Site icon trendblog.net

A Complete TrendBlog Guide On How To NOT Get Hacked

not get hacked

It’s impossible to watch the news these days without hearing about hackers breaking into another corporate database, and making off with sensitive user information. It might feel to people that the Internet is becoming the Wild Wild West, where danger lurks on every corner and it isn’t safe to do anything online. But as I keep saying to everyone, being online is the same as being offline – you are safe as long as you take the proper precautions and not take any unnecessary risks.

I mean, would you go outside without locking your door and closing your windows? Would you walk around with a thick wad of banknotes in your shirt pocket? Would you walk down a dark alley at night wearing expensive clothes and a gold Rolex? No of course not, because common sense dictates otherwise. It’s the same with being online. Use your common sense, don’t be reckless with an “it will never happen to me” attitude, and you will be absolutely fine.

How NOT To Get Hacked – Courtesy Of TrendBlog

So if you are nervous about getting hacked, carry out the following options to lessen your chances. It would be disingenuous of me to say that this will GUARANTEE your safety from hackers, because there are no guarantees in life. But the following suggestions will definitely lessen the chance of it happening.

Use a Password Manager

The first lesson of computer security is ALWAYS good passwords. Unfortunately, not many people heed that advice. They may hear it, but then they say “meh” and switch their minds to something else. These are the people most likely to get hacked. The ones whose password is one of the following :

You will have heard this before, but it is always worth repeating. You MUST have a password which :

Some other password tips :

The main thing to remember is to use a password manager. I just told you that you shouldn’t use the same password more than once and that @D@6ThkL#<AqQ+53DvJmM_1Wx is really cool. But now you’re thinking “how am I supposed to remember a password like THAT?! 12345 is MUCH easier to remember!”. The solution is to use a password manager.

If you are not familiar with them, a password manager is an encrypted database, protected by a master password which is unrecoverable. So if you forget the master password, then you have lost the lot. The master password should be very difficult for someone else to figure out (and obviously don’t share the password with anyone).

Remember, this is the online equivalent of your front door key. Put a simple lock on it and someone can do the online equivalent of kicking the door down. Don’t do simple locks. Make that door cast-iron and impossible to break down.

There are quite a few password managers out there. Everyone seems to go crazy about LastPass, but to be frank, it didn’t exactly wow me when I tried it. I much prefer KeePass. It’s free (always good in my book), simple to use (even better), and it’s open-source (so the source code can be freely inspected).

I place the KeePass database in my Dropbox folder, so any changes are automatically synced across all my computers, smartphone, and tablet. There is also a portable version for Windows so you can carry it about on a USB stick. For Mac, Linux, Android, and iOS, there are various versions of KeePass, which are all compatible with one another. The program I use is called KeePassX (essentially the same thing). You can see the full list of KeePass versions by going here.

Use An 2-Factor Authenticator App, NOT SMS Messages With PIN Codes

As well as a kick-ass password, you also need to enable 2-Factor Authentication, also known as 2-Step Authentication or Multi-Factor Authentication (if the website in question supports it – more are getting on board all the time). All the major email services are on board, as well as big names such as Facebook, Twitter, Paypal, LinkedIn, WordPress, and more. You can even add it to your self-hosted WordPress site login page (see my website login page to see the Google Authenticator box).

2-Factor Authentication is not used by that many people, as there is the mistaken impression that it is “too technical”. But it is very simple to use (I will write a separate article on this subject very soon). To put it simply, 2FA is a second layer of defense, a second password if you will. Once you enter your regular password, 2FA ensures that a second layer of authorization is required before access is granted to the account.

This can take the form of many things. The usual method is an authenticator app such as Google Authenticator (there are others, but being naturally suspicious, I don’t trust them). You can also have the website send a SMS to your phone or you can use a U2F Security Key (this is the one I use). I like the security key, and the SMS message method is fine in a pinch.

I wouldn’t recommend the SMS message option as your default option though. Simply because some hackers are able to spoof your mobile phone number and intercept the SMS message. I admit to not knowing so much about this, but it has generally been accepted by many security experts that SMS codes are not secure in the slightest. You can mitigate the risk to a certain degree by not publicising your mobile number online.

So back to the authenticator app. I will cover this in more detail in my Two-Factor Authentication article out hopefully later this week, but suffice to say, here is the link for Android and iOS, and in the website you want to switch it on for, go to the settings and look for the 2FA setting (again, assuming they support it). My next article will go much more into detail on this subject.

