33 tips on how to not get hacked
Worried about hackers getting access to your email, social media or bank accounts? Follow these simple steps to complete online security and peace of mind.
Most of us like to think we're pretty tech-savvy, but research has shown that almost two-thirds of people use the same password for most websites.
This means a Facebook hacker could also gain access to your smartphone, online file storage, email, Amazon account, smart TV, Google Maps history, social networks... basically your life.
Unfortunately, there's only one dead cert way to avoid ever getting hacked: never go online. But if you don't fancy living under a rock for the rest of your life, we've got the essential tips for staying one step ahead of cybercriminals right here.
Before we get into our main tips on how to prevent hacking, let's quickly go over the basics. If you get this stuff sorted, you're already drastically reducing your chances of being compromised without having to put much work in.
What's in this guide?
How to prevent getting hacked: The basics
- Update regularly – Use auto-updates to get the latest patches for apps, software and operating systems.
- Passwords: don't re-use them – Using the same password on a whole raft of logins is a rookie mistake. Once hackers get one password, they'll try it on everything else they can connect you to.
- Download from authorised sources – Whether you 'side-load' apps (self-install them) or go for open source software, make sure you get them from trusted sites. Check for any bundled bits ('spyware' or 'adware') and remove them – toolbars and add-ons that change your default search engines are the biggest culprits.
- 'Administrator' shouldn't be your default setting – Don't log in as admin on your computer for day-to-day use (except when you have to, like if you're installing stuff). If you download something dodgy or have already been compromised, hackers can track, install and change pretty much whatever they like.
- Turn off when you're done – That includes logging out of sites when you've had your fill of memes, switching off the computer when you leave the house, or disconnecting the WiFi when you're not using it.
- Encrypt to keep your stuff unreadable – Encryption doesn't stop files, emails or details you submit through a website being intercepted – it 'scrambles' the content so they can't be read by unauthorised users. Always check for the little padlock symbol next to the URL (or that the address starts with https, not just http) when you're logging in or providing payment details. FileVault (built into Macs) can help, as can check free utilities such as VeraCrypt.
33 tips on how to avoid getting hacked
Protecting yourself from getting hacked can take just a few minutes if you follow these quick steps:
- Get yourself decent anti-virus and firewall software – and turn it on! Some insurance companies and banks only cover fraud and theft if you can prove you had security in place.
- Back-up important data on an external hard drive or USB stick. If there's something that you'd be gutted to lose, keep copies.
- Be picky about which companies you share your personal info with – your data's only as secure as they are.
- Be very suspicious of emails or messages asking for login or account info, and check that any links are legit (i.e. not hsbo-bank.co.uk) and secure (https not http). These are known as phishing scams and are one of the easiest ways for passwords to be nicked.
- Most cloud storage is snoopable: encrypt the content you keep in them or check out Dropbox (which claims to encrypt all files stored).
- Only log in to accounts from your own gadgets. If you do have to use a public or shared device, make sure you log out afterwards.
- Where possible, buy online using a credit card. If you're a victim of fraud, you'll have a better chance of getting your money back. If you can't get accepted for a credit card, use a prepaid card instead – while this won't insure your stolen cash, hackers will only have access to what you've topped up rather than your entire bank balance.
- If there's something you really, really don't want anyone else to know or get hold of, don't put it online!
- When it comes to passwords, use an unusual but memorable phrase, and replace letters with numbers or punctuation marks (zero instead of o, or 3 for E).
- Never use real answers in security questions – make up memorable answers that will only make sense to you.
- Change passwords at least a couple of times a year: get fresh ones, and don't just swap around the ones you already use.
- Get LastPass – seriously. It's all very well (and essential) having long and unique passwords for each site, but you'll never remember them without a password manager. LastPass is the most popular free solution for storing them all and integrates easily as a browser extension (and app).
- Use two-step verification if it's available for logins: if someone signs in from a new or unauthorised device, they'll have to provide a code that's only sent to your phone or email address.
- Don't use an easily-guessed email – like [email protected] – for logging into sites holding sensitive information (like online banking). Use alias emails that you can simply forward to your main account.
- In fact, use alias emails for all aspects of your online life: work, personal stuff, paid surveys, memes, whatever. This will limit what info hackers can access (and how much spam you get).
- Forced to enter an email address but worried you're going to be inundated with spam afterwards? Use one you can burn when you're done! You can create a temporary email that will combust after use over on guerrillamail.com.
- If your email account displays the location of the last login (Gmail does – check the bottom of the screen), take a look at it every now and again to spot any rogue usage.
- Check your privacy settings on social media: don't broadcast every update to the whole world. Log out every now and again to view your profile the way strangers see it.
- Don't accept friend requests from folk you don't know.
- Enable login alerts to get beeped when someone signs into your social media accounts. On Facebook, you can turn it on through Security Settings (approve your own devices so you don't get pointless alerts).
- Be careful what you share on social, especially your date of birth or any info banks use to verify accounts or lost passwords.
- Review app permissions: whenever you log in to another site using Facebook or add an app to your account, you've opened another door for personal data leakage. See what info you're handing out.
- Always lock your phone using either fingerprint recognition, a secure PIN (not your birthday) or a unique gesture.
- Know how to wipe your gadgets if they're lost or stolen.
- Put a sticker over any unused webcams (hackers could be watching you).
- Read app permissions to see exactly what data you're allowing them to access before you install them.
- Install Find My iPhone (Apple) or make sure you've set up Find My Device on Android. Prey is also excellent for tracking, locking and wiping missing phones and laptops.
- Always password-protect your home WiFi network, and change the default admin password on your internet routers. Making sure your WiFi is password-protected also happens to be a good way to improve your broadband speed.
- Remember that public WiFi has more holes than Swiss cheese – everything you do while connected can be spied on.
- Only use well-known or reputable WiFi hotspots – setting up fake free networks is a common sting.
- Turn off sharing, so that things you usually connect or share on a secure network (files, devices or logins) aren't discoverable.
- Use a VPN (Virtual Private Network) to 'cloak' yourself and your data. Private Internet Access is our favourite due to ease of setup, privacy settings and security features.
- Only visit secure sites: check for the padlock and 'https' in the address bar.
What to do if you think you've been hacked
If you've been hacked, stay calm and do the following:
- Tell the relevant people: your bank, the police, and any sites involved.
- Change your passwords – including any you think thieves could get to, not just for compromised accounts.
- Warn personal contacts that you've been hacked.
- Consider wiping data remotely if your device is stolen: go to iCloud for Apple, or Google's Device Manager for Android.
- Locate your devices if you can (see tip 27) but don't go looking for them yourself! Tell the authorities.
While you're ramping up your security settings, why not download these essential apps every student needs?