32 tips to avoid getting hacked
Keep hackers, stalkers and spammers out of your personal business – and your bank accounts! Here's how to lock-down your settings and stay safe online.600,000 Facebook accounts are hacked every day, according to Facebook's own security director – and most victims won't even have a clue.
Over half of us use the same password for most websites, meaning a Facebook hacker also has access to your smart phone, online file storage, email, Amazon account, smart TV, Google Maps history, social networks… basically your life.
And the number of hackers is growing, too. Anyone can download off-the-shelf software that attacks sites and web users at the click of a button.
Unfortunately, there's only one dead cert way to avoid ever getting hacked, and that's to never go online… yup, about as likely as Donald Trump getting a decent hair cut.
But don't panic: we've got the essential tools and tips to staying one key ahead of cyber criminals right here.
'UPDATE' and you won't get hacked
We can't stress this enough: if you want to minimise a hit, take steps before you get hacked. First, take a nugget of wisdom from 'net safety specialist Marc Goodman – his ‘UPDATE’ acronym covers the basics – then ramp 'em up with our 32 tips below.
Use auto-updates to get the latest patches for apps, software or operating systems.
Passwords: don’t re-use them
Using the same password on a whole raft of logins is a rookie mistake. Once hackers get one password, they’ll try it on everything else they can connect you to. See tip 19.
Download from authorised sources
Whether you 'side-load' apps (self-install them) or go for open source software, make sure you get them from trusted sites. Check for any bundled bits ('spyware' or 'adware') – toolbars are the biggest culprits.
'Administrator' shouldn't be your default setting
Don’t log in as admin on your computer for day-to-day use (except when you have to, such as for installing stuff). If you download something dodgy or have already been compromised, hackers can track, install and change pretty much whatever they like.
Turn off when you’re done
That includes logging out of sites when you’ve had your fill of Lolcats, switching off the computer when you leave the house, or disconnecting the wifi when you’re not using it.
Encrypt to keep your stuff unreadable
Encryption doesn’t stop files, emails or details you submit through a website being intercepted – it ‘scrambles’ the content so they can’t be read by unauthorized users. An easy way to make use of encryption is to check sites you log in to display the little padlock symbol next to the URL (or that the address starts with https, not just http).
There’s much more you can get into, from tweaking email settings to encrypting files on your machines. FileVault (built into Macs) can help, or check free utilities such as VeraCrypt.
32 practical ways to give hackers the boot
The more stuff you connect online, the more opportunities for hackers to have a go. Here’s what else you can do to keep it secure.
- Get yourself decent anti-virus and firewall software – and turn it on! Some insurance companies and banks only cover fraud and theft if you can prove you had security in place.
- Back-up important data on a removable drive or USB stick. If there’s something that you’d be gutted to lose – keep copies!
- Be choosy about which companies you share your personal info with: your data’s only as secure as they are.
- Be very suspicious of emails or messages asking for login or account info. Check any links are legit (ie. not hsbo-bank.co.uk) and secure (https). 'Phishing' is one of the easiest ways for passwords to be nicked.
- Most cloud storage is snoopable: encrypt the content you keep in them, or check out Dropbox (claims to encrypt all files stored).
- Only log in to accounts from your own gadgets. If you do have to use a public or shared device, make sure you log out afterwards.
- Where possible, buy online using a credit card. If you're a victim of fraud you'll have a good chance of getting your money back. If you can't get accepted for a credit card, use a prepaid card instead – whilst this won't insure your stolen cash, hackers will only have access to what you've topped up rather than your entire bank balance.
- If there’s something you really, really don’t want anyone else to know or get hold of, don’t put it online! 😉
- Use an unusual but memorable phrase but replace letters with numbers or punctuation marks (0 instead of o, or 3 for E).
- Never use real answers in security questions – make up memorable answers that will only make sense to you.
- Change passwords at least a couple of times a year: get fresh ones, don’t just swap round the ones you already use!
- Get LastPass – seriously. It's all very well (and essential) having long and unique passwords for each site, but you'll never remember them without a password manager. LastPass is the most popular free solution and integrates easily as a browser extension (and app).
- Use 2-step verification if it’s available for logins: if someone signs in from a new or unauthorised device, they’ll have to provide a code that’s only sent to your phone or email address.
- Don’t use an easily-guessed email – [email protected] – for logging into sites holding sensitive information (like banking). Use alias emails that you can simply forward to your main account.
- In fact, use alias emails for all aspects of your online life: work, personal, surveys, lolcats, whatever. This'll limit what info hackers can access (and how much spam you get!).
- Forced to enter an email address but worried you’ll be spammed harder than a dead parrot sketch? Use one you can burn when you’re done! You can create a temporary email that will combust after use over on guerrillamail.com.
- If your email account displays the location of the last login (Gmail does – check the bottom of the screen), take a look at it every now and again to spot any rogue usage.
- Check your privacy settings: don’t broadcast every update to the whole world. Log out every now and again to view your profile and keep tabs of what strangers can see about you.
- Don’t accept contact requests from folk you don’t know (obviously!)
- Enable login alerts to get beeped when someone signs-into your account. On Facebook, you can turn it on through Security Settings (approve your own devices so you don’t get pointless alerts!)
- Be careful what you share on social, especially your date of birth or any info banks use to verify accounts or lost passwords.
- Review app permissions: whenever you log in to another site using Facebook or add an App to your account, you've opened another door for personal data leakage. See what info you're handing out here.
Phones & gadgets
Credit: C_ossett – Flickr
- Always lock your phone using either fingerprint recognition, a secure pin (not your birthday) or unique gesture.
- Know how to wipe your gadgets if they're lost or stolen.
- Put a sticker over any unused webcams (hackers could be watching you).
- Read app permissions to see exactly what data you’re allowing them to access before you install them (why do Flashlight apps need your location?).
- Install Find My iPhone (Apple) or Airdroid (Android). Prey is also excellent for tracking, locking and wiping missing phones and laptops.
- Always password protect your home wifi network, and change the default admin password on your internet routers.
- Remember that public wifi has more holes than an MP’s expenses claim – everything you do while connected can be spied on.
- Only use well-known wifi hotspots – setting up fake free networks is a common sting.
- Turn off sharing, so that things you usually connect or share on a secure network (files, devices or logins) aren’t discoverable.
- Use a VPN – Virtual Private Network – to 'cloak' yourself and your data. Overplay is our favourite due to ease of setup, privacy settings and security features.
- Only visit secure sites: check for the padlock and ‘https’ in the address bar.
What to do if you’ve been hacked
Credit: thejokerstrick – Flickr
So you've been hacked? Stay calm and get some damage-limitation in place. If you've got any of the tools below, now's the time to use them. If you don't, look into them (or alternatives) pronto.
- Tell the relevant bods: your bank, the cops, and any sites involved.
- Change your passwords – including any you think thieves could get to, not just for compromised accounts.
- Warn personal contacts that you've been hacked.
- Consider wiping data remotely if your device is stolen: go to iCloud for Apple, or Google's Device Manager for Android.
- Locate your devices if you can (see tip 25) but don't go looking for them yourself! Tell the authorities.
You don't have to do everything on this page, but it could dramatically cut your chances of an online looting. At least UPDATE if nothing else. Good luck!