible to remember dozens of long, unique, complex passwords. But the easier it is to remember your password, the easier it is for someone to guess or crack it.
That’s where password managers come in. These ultra-secure programs allow you to generate strong passwords and access them on all of your devices — all you need to remember is the master password for your password manager.
Many of the top password managers are free, though some offer a subscription to access more features or use the software on more devices. Bitwarden is a great free, open-source option, while 1Password offers a sleek and simple interface for an annual fee.
2. Enable Multi-Factor Authentication
As the conversation around cybersecurity expands, more and more sites are offering multi-factor authentication to their users. Enabling it is one of the best things you can do to protect yourself from hackers.
Multi-factor authentication adds an extra step to the login process. Instead of entering your account with just a password, you’ll be required to double-confirm your login attempt by entering a code sent via SMS, app or email.
Even if a hacker discovers your password, they won’t be able to access your account without this secondary information, which only you physically possess.
And multi-factor authentication also serves as an alert system: if you suddenly get a verification text or notification but weren’t trying to log in to anything, you know that a hacker was targeting you.
3. Keep Your Operating System and Software up to Date with the Latest Security Patches
New software vulnerabilities are discovered every day. And nobody is fully immune, no matter which OS you use, which browser you prefer, which games you play, or which apps you run.
Often, vulnerabilities are patched before any malicious activity can occur — but those patches won’t do anything if they’re not installed.
The constant update notifications may be annoying and inconvenient, but when the alternative is getting hacked, you’re better off listening to them and installing updates as soon as they’re available.
Pay special attention to updates labeled “urgent” or “critical”, as well as any that specify that they’re security-related. These updates should never be ignored: they’re likely patches for serious bugs that are actively being exploited by hackers.
Patching your system is, unfortunately, all about maintaining good cyber hygiene — especially if you’re on the internet. Consider updating your system as quickly as possible when an update is available.
4. Learn to Recognize Suspicious Websites, Files, and Emails — and Avoid Opening Email Attachments from Unknown Senders or Clicking on Links in Suspicious Emails
Most successful hackers lure their victims in by phishing. It’s most certainly a real thing.
Did you know that over 90% of computer breaches occur due to a successful phishing attack?
They may send an email disguised as your bank, telling you to verify your account number. Or they might purport to be the IRS, claiming that you owe taxes and directing you to a fake government website to pay up.
Some may even pretend to be someone you know — a relative or coworker — and urge you to download an email attachment, which is actually malware in disguise.
Never open emails from senders you don’t recognize, and never download attachments unless you’re sure they’re legitimate. The same goes for downloads from the web: ensure that anything you download comes directly from a trusted source, and avoid pirated files.
I won’t open an email unless it’s from a reputable source, so I probably miss some. But it’s a risk I’m just not willing to take.
And as a best practice, I also disable automatic image downloads (the ones embedded in your email that your client likely previews) to avoid notifying the sender that my email address is real.
Don’t click on links in emails, especially ones related to banking or account security. Instead, type in the site’s URL manually and navigate to the appropriate page rather than following the link.
And before you enter any personal information, especially credit card numbers, on a website, verify that the URL is correct and that the site is encrypted — look for the lock icon next to the URL.
5. Restrict Access to Physical Computer Systems: Don’t Leave Your Devices Unattended — or Use Unknown Ones
Most folks don’t consider physical access to their computer a genuine possibility. If you haven’t encrypted your data, anyone with physical access to your computer can bypass all software-enabled security controls. They can do this in many ways by just physically copying the data.
A good practice is to full disk encrypt your hard drive so that if someone does manage to get physical access, they’ll need your password to decrypt the data.
Leaving your laptop or phone on the table at the coffee shop while you go to the bathroom gives anybody the opportunity to peek inside. In less than a minute, a hacker could copy your important files to a thumb drive and then vanish as if nothing happened.
Conversely, using a stranger’s device could also compromise your security. A borrowed phone cord could contain a tiny module that secretly siphons your private data while you charge up, or a “forgotten” thumb drive could load your computer up with malware when you plug it in out of curiosity.
Always lock your devices with a password or fingerprint, and keep them on your person whenever possible. And never plug in unknown devices from strangers — you never know what might be hidden inside them.
