Cybersecurity checklist: Steps you should follow to ensure your safety online

With an ever-increasing digital footprint and a digital life that’s getting more complex, it’s more important than ever to take steps to secure your data. Simple steps such as ensuring that you’re using strong passwords or that your apps are up to date are often overlooked. To help you stay secure and protect your digital IDs, we’ve created this simplified cybersecurity best practices checklist that you can follow to stay protected from the bulk of online attacks.

1. Update everything

The single most important step you can take to ensure your safety online is ensuring that your operating system — be it Windows or iOS — is fully updated to the latest version. The same applies to the apps and browsers that you’re using.

Your data and/or device can get exposed to attack in several ways that you could never anticipate, but keeping your operating system and apps up to date will go a long way towards mitigating many threats and minimising the damage an attack might cause. Vulnerabilities are identified and patched all the time, and having the latest updates ensures that you have the latest patches.

2. Better password management

The next thing you need to do is sort through your passwords. If you use Chrome or Android, you need to open the Google Password Manager, while you can use the Passwords app on macOS or iOS devices. These services will automatically conduct a security audit for you and will flag passwords that have been compromised, reused, or generally unsafe.

ALSO READ: Why passwords may soon be a thing of the past

Follow the guidelines prescribed in these audits to replace all compromised or weakened logins with stronger ones. We’d also strongly suggest you use a password manager to generate strong passwords and to manage your existing passwords going forward.

3. Use 2FA

Two-Factor-Authentication or 2FA is an added security layer that makes it much harder for an attacker to compromise your online accounts. When 2FA is enabled, every login attempt will need to be authenticated by a secondary key. This key may be sent to you via SMS, email, a dedicated app like Google Authenticator, or maybe even a dedicated hardware key like a Yubi key. We’d recommend avoiding SMS-based 2FA if possible as it’s relatively unsafe. That said, SMS-based 2FA is still better than no 2FA.

4. Avoid getting phished

Phishing attacks are a means by which hackers attempt to steal your usernames and passwords. This is usually done by sending a fake email or SMS pretending to be, say, PayPal, and asking you to login via a link in the message. Never click on links sent via email, SMS, WhatsApp, or any other source unless you literally have no other option. 

If you have to click on such a message, or do so accidentally, avoid entering any personal information into any form that might pop up. If, for example, you’re getting a link saying your PayPal account needs to be updated, go to your browser and head to the official PayPal website rather than via a link in the message.

ALSO READ: Best practices for smartphone security: Here’s how to protect your data

Phishing messages are also sent from email IDs or numbers that attempt to look genuine. A close read of the message for typos, and the email ID for irregularities is a good way to spot a phishing message. Whatever the case, we’d like to reiterate that you should not, unless it’s totally unavoidable, click on a link sent to you online.

5. Avoid public Wi-Fi

Public or free Wi-Fi is very tempting to use when it’s available, but do remember that it’s very easy to create a free Wi-Fi hotspot, and you’ll never know if you’ve connected to one created by a hacker. Connecting to such networks will allow hackers to follow your movements online and steal data such as cookies and login details to compromise your accounts.

ALSO READ: Android’s new security features make your phone hard to steal

If you must use public Wi-Fi, consider keeping a VPN enabled at all times. Also, avoid logging in to sites or apps to avoid giving away critical information.

6. Double-check app permissions

Another step you can take to protect yourself online is to double-check all app permissions. Android and iOS do a very decent job of informing you about the level of access apps have to your data, and reviewing these permissions from time to time is a good way to ensure that there aren’t any rogue apps on your system that are quietly stealing sensitive data.

While the above list isn’t comprehensive, and it can’t be without a thorough understanding of your digital footprint, think of it as a cybersecurity audit and checklist that will mitigate most common attacks that hackers might use.