33 tips to avoid getting hacked
Worried about hackers getting access to your email, social media or bank accounts? Follow these simple steps to complete online security and peace of mind.
Most of us like to think we're pretty tech-savvy, but research has shown that 59% of people use the same password for most websites.
This means a Facebook hacker could also gain access to your smartphone, online file storage, email, Amazon account, smart TV, Google Maps history, social networks... basically your life.
Unfortunately, there's only one dead cert way to avoid ever getting hacked: never go online. But if you don't fancy living under a rock for the rest of your life, we've got the essential tips for staying one step ahead of cyber criminals right here.
Before we get into the nitty-gritty stuff, let's quickly go over the basics. If you get this stuff sorted, you're already drastically reducing your chances of being compromised without having to put much work in.
Trivia question: How many Facebook accounts were directly affected by a data hack in 2018? Answer at the end!
What's in this guide?
Staying safe online: The basics
Use auto-updates to get the latest patches for apps, software and operating systems.
Passwords: don’t re-use them
Using the same password on a whole raft of logins is a rookie mistake. Once hackers get one password, they’ll try it on everything else they can connect you to (see tip 19).
Download from authorised sources
Whether you 'side-load' apps (self-install them) or go for open source software, make sure you get them from trusted sites.
Check for any bundled bits ('spyware' or 'adware') and remove them – toolbars and add-ons that change your default search engines are the biggest culprits.
'Administrator' shouldn't be your default setting
Don’t log in as admin on your computer for day-to-day use (except when you have to, like if you're installing stuff). If you download something dodgy or have already been compromised, hackers can track, install and change pretty much whatever they like.
Turn off when you’re done
That includes logging out of sites when you’ve had your fill of memes, switching off the computer when you leave the house, or disconnecting the WiFi when you’re not using it.
Encrypt to keep your stuff unreadable
Encryption doesn’t stop files, emails or details you submit through a website being intercepted – it ‘scrambles’ the content so they can’t be read by unauthorised users.
One of the most common forms of encryption you can make use of is to check for the little padlock symbol next to the URL (or that the address starts with https, not just http) when you're logging in or providing payment details. Most sites use this nowadays anyway, but it's always worth checking!
There’s much more you can get into, from tweaking email settings to encrypting files on your machines. FileVault (built into Macs) can help, as can check free utilities such as VeraCrypt.
How to protect your computer from hackers and viruses
Protecting yourself from getting hacked can take just a couple of minutes if you follow these quick steps:
- Get yourself decent anti-virus and firewall software – and turn it on! Some insurance companies and banks only cover fraud and theft if you can prove you had security in place.
- Back-up important data on an external hard drive or USB stick. If there’s something that you’d be gutted to lose, keep copies!
- Be picky about which companies you share your personal info with – your data’s only as secure as they are.
- Be very suspicious of emails or messages asking for login or account info, and check that any links are legit (i.e. not hsbo-bank.co.uk) and secure (https not http). This is known as phishing and is one of the easiest ways for passwords to be nicked.
- Most cloud storage is snoopable: encrypt the content you keep in them or check out Dropbox (which claims to encrypt all files stored).
- Only log in to accounts from your own gadgets. If you do have to use a public or shared device, make sure you log out afterwards.
- Where possible, buy online using a credit card. If you're a victim of fraud you'll have a better chance of getting your money back. If you can't get accepted for a credit card, use a prepaid card instead – while this won't insure your stolen cash, hackers will only have access to what you've topped up rather than your entire bank balance.
- If there’s something you really, really don’t want anyone else to know or get hold of, don’t put it online!
How to create a strong password
- Use an unusual but memorable phrase, and replace letters with numbers or punctuation marks (0 instead of o, or 3 for E).
- Never use real answers in security questions – make up memorable answers that will only make sense to you.
- Change passwords at least a couple of times a year: get fresh ones, and don’t just swap around the ones you already use!
- Get LastPass – seriously. It's all very well (and essential) having long and unique passwords for each site, but you'll never remember them without a password manager. LastPass is the most popular free solution for storing them all and integrates easily as a browser extension (and app).
- Use two-step verification if it’s available for logins: if someone signs in from a new or unauthorised device, they’ll have to provide a code that’s only sent to your phone or email address.
Hide your email from spam bots
- Don’t use an easily-guessed email – like [email protected] – for logging into sites holding sensitive information (like online banking). Use alias emails that you can simply forward to your main account.
- In fact, use alias emails for all aspects of your online life: work, personal stuff, online surveys, memes, whatever. This will limit what info hackers can access (and how much spam you get!).
- Forced to enter an email address but worried you’re going to be inundated with spam afterwards? Use one you can burn when you’re done! You can create a temporary email that will combust after use over on guerrillamail.com.
- If your email account displays the location of the last login (Gmail does – check the bottom of the screen), take a look at it every now and again to spot any rogue usage.
Check your social media security settings
- Check your privacy settings: don’t broadcast every update to the whole world. Log out every now and again to view your profile the way strangers see it.
- Don’t accept friend requests from folk you don’t know (obviously!)
- Enable login alerts to get beeped when someone signs into your account. On Facebook, you can turn it on through Security Settings (approve your own devices so you don’t get pointless alerts!).
- Be careful what you share on social, especially your date of birth or any info banks use to verify accounts or lost passwords.
- Review app permissions: whenever you log in to another site using Facebook or add an app to your account, you've opened another door for personal data leakage. See what info you're handing out here.
Protecting your phone and gadgets
- Always lock your phone using either fingerprint recognition, a secure PIN (not your birthday) or unique gesture.
- Know how to wipe your gadgets if they're lost or stolen.
- Put a sticker over any unused webcams (hackers could be watching you).
- Read app permissions to see exactly what data you’re allowing them to access before you install them.
- Install Find My iPhone (Apple) or make sure you've set up Find My Device on Android. Prey is also excellent for tracking, locking and wiping missing phones and laptops.
Stay safe when using WiFi
- Always password protect your home WiFi network, and change the default admin password on your internet routers.
- Remember that public WiFi has more holes than Swiss cheese – everything you do while connected can be spied on.
- Only use well-known or reputable WiFi hotspots – setting up fake free networks is a common sting.
- Turn off sharing, so that things you usually connect or share on a secure network (files, devices or logins) aren’t discoverable.
- Use a VPN (Virtual Private Network) to 'cloak' yourself and your data. Private Internet Access is our favourite due to ease of setup, privacy settings and security features.
- Only visit secure sites: check for the padlock and 'https' in the address bar.
What to do if you’ve been hacked
So you've been hacked? Stay calm and get some damage limitation in place. If you've got any of the tools below, now's the time to use them. If you don't, look into them (or alternatives) ASAP.
- Tell the relevant people: your bank, the police, and any sites involved
- Change your passwords – including any you think thieves could get to, not just for compromised accounts
- Warn personal contacts that you've been hacked
- Consider wiping data remotely if your device is stolen: go to iCloud for Apple, or Google's Device Manager for Android
- Locate your devices if you can (see tip 26) but don't go looking for them yourself! Tell the authorities.
Trivia answer: A whopping 50 million Facebook accounts were directly affected by the hack in 2018! This shows just how important it is to change your password regularly and keep those security settings tight.
While you're ramping up your security settings, why not download these 16 essential apps every student needs?