Information security and computer security aren’t really things that most people think about on a regular basis. They sound boring. Most of the time, we’re just focused on getting our fancy smart devices to do our taxes, play marathons of The Office, and quiz us on what kind of sandwich we are. If it does those things, we’re happy. It’s as simple as that, right? Why worry about the mere possibility of some threat so nebulous as “getting hacked”? What’s the worst that could happen?
Such lines of thought are a common—arguably necessary—coping mechanism for humans of the information age. Life is so complicated, we literally can’t worry about every little thing. Not only would we go crazy, but in order to worry about something, we need to understand it at least a little bit. And many people have practically no understanding of the so-called “smart” devices that are increasingly central to our lives, let alone all the things that can go wrong with them.
So let’s try to figure it out. Do you need to worry? What actually is the worst that could happen?
What does it even mean to “get hacked”?
When most people think of “hackers” (in the “evil” sense of the word, rather than the “nerd” sense), they’re probably thinking of one of two things:
- A hooded figure huddled in a dark basement somewhere, furiously tapping away on fifteen separate keyboards, stopping only for Cheetos breaks
- Your “friend” when you once checked Facebook on their computer without logging out, and they used your account to post a bunch of really embarrassing stuff
Neither seems particularly dastardly or worth concerning oneself about. But what if the threat is more serious? Here are some of the things you should actually worry about:
Identity theft
This is when someone gets enough personal info about you (e.g. name, birthday, address, social security number) to take out credit cards and loans in your name. When the thief doesn’t pay them back, the burden falls on you, and your credit score can be ruined. You can usually get the charges reversed, but it’s going to be a long and difficult road, filled with paperwork, police reports, and hours upon hours of earbleed-inducing hold music.
Thieves can even rent apartments in your name and then fail to pay rent. This can put evictions on your record and make it almost impossible to rent again, even if the eviction doesn’t hold up in court.
Oh yeah, and identity theft is the gift that keeps on giving, since chances are that your birthday didn’t change. Once the info is out there, you can’t squeeze it back into the proverbial toothpaste tube. If it gets bad enough, you can change your social security number (or even your name), but who wants to deal with that?
Identity theft: not even once.
Debit/credit card theft
Ever used a sketchy ATM or gas pump? Congrats, there’s a good chance that your card was skimmed, i.e. copied and sent to thief by a little device that attaches to the card reader. Maybe you bought something off a shady online store? I hope your collectible Smurfs lunchbox was worth your card number being sold to the highest bidder via an underground auction site.
If you notice it quickly, you can usually get any fraudulent charges reversed. But if not, you might be out of luck (and out of money). It’s worth noting that credit cards have better protections than debit cards do, but it’s still not foolproof.
Bank account takeovers
Even worse than your cards getting stolen can be getting your entire bank account taken over. If someone gets your debit card, usually the most they can do is wipe out your checking account (or less, if they hit the daily transaction limit on the card). But if they have your full bank credentials, they can get everything, including savings, credit cards, investments, and linked accounts (e.g. family members’ accounts).
Again, if you notice it quickly, the bank may be able to stop the transactions and eventually get you your money back. But in the meantime, you still have to figure out how to put food on the table. If your accounts were drained, your bank might not resolve the issue for days, weeks, or even months. And there’s no guarantee that they will ever make you whole again, especially if you didn’t notice the fraudulent activity immediately.
Data breach
It seems like every other day that some company, big or small, announces that its databases of customer information have been “hacked”. And every time this happens, all that customer data (i.e. your data) ends up getting sold on the “dark web” to facilitate any of the above described types of theft.
Malware infection (e.g. viruses, worms, trojan horses, etc.)
Malware is harmful software that can infect your computer, smartphone, or any other smart device (including fridges and toasters). Once it’s installed, it can do just about anything, including:
- Stealing all of your passwords and financial information, leading to any of the above situations
- Holding your data for ransom so you that need to pay hundreds of dollars to get it back
- Listening to all of your phone calls
- Reading all of your messages and mail
- Tracking your location, search history, etc.
- Slowing down your device or loading it up with lots of ads and unwanted software
- Blackmailing you with embarrassing photos/videos found on your computer/phone, or even new ones that it captured by sneakily turning on your camera/microphone
- Using your contact list to spread malware to your friends and family
- Using your wifi network to spread malware to other nearby devices
- Using your device to spread other illegal content or harm others
“But will any of that really happen to me?”
Maybe not. Maybe you’ll be lucky. Maybe you’re the kind of person who doesn’t feel the need to lock your front door because you live in a safe neighborhood. But on the Internet, you must remember that everyone is in the same neighborhood. And that means that there’s basically no barrier between you and the people who want to ruin your life for their own benefit. If you don’t want to be a victim, you’ll need to take some basic precautions. At the very least, you’ll probably want to start locking the (metaphorical) front door with these simple tips.
5 simple tips to protect yourself
Even if you’re new to security, you may have heard some of these tips before. These are the things that pretty much everyone can and should do to keep themselves (and their information) safe. If there’s one thing in this article to remember, it’s this entire article. 🙂
1. Learn how to be skeptical
Out in the real world, you’d be called paranoid if you thought that everyone was out to get you. But on the Internet, it’s true: everyone really is out to get you.
Most email is spam. Most websites are fakes. Most apps are just thinly-veiled data-harvesting tools (yes, even TikTok), and a lot of the rest are straight-up malware (yes, even that neat flashlight app you downloaded a while ago). In an environment like this, it pays to be a bit skeptical. There’s an entire network of criminals out there just waiting for you to make a mistake. To download this “hilarious puppy video”, to just “confirm your account details” real quick, to click the button that says “yes, I am sure I want to install this untrusted software from the Internet that is requesting all possible permissions”.
