Online Safety Tips

This blog is intended for both general and technical audiences. While the tips outlined below are basic things everyone should already be aware of, following as many of them as possible will significantly reduce your risk of becoming an online victim. First, using common sense is your primary line of defense in staying safe online. Trust your instincts, be cautious of unfamiliar websites or emails, and think twice before sharing personal information on social media. Common sense can go a long way in protecting you online. In addition to using common sense, adhere to the following guidelines to enhance your online safety.

• Passwords: Use long and complex passwords and change them regularly. If the website allows passphrases, use those instead of passwords with special characters that are hard to remember. For example, a passphrase like "Jade Owl Loop Zinc Moon" is easy to remember but much harder to crack. You can opt-in for passkeys when offered, but don’t be fooled into thinking passkeys will solve all your password problems; they won’t. Read this blog (https://blog.selvansoft.com/2025/01/passkey-practical-or-premature.html) which explains why.
• Multi-Factor Authentication (MFA): Wherever possible, use more than just a password to secure your accounts, commonly referred to as two-factor authentication (2FA). Most websites provide multiple options for MFA these days. Always choose an OTP authenticator or hardware key-based authenticator if those options are offered and avoid SMS-based 2FA at all costs.
• Account Recovery: It is very important to set up account recovery for your Gmail, Apple, and Microsoft accounts. Make sure account recovery is set up with recovery codes, your phone, and most importantly, a different email that you never use for anything else but account recovery.
• Web browsing: Always ensure the website you visit uses the HTTPS protocol, especially when entering sensitive information. While all modern browsers enforce this and provide warnings, be attentive to these warnings and refrain from using any website that does not use HTTPS protocol or, worse, provides a mismatched SSL certificate, which is a red flag for a phishing attempt.
• Online Banking: Before logging in to your banking website for financial transactions or to review your bank statement, close all tabs in your browser. If you are particularly cautious, temporarily disable any browser plugins you may have installed, which you can turn back on later. When you are logged in to your banking website, do not do anything else, such as performing a Google search, browsing Facebook, Instagram, or any other sites. Specifically, avoid reading emails or, worse, clicking on a link your buddy sent you to "check it out." Once you are done with your online banking, make sure to log off. Many secure banking websites these days do protect you by logging you off automatically. However, don’t rely on them because there are still some online banking websites that don’t properly log you out in a reasonable time or, worse, don't do anything.
• Public Wi-Fi: When using public Wi-Fi, avoid logging into sensitive accounts or performing financial transactions. It's safer to wait until you're on a trusted network. This applies even to smartphones, as they are on a wireless data network shared by thousands of devices.
• Enable Firewall: Ensure your device's firewall is enabled. Most operating systems come equipped with a built-in firewall, so enable it and block all inbound connections. Keeping your firewall enabled is a simple yet effective way to bolster your security on any network, public or private.
• DNS: Don’t use the default DNS servers provided by your ISP (Internet Service Provider). Instead, use any of the following DNS servers: 1.1.1.1, 8.8.8.8, or 9.9.9.9. You can follow this link (https://www.tomsguide.com/us/cloudflare-dns-1.1.1.1-set-up,news-26964.html) that walks you through how to change DNS on various devices.
• Antivirus and Anti-malware Software: Keep them updated to protect your device from threats.
• Phishing Scams: Be skeptical of emails or messages with links or attachments that urge immediate action or ask for personal information. If it sounds too good to be true or creates a sense of urgency, it's likely a scam.
• Installing Software: Only download and install software from reputable sources. Avoid pirated software and gaming cheat codes, as they almost always contain malware and viruses.
• Software Update: Regularly update your operating system, browsers, antivirus definitions and apps to protect against security vulnerabilities. 
• App Permissions: Check the permissions granted to apps and revoke any that are unnecessary.
• Personal Information Sharing: Be mindful of what personal information you share online. Don’t overshare on social media and be wary of websites or services asking for more information than necessary.
• Monitor Your Accounts: Regularly check your bank and credit card statements for any unauthorized transactions.
• Credit Freeze: Add a credit freeze to all major credit bureaus. There is no need for your credit report to be in an "unlocked" status unless you are applying for a loan, bank account, credit card, etc., which you don’t do every day. So, why does it need to be in an "unlocked" status? When you need it, you can unlock your credit report, get your business done, and lock it back. Follow this blog (https://blog.selvansoft.com/2023/05/howto-credit-freeze.html) that walks you through the credit freeze process.
• Backup: Regularly back up your data to an external hard drive or a cloud service.
• Educate Yourself: Stay informed about the latest cybersecurity threats and how to protect yourself. There are a lot of useful cybersecurity FAQ’s documented in this blog (https://blog.selvansoft.com/2024/09/cybersecurity-faq.html) 
• Trust Your Gut: If something feels off or too good to be true, it probably is. Your intuition can be a powerful tool in staying safe online.