Be suspicious of emails
A lot of cyber attacks are launched through simple malicious email campaigns. Email is a wonderful communication platform because you can sending anything to anyone, but that means it can be a huge security risk. Phishing, for example, sends victims seemingly innocuous emails that will lead victims to fake websites asking to update their personal information.
The best way to avoid being scammed by phony emails is to just make sure the sender is who you think it is. Check their email address to see if they match with the website you think it's from. To be extra cautious you can check the IP address of the sender.
You can do this by finding the source information from the email and looking for the IP address that follows the line "Received: from." You can then Google the IP address to learn the email's source.
Check link locations
Unknown messages contain links to unknown sites. Surfing to a mysterious website can bring about unintended consequences. For one, it could mimic a site you know and trust and help you fall prey to a phishing scam. Or, it may be unsecured or infected with malware.
If you are tempted to click on one of these links, you better know exactly where it's taking you. The best way is to copy and paste the link location into a new browser to see what site is on the other side. If it's a shortened link, you can use tools like URL X-ray that figure out the real destination before you click it.
Also, encrypted sites are the safest ones to visit. You know they are safe when you see HTTPS in the URL and the lock icon on your browser.
Never open attachments (unless you're really sure)
A good rule to follow is never open attachments unless you are 120% sure of where they came from. One of the easiest ways for hackers to download malicious code onto victim computers is by sending emails with virus-laden files.
A frequent way companies get hacked is by one unsuspecting employee downloading malicious software that infiltrates the entire network. The most dangerous file types are Word, PDFs, and .EXEs.
Use two-factor authentication
As bigger companies get hacked, the likelihood that your password is leaked increases. Once hackers get passwords, they try to figure out which personal accounts they can access with the data they stole.
Two-factor authentication — which requires users to not only enter a password but to also confirm entry with another item like a code texted to a phone — is a good way to stop attackers who have stolen passwords. More companies are making it standard for logging in.
Slack, for example, instituted two-step authentication once it owned up to a recent data breach. This meant that if hackers did steal Slack user data, the hackers would still most likely not be able to get into a user's account unless they had another personal item that belonged to the user, like a phone. If two-factor authentication is an option for your accounts, it's wise to choose it.
Use advanced passwords
This may be the most obvious yet overlooked tip. A strong password includes uppercase, lowercase, numbers, punctuation, and gibberish. Don't make the password a personal reference, and don't store a list in a saved file.
Most importantly, don't use the same password for multiple accounts.
There are some great tools like LastPass and 1Password that securely store passwords. Also, it's crucial to change passwords frequently — especially for vulnerable accounts like email and banking.
Be wary of the cloud
Here's a good rule of thumb — if you don't want people to access your information, don't share it. This includes cloud storage. No matter how secure a platform says it is, you ought to keep in mind that you're giving it to someone else to watch over. While it's in the company's best interests to keep it secure, many privacy experts maintain that anything you put online stands the chance of being published online.
Does this mean you shouldn't store anything in the cloud? Not necessarily, it's just helpful to remain aware of where your files are going. And to know the practices of your cloud storage provider.
Additionally, be sure that if you delete files on your computer or smartphone that they are also deleted on any cloud backups you have too.
On public Wi-Fi? Don't share personal data
Thinking about buying that plane ticket or checking your bank account while sitting at the coffee shop? You may want to think twice about that, as you have no idea how secure that connection is.
The same goes for places like hotels and conference centers. Security researchers just uncovered a vulnerability that made Wi-Fi traffic at some of the world's biggest hotels vulnerable to attack. There is no way for an individual to know if this is happening, so it's best to be judicious with where you are surfing.
If you must access private information while on these networks, it would be good to use tools like virtual private networks (VPNs), which encrypt traffic so the Wi-Fi network can't see where you're surfing. Or, better yet, just set up a hotspot using your mobile data.