How To Safely Surf the Internet
Chuck's Cyber Wall
At the end of a recent cybersecurity roundtable, a spontaneous discussion arose about ways to safely surf the internet. Admittedly, unless the roundtable has information relevant to small businesses or medical practices, I typically head over to the discussion channel once the presentation ends. With phishing tactics in enterprise environments as the topic, I hung out in the roundtable channel, talking about recent ransomware attacks. As that wound down, I left the video and was about to close out when I saw in the chat window that people were shouting on the discussion channel.
Sure, cybersecurity experts get passionate about the field, and raised voices are not all that uncommon – but shouting is not something that happens often. Intrigued, I entered the chat and found myself in a roaring contingent of attendees.
At some point, the topic had shifted from phishing tactics to web surfing at work. On one side stood a small group intent on completely locking down internet access – blacklisting everything and allowing only the sites required to do business. The other side supported a more open approach and advocated security training to teach people how to safely surf the internet.
With both sides holding their ground, any hope of progress stopped. So, a group of us returned to the roundtable channel and picked up the discussion of security training.
RULES FOR SAFE WEB SURFING
While enterprise environments were the original topic, the best practices we discussed apply to all business and home users. These are things that we can all do to be safer as we maneuver through the internet.
1. Always Be On Guard
This best practice might sound cynical or paranoid, but it’s absolutely true – there are no 100% safe places on the internet. Government websites get hacked. Social media sites get hacked. News outlets get hacked. Cybercriminals are continuously looking for security vulnerabilities to exploit, no website is too big or too small, and cybercriminals will never stop.
Getting into this mindset is a critical component of security awareness.
2. Do Security Updates
Whether it’s your phone, tablet, computer, or antivirus program, performing security updates is the most important technical thing you can do to be safe online. While issues caused by updates can happen, they are rare, and those issues are inconsequential compared to the headaches involved with getting hacked.
3. Be Careful Where you Share Personal Information
There is nothing more valuable to marketers and cybercriminals than your personal information. The approach is the same whether they are blanketing you with product ads or trying to steal some aspect of your digital identity. Facebook quizzes, free guides, contests, any place where you are required to enter information about yourself, there is a danger. It might be fun to see what Disney Princess you are, but that’s not the intent of the questions.
The more information you volunteer about yourself, the less safe you are online.
4. Leave Web Pages Filled with Advertisements
It doesn’t matter how pretty the web page might be, one of the simplest hacks is inserting fake ads. Often referred to as clickbait, a telling feature is the lack of a close option. By clicking links or buttons, these ads can run malicious code on your computer or take you to fake websites.
When you encounter a page that automatically opens a new tab or has large pop-up screens, immediately close the browser. It’s better to get away than to accidentally click on the wrong thing.
5. 99.9% of All Offered Gifts Online are a Scam
When surfing the web, if you get to a page that says you’ve won something – CONGRATULATIONS YOU ARE THE 1 BILLIONTH VISITOR – it is a scam. While there is the most remote, infinitesimal possibility that a giveaway might be real, it’s not worth the risk. Cybercriminals know that the best way to get people to click is to tell them that they won something. Stay away from these.
6. Be Wary of Downloads
Most browsers allow you to preview the content of text files, but compressed files can hold any number of surprises. When making purchases of software, images, ebooks, and other such items, they will often come in zip files. Most of the time, if you are paying for a product, it’s safe. If it’s free, ask yourself why this is free before downloading.
On the internet, free is never really free. Most offers require you to provide an email address or other personal information. If nothing is asked in exchange for a download, it is almost certainly malicious – don’t do it.
7. Logging Into Other Sites with Social Media Accounts
Many websites will allow you to sign-up and log in using your Facebook, YouTube, or other social media credentials. This single sign-in feature seems horribly convenient, but it’s just horrible. Doing this gives the website administrator access to your login token and personal information with your consent, without telling you that you gave consent.
Does this seem shady? It is.
If you want to sign up for a new website, always register for a new account. Also, don’t feel compelled to provide complete or even accurate personal information – always provide as little personal information as possible.
8. Internet Anonymity May Not Be What You Think
Many people think they are preserving their anonymity online by using an incognito browser. That is simply not true. While incognito mode doesn’t save a history of websites visited on your device, the information packets still point to all the places you visit. This means that your internet provider and web crawlers will still have logs that show every site you’ve visited.
The highest degree of anonymity requires a VPN or proxy server.
9. Enter Web Addresses Directly into the Browser
Avoid clicking on links whenever possible. Yes, it is far more convenient, but it’s not safe because any word can be made into a link. Unsafe links are especially true in emails. Even if it comes from a trusted source, hover over it before you click it – this will show you where the link is taking you. If the link doesn’t match the words, don’t click on it.
10. Check Your Online Accounts Regularly
Especially important for financial and shopping accounts, regularly checking for unknown transactions will help you to discover a problem before it escalates. Spyware and malware allow cybercriminals to steal your credentials, which are by far the most potentially damaging. Keeping an eye on online transactions is essential to stopping fraud and identity theft.
SAFE SURFING REQUIRES EFFORT
Perhaps the most significant factor that came from the shouting match part of the discussion was a debate on the willingness of users to embrace the mindset of always remaining on guard. As cybersecurity professionals, we have two options – take away users’ freedom to surf the internet to maintain security or teach users how to surf safely. While many of us prefer the latter, users must be willing to try to follow these best practices.
Unfortunately, no matter how advanced security tools get, it is ultimately only as secure as the person using the device.
Director of Cybersecurity and Marketing
I’ve always had a love of working with technology, being fortunate enough to have grown up with a grandfather who taught me how to fix things for myself and not be afraid to jump in and get my hands dirty. Over the last three decades, I’ve worked as a technician, trainer, technical writer, and manager in small businesses, enterprise organizations, and government. In addition, I’m an author, having published multiple works available online and in print. You can find my creative work at https://WritingDistracted.com