In the meantime, here’s a nice man from Google explaining it to you (although, being 6 years old, it IS rather dated).

Use a Virtual Private Network Or Force-Encrypt All URLs

I make it a rule never to use open public wi-fi networks. I like free as much as the next person, but sometimes, free isn’t that good. In the case of wi-fi, that means some rather devious individuals using “sniffing” software to monitor unencrypted traffic for usernames and passwords.

Lifehacker has a superb rundown on the subject. I hate to link to a rival but I am not an expert in this topic AT ALL, but you DO need to know the basics of how network sniffing works. But before you start panicking about how you used your Starbucks wi-fi this morning to check your email, let me point out two methods you can use to defeat network sniffers.

The first is to use a browser extension, developed by the Electronic Frontier Foundation, called HTTPS Everywhere. It is available for Firefox, Chrome, Opera, and Android. As the name implies, it forces all sites you visit to go to the encrypted HTTPS version. This makes it impossible for a network sniffer to view the login details you enter into a site, as well as financial information such as credit card details.

To give yourself even more privacy, use Surfshark Virtual Private Network (which we will also be covering in more detail in an upcoming article). This hides your IP address and reroutes all your web traffic through the servers of the VPN company. You can make it look as if you are in another country, and the VPN company keeps no user logs whatsoever to guarantee your privacy.

The upshot is that if a hacker cannot get your IP address, they will find it extremely difficult to break into your computer.

There are many VPN services, some good, some bad (and we will compare them in the upcoming article). But here at Trendblog, we highly recommend Tunnelbear for its ease of use. There is a free version, but you are severely limited as to bandwidth. Paying $5 per month removes all the restrictions.

Set Up a Firewall, Virus Checker, & Malware Checker

To use the metaphor of the house again, now that you have your cast-iron impregnable door installed, how about now building a very high wall around the house? That high wall will help to keep the intruders out. Well, the online equivalent of that high wall is a firewall.

Firewalls can be rather difficult to set up to begin with, as all incoming and outgoing web traffic is stopped, and you have to make “rules” for each one. But in the long run, it is well worth it. macOS users have a firewall automatically installed on their system (go to the “security” section in “settings” and switch it on), and it is easy to use. For Windows users, there is also a built-in one, but it seems to have a bit of a bad reputation. Two better alternatives are Comodo and ZoneAlarm.

And I cannot emphasize enough – scan your computer constantly (once a day is ideal), and always do a full scan (not the quickie version). And make sure the programs are always up-to-date. The security companies behind these programs are ALWAYS pushing out new virus definition updates.

To make sure a hacker has not already planted a virus in your system, you should also be continually scanning for viruses and malware. For this, a good antivirus scanner is AVG and a good malware scanner is MalwareBytes.

Check URL’s & Files Before Clicking On Them

When Hilary Clinton’s campaign emails were hacked last year, along with those of the Democratic Party, it turned out that they got access to the emails when Clinton’s campaign manager, John Podesta, was fooled by a phishing attack (pronounced “fishing”). This is when someone is duped into thinking an email is genuine when in fact it is not.

How many emails are currently in your spam folder, claiming to be from eBay, or Paypal, or Amazon? They will all attempt to look like real emails from these places, and they will ALL tell you that your details have been compromized, necessitating a password reset. And since they are such nice helpful people, here’s a password reset link for you to click on.

But that’s the rub. Podesta fell for the old password reset trick. Little did he know that he had just changed the password not on the real email service website, but on the hacker’s version of the site. Now the hackers had his new password. They could now log in and read all his emails (and download them) at leisure. The rest is history.

So some tips here :

The same goes for files. You should be very leery of downloading anything, as there could be a virus hiding inside the file.

Shut Down All Inactive & Unneeded Online Accounts

As I said in the password section, once a hacker has your login details for one site, they will start to see what other sites you are on to see if the same login details work there too. As well as not reusing passwords, you should also shut down all online accounts you no longer need. This will reduce the chance that a hacker will access any of your sensitive information in an inactive account.

A lot of places make it extremely hard to shut down an account, some even impossible (Account Killer can tell you the degree of difficulty). But most provide a way to close the account. Just go to the settings and root around.

Conclusion

As I said, the above tips do not guarantee you would never be hacked, but they do make it harder for outlaws to gain access. But there is a school of thought that says that if you are not a famous personality, your chances of getting hacked is slim anyway. If that is true, why has there been 49,005 illegal attempts to break into my WordPress website?

What security measures do you take to reduce the chances of being hacked? Let us know in the comments.

Exit mobile version