“How to not get hacked” 102: Even more simple tips to protect yourself

If you haven’t already, we recommend reading our 101 article first:

“How to Not Get Hacked” 101: 5 Simple Tips to Protect Yourself

But once you’re done with those, then here you go! These are important tips that I recommend everyone follow.

1. Don’t use security questions

Yep, it’s true: despite the name, security questions are NOT secure—they’re anything but. People at least try to keep their passwords a secret, but nobody tries to hide the name of their pet or the mascot of their high school or the model of car that their aunt’s cousin’s sister’s cat drives. In fact, people willingly share info like this all the time with the world via social media, and much of the rest is available from public records. If it only takes an attacker a few minutes of Googling in order to reset your account password, that’s a “security” level roughly on par with a bank vault made of cardboard. It doesn’t matter how strong the front door is if thieves can just go in the back door.

But what is one to do? So many sites these days require you to set security answers. What’s the alternative?

The solution is simple: just enter another password! Your password manager should be able to generate new “passwords” to use as answers and store them as a “secure note” along with your username and real password.

For more info on this topic, see the full article:

Stop using security questions!

2. Learn how to be skeptical

I know I linked this article in the previous post as well, but this really is one of the most important tips, so it’s worth reiterating. Probably the most common method of hacking is by taking advantage of the human element. After all, hacking computers is relatively difficult. But hacking people is easy! People are constantly making mistakes and trusting stuff that they shouldn’t. So if you haven’t fully read through the below article yet, I highly recommend that you do:

How to not get scammed

But for the sake of this article, here’s a quick summary of the things you really shouldn’t do unless you’re 100% sure of the consequences:

• Don’t type URLs by hand when visiting websites (you might make a typo; use Google or a bookmark instead)
• Don’t download apps (you are giving them even more access on your phone/computer than a website would have)
• Don’t enable permissions for apps/sites to do various things (like access your location, camera, files, etc.) unless you really need the functionality (they might use it for evil)
• Don’t download attachments to emails, text messages, etc. (could be malware)
• Don’t click links in emails, text messages, or online posts (could be phishing sites or malware)
• Don’t scan random QR codes (it’s the same thing as clicking a link!)
• Don’t trust anyone who calls you randomly (probably a scam)
• Don’t trust anyone who asks for money (probably a scam)
• Don’t trust anyone who threatens you or makes you worried (probably a scam)
• Don’t log in on public devices or on other people’s devices (they might steal your password)

3. Keep backups

One of the more common types of malware these days is ransomware. Once it infects your device, it will encrypt all of the data, but then not tell you the decryption password unless you pay a fee—usually in the hundreds of dollars. And even then, sometimes the decryption process doesn’t work, and you paid hundreds of dollars for nothing!

The easy solution here is to keep backups of all of your important data! For most people, I recommend using a cloud service. You can either manually upload files to any regular cloud storage service occasionally (e.g. Google Docs/Drive, Amazon S3, etc.), or you can use an actual backup service like Backblaze or Dropbox Backup. I recommend setting up an automatic solution so that you can’t forget to take backups!

For more info on setting up backups, see our article:

How to Not Lose All of Your Data: Backups for Beginners

4. Lock your computer/phone

This is an easy one. Just put a password/pin lock on all of your devices. If you don’t, and your device gets lost or stolen, then whoever holds the device has access to every website that’s already logged in. And if your email account is open, then it’s really game over, since most websites will allow the password to be reset via email.

Of course, in the case of computers, that means you’ll also have to lock it when you leave it unattended, even if it’s sitting in your house. After all, your house isn’t immune to burglars. And it isn’t a bad idea to make it auto-lock after few minutes of inactivity too, just to be safe (both from criminals and from friends who might otherwise see an unlocked device and decide that a prank is in order). Just Google for “how to auto lock windows/mac/android/iphone after few minutes”.

5. Keep your software/firmware up to date

One of the most common ways for hackers to get into your devices is by using software bugs that the tech companies have already fixed, but that consumers haven’t downloaded yet. That’s why it’s important to always keep your software up-to-date, particularly for anything that connects to the Internet. For your phone/computer, that means that the most important things to keep updated are your operating system (e.g. Windows, Mac OS, Android, iOS, etc.) and any web browsers (like Firefox, Chrome, Safari, etc.). Luckily, most of this stuff updates automatically; all you have to do is make sure you don’t disable it!

However, some stuff doesn’t update automatically, and this can include devices like routers, security systems, smart TVs, and other “smart” devices. With devices like these, the updates are often called “firmware updates” (as opposed to software). If you’re not sure how to update these, it’s usually not too hard to Google for it (e.g. “how to update firmware for XYZ router/TV/etc.”). It’s probably a good idea to check for updates on these devices at least every few months.