What would you lose if hackers got access to your mobile phone, email or online shopping details?
We store an enormous amount of data with online services, and even just one breach can lead to further compromises, maybe even giving an attacker remote access to your computer or smartphone.
As cloud storage and online accounts become more vital to our day to day lives it’s important that we all take some precautions to secure our services and devices, and prepare for the worst in case our information is ever exposed.
Practice basic computer security
One technique utilised by hackers going after a specific person is placing a trojan virus on a target system. Hackers can then record keypresses to grab passwords and download whatever data they desire.
Antivirus (AV) will help prevent such attacks, and you don’t need to pay for the software. There are numerous free AV packages which provide sufficient protection for most of us. Some good free AV tools include Avast!, Microsoft Defender, Avira and AVG. These perform as well, sometimes better, than premium packages like Norton and McAfee. In fact these two might be best avoided anyway as they have a reputation for being bloated and overpriced. If you want to pay, try the excellent ESET NOD32.
It’s also a good idea not to just go clicking on any file attachments that come through email, even if they appear to be coming from someone you trust. Run an anti-virus scan on all downloaded files, otherwise you could come down with a nasty case of the trojans. The super-paranoid can make use of Sandboxie, a smart application that isolates programs to prevent them affecting the rest of the system, allowing you to safely check a file before letting it loose.
As well as an anti-virus package you should install some anti-malware protection. While any virus is technically malware there is a difference between anti-virus and anti-malware applications (and they can safely be run together, while having two AV packages will lead to issues). Anti-malware is designed to pick up different kinds of threats which aren't always detected by AV tools, and they're also very good at clearing out existing infections. Our top choice is the excellent Malwarebytes Anti-Spyware.
Use strong, secure passwords
If your password is too simple, or easy to guess from information that someone could easily obtain (pets, football teams and so on), then you’re just doing a hacker’s job for them.
A mix of numbers, letters and characters is much better but as this StackExchange post explains, and XKCD has illustrated, they’re still not perfect and could be cracked in a reasonable amount of time.
Longer is always better when it comes to passwords. Link together several memorable words into a nonsense phrase and it will be effectively impossible to guess or crack. A great way to do this is use Diceware, which constructs random phrases from the roll of a dice.
It’s also incredibly important that you don’t use the same password across every site, because then a single hack or security leak could open up all your accounts.
To save having to remember all your individual passwords for every site we highly recommend LastPass or another password management tool. These will store all your logins within a securely encrypted container, then you don't need to make the passwords memorable as the software will fill in login forms for you. They can all be unique and extremely complex then you only ever need to remember the one master password to open the container.
For more help with creating strong passwords read our in-depth password security feature.
Backup, backup, backup
Having an up to date copy of your most vital data is an essential safeguard against disaster.
At the very least you should keep copies of vital files in at least one other location, preferably several (follow the 3-2-1 rule).
Be extremely cautious when using any kind of cloud storage system such as Dropbox or iCloud. Not only could this be wiped by an attacker, but you cannot fully trust them for important data. Anything stored here can be accessed from any location with the right permissions, so you might not realise you've been compromised until it's too late. And as we found out from Edward Snowden's NSA leaks, there's no telling who can see your files. At the very least, governments probably have access, but employees might be able to get in there too. If you do use cloud storage you should encrypt data before uploading so it's useless without the password.
Multi factor authentication
Anti-virus, decent passwords and backups are basic stuff, they’re things we should all be doing anyway as a general rule. But they won’t protect against smart and/or lucky hackers, for that we need to look at more advanced security features.
Normally to login to email or another service you just enter a username and password, but MFA means there’s a secondary layer of protection which must be passed before you’re allowed entry. Often it's some kind of hardware device so attackers would need physical access in addition to knowing your password.
This is really common for online banking where you’ll have to slot your credit or debit card into a reader, which spits out an ID code that must be entered in addition to your online banking password.
Google also offers MFA, and all you need is a phone to receive texts.
Go to the Security section of your Google Account and follow the instructions to enable multifactor. It won’t take long and it means that to login to your account someone would need both your password and your mobile phone. You can also download the Google Authenticator app to an Android phone so it can be used on a much wider range of services.
Multifactor is showing up on a lot more often so if it’s available, use it. For instance, LastPass supports it (and you absolutely should use it here, if nowhere else) and the digital download service Steam has a feature called SteamGuard which requires verification every time you connect from a new computer.
Pack a digital emergency recovery kit
If the worst happens you want to be like the Scouts and always be prepared, so put together a digital disaster kit.
Recovery disk/flash drive
It’s not been updated in a while but the Ultimate Boot CD is a free download which, when burnt to a disc, offers a huge range of useful tools to recover a downed PC, including data recovery, secure file deletion and anti-virus.
Also it can be helpful to have a copy of free Linux OS Ubuntu on a USB memory stick. Provided your PC is setup to boot from USB it can provide a fully-functional modern operating system in minutes, no installation required.
Your antivirus tool should also have the option to create a recovery disc which you can use when booting up to scan and eliminate virus infections.
Secondary email address
To recover a forgotten password it’s typical to have a password reset emailed to a secondary address, but this is often an avenue used by hackers as they’ll simply break into the email and from there gain access to all your secrets.
For this reason you should create and maintain an email address that is entirely separate from any other account and only used for password recovery. Make sure it has a long, secure password and that the username and/or address is unlike any of your other emails or nicknames.
One last thing - if you go for a free service it may expire if not used regularly, so remember to login occasionally and check it’s still working. This is particularly important when a deleted address can be registered by someone else.
Portable app toolkit
USB sticks are endlessly useful, not only can they be used to store files or boot operating systems you can also stuff them with portable apps which will allow you to carry on working on any computer.
Head over to portableapps.com to download portable editions of a huge number of common tools such as Firefox and Dropbox. Grab whatever you need, load it on a USB stick and you can run the software without installation.
Hugely useful for quick and easy access to familiar applications when using other people’s systems and avoids downtime if your PC is busted. If you want extra security pick up a neat biometric USB stick with fingerprint scanner.