So then how does one become more skeptical?
Basically, learn to question everything. Assume that every email, every call, every website, and every app are just trying to trick you. They are guilty until proven innocent.
For more specific tips on how to act skeptically, see our full article on how to not get scammed:
TL;DR: Don’t download apps, don’t click links, and NEVER give out your password or other personal info.
2. Get an ad blocker
Not only are online ads annoying, but they can be dangerous! Some ads lead to fake phishing websites or can download malware onto your computer. And yes, you can find nefarious ads even on otherwise reputable sites; stuff always slips through the cracks. If you accidentally click on one, you can end up in a world of hurt. And some particularly nasty ads can even infect your computer with viruses without you doing anything other than loading a regular web page!
There’s an easy way to stop this though! All you need to do is install an adblocker! The most common type is just a browser extension that you install once, and then most ads will be blocked from then on. The one that most of the pros use is called uBlock Origin, and the best part is that it’s free! For computer browsers, it works on Firefox and Chrome (for now, at least), but for mobile browsers, it only works on Firefox. If you’re not already using Firefox, trust me, it’s worth switching just for the adblocking!
3. Get a password manager
A password manager is software that will generate unique, secure passwords for every website and then store them for you so that you don’t have to remember them all. Easier than a pile of sticky notes on your desk, and way way WAY more secure than just using the same password for every site.
For a little more info, see our full article on password managers:
But if you just want to jump right into it, here’s what to do:
- Install Bitwarden on all of your devices. I recommend using the browser add-on.
- Create a new strong, unique password to use as the master password. Since this is the one you actually have to remember, use a password generator like Correct Horse Battery Staple. It’s way easier to remember 4–8 random words than 16–32 random letters.
- Make sure to modify the password it spits out a little bit, just in case the site is evil and is actually recording the passwords.
- Start putting all your passwords into it. At least put the most important ones in there to start with (e.g. email, banking, social media, etc.). All new ones should definitely go in there; you have no excuse not to. Browser plugins will often even ask to save them automatically.
- If you already have some passwords saved in your browser, you can import them. After the import, delete them from your browser in the browser’s settings so that they’re only stored in the more-secure place (the password manager).
- If any of your existing passwords are weak or are reused across sites, make sure to generate better ones!
- You don’t have to do it all at once. Just start with the most important ones.
- Done! You’ve never felt so secure!
4. Keep your personal info private
Sometimes you can’t avoid using a service that will allow you (or others) to reset your account with personal info (e.g. security questions you can’t specify the answer to). Many governments and large institutions will allow anyone into your account as long as they can provide a few basic tidbits, like your mother’s maiden name, your birthday, and your street address from 5 years ago. So how can you prevent that info from getting out?
Easy: never share your personal info the first place. Be stingy with it. Don’t enter it when a website asks for it unless you think they actually need it or will verify it against your ID (e.g. for healthcare, finance, or government sites). Don’t post it publicly. Only enter it where absolutely necessary. This includes:
- Your full name
- Your birthday
- Your phone number
- Your email address
- Your physical address (and any past addresses)
- Your social security number (duh)
Just because a website asks for your name and birthday doesn’t mean you need to enter it. As far as the Internet is concerned, I’m Firstname Lastname and I was born on January 1st, 1970. Nice to meet you.
Even if you think the company will keep the info private (not likely, since most companies sell it in some form or another), there’s always a chance of data breaches. So just keep it to yourself when you can!
5. Keep tabs on your accounts
As I said earlier, if your financial info or accounts are compromised, time is of the essence when it comes to dealing with it. So you need to know as soon as possible when something goes wrong.
The solution? Account alerts! Most modern banks will allow you to set up text/email alerts for any debit/credit/bank transactions. Seriously, take 5 minutes now and set them up. Go on, I’ll wait.
All done now? Come on, don’t lie. This is important stuff! Alerts will let you know the minute you’re compromised so that you can shut those criminals down before they do any real damage.
Another important thing to fend off identity theft is to regularly review your credit report; this will let you know if anyone is taking out credit cards in your name, or even if some random company just committed a clerical error that makes you look bad. My favorite site to use for this is Credit Karma; it’s free and gives you alerts when things change.
Conclusion
So what’s the point of all of this? Well, the most common types of hacks/scams/thefts are generally not targeted at individuals; rather, they aim to fleece as many people as possible. They’re trying to catch the low-hanging fruit—the people who are taking basically zero precautions. With the above basic strategies, you’ll avoid the vast majority of online perils. Using a password manager will help protect all of your online accounts, while keeping your personal info safe and setting up account alerts will add some extra protection against financial fraud. That, along with a healthy dose of skepticism, should vastly reduce your chances of becoming yet another victim. If you’ve actually done all this, you deserve a pat on the back. Go ahead, you’ve earned it!
But maybe you’re still worried. These simple tips surely won’t be able to outsmart the more clever criminals out there, right? Well you’re right; the simple truth is that it’s impossible to be 100% secure, and the closer you get, the more diligent you need to be. But if you’re willing to go the extra mile, then stick around for the next post in this series about information security and computer security, where we’ll dive into some more complex topics and start to achieve some serious security. Until then, stay safe!
Next article in series:
The Readyist 
3 thoughts on ““How to Not Get Hacked” 101: 5 Simple Tips to Protect Yourself”