6. Make Use of Your Antivirus Software and Firewall
I assure you that within seconds of connecting your computer to the internet, folks from every corner of the planet are scanning it for vulnerabilities. A firewall is an absolute must.
These days, most devices come preloaded with security features enabled by default, including firewalls and virus protection.
Unless you have a very good reason to disable them, it’s wise to leave them running at all times. They provide active defense against any hackers that might be trying to remotely break into your device.
Like other software, it’s important to keep your antivirus and firewall software up to date. Enabling automatic updates for these programs ensures that you always have the latest and greatest defenses at your service.
Anti-virus doesn’t catch everything — particularly zero-day exploits and custom malware that targets you explicitly.
But it does catch a lot of the other bad stuff, and it’s a good idea to have it enabled and updated with the latest virus definitions.
7. Disable Administrator Access Unless It’s Truly Needed
If you’ve ever tried to install or modify a program only to be told that you lack the administrator privileges to do so, you may be tempted to always use your computer’s administrator account.
But there’s a reason why administrator privileges aren’t the default. Administrators can access files deep within the operating system and make serious alterations to the device — two abilities that make a hacker’s job much easier.
If you’re always logged in as an administrator, any hackers that get into your computer can use those privileges to do their dirty work. Without administrator privileges, they’re much more limited as to the damage they can cause.
In general, you should only use an administrator account if you really need to — such as if a trusted program requires it, or if you’re modifying the system under the guidance of an expert. Otherwise, stick with normal user accounts.
This has the added benefit of allowing you to track user activity and normalize user behavior to identify anomalous activity consistent with computer breaches.
8. Answer Security Questions Smartly
Security questions work well in theory, but in practice, many common security question answers are easily discoverable.
A hacker may quickly find the name of your elementary school simply by looking up where you were born, and your favorite sports team may be revealed by public social media posts.
Entering the answer backwards, or rearranging the letters in it so they’re in alphabetical order, can add an extra layer of security. Or you can go even further with the fudging — provide your dad’s middle name instead of your mom’s, or say that you grew up on “Principal Street” instead of “Main Street”.
9. Enable Security Alerts on Websites and Apps
Constant notifications from apps and websites can be annoying and overwhelming, but even if you disable most of them, leave the security alerts enabled.
These notifications alert you when new account activity is detected — when a new device logs in, when a failed login attempt is made, or when a foreign IP address accesses your account.
Even if your account isn’t breached, security alerts let you know when something suspicious is going on, giving you a chance to prevent a hack before it occurs. You can preemptively change your password, secure your information or ask the site to lock down your account.
10. Switch to Secure Apps and Clean Up Your Digital Footprint
These days, you can find secure, encrypted versions of just about any service — and making the switch is surprisingly easy.
Secure messaging apps like Signal, for instance, offer the same features as texting but with extra encryption and privacy measures. And encrypted email providers like ProtonMail ensure that your private communications can’t be viewed or intercepted by hackers.
Even apps you’ve used for years are adding encryption and other security features: Gmail now offers end-to-end encryption, and Facebook Messenger allows you to encrypt specific conversations.
Once you’ve settled on your new encrypted apps, make sure not to leave any loose ends behind. Deleting old, unused accounts stops hackers from accessing them years down the line, long after you’ve forgotten about them.
#11. Do Not Download Files from Untrustworthy Websites or Peer-To-Peer File-Sharing Networks
This is a no-brainer that requires no further explanation. Pirated software puts you at risk. Just don’t do it.
#12. Be Proactive and Remove Spyware
You’re being tracked whether you realize it or not. Cookies in your browser and the software you install are phoning home with your personally identifiable information (PII).
Be proactive — clear your cookies and uninstall software you’re not using. Then run an anti-spyware program as a follow-up to safeguard your PII on an ongoing basis.
Join Our Community
#13. Back-Up Important Files Regularly in Case You Need to Restore Them Later Due to Malware Infection or Other Data Loss Incident
Have you ever been a victim of a ransomware attack? If so, I don’t need to share with you the value of a good backup.
Most folks don’t do it (backup), so you’re definitely in the minority if you do.
But what’s most surprising is that the folks who do routine backups fail to verify them.
Former NSA Hacker Reveals 5 Ways to Protect Yourself Online (Video)
"Amateurs hack systems, professionals hack people."
-- Bruce Schneier, a renown computer security professional