Seven hints to stay safe online

The Web and social networking are part of daily life, so it is important to learn to use them safely and securely.

There have been a number of attacks recently against high-profile social networking accounts -- French President Sarkozy, teen pop star Selena Gomez, and even social network wunderkind and Facebook founder Mark Zuckerberg have all fallen prey. Web surfing and social networking are here to stay, so the trick is figuring out how to protect your computer and your personal information while you're online.

A McAfee spokesperson e-mailed me a list of online security practices recommended by McAfee. Here is an overview of seven steps you can take to secure your online activities:

1. Update your browser. Newer browsers have better security controls and protection than older browsers. Make sure you are using the latest version of your Web browser of choice to take advantage of features like phishing filters that can protect you from attacks.

2. Do it in private. Public Wi-Fi hotspots like those at McDonald's or Starbucks are very convenient, but they are also -- in a nutshell -- insecure. There is typically no security or encryption enabled which means that anyone within range of your wireless connection can potentially intercept your data, including any account numbers or passwords you might type in.

In general, you should stick to reading the news and weather at public hotspots, and avoid ever typing any username, password, or other account data that should be kept private. If you absolutely must log in to Facebook, at least use the new security setting that uses HTTPS to set up a secure, encrypted connection with the social networking site.

3. Keep 'em guessing. Your username and password should be different for each site. Yes, that is more tedious and cumbersome for you to try and remember what your credentials are for each site, but it means that an attacker who compromises your Twitter account will only compromise your Twitter account, rather than having the master key that grants access to every site and service you use on the Web.

4. Double-check the domain. Before you start typing in sensitive information like your password or account number, take a peek at the address bar just to make sure that the site you are logging into is the legitimate site, hosted from the correct domain.

While you might think you are logging in to, attackers will often create a realistic-looking malicious spoof site with a domain like, or The bottom line is that the end is the only part that matters. If it says, the real domain is simply "" and the rest are simply subdomains created to distract and confuse you.

5. Suspicious messages are suspicious for a reason. Have you ever received an e-mail, or a private Facebook message from someone you know -- but who almost never contacts you? Did it seem odd that after months or years or no communication, this person sent you a message out of the blue simply saying "Is this you in this video? LOL.", accompanied by a URL-shortened link to some unknown destination? Did it seem suspicious and make you think twice about clicking the link? It should have. If it seems suspicious -- at all -- assume that it is malicious and just delete it. If you are concerned that it might be important, then contact the alleged sender directly to make sure it is legitimate.

6. Clear history and log out. If you use a public PC, like at a library or a hotel lobby, to do any Web surfing, make sure you erase your tracks before you leave. You should use the anonymous or private browsing mode of the browser if there is one available. When you are done, you should go into the properties for the Web browser and erase the history and cache to remove traces of your Web-surfing activities.

You also need to make sure you manually log out of sites you log into. Just because you shut down the browser window doesn't necessarily mean you are logged out of the site. Whether intentional or pure accident, the next user of that same PC may find that your account is still actively logged in, granting complete access to a stranger.

7. Protect your PC. It wouldn't be a list of recommended security best practices without a reminder to properly protect the PC. You should have some sort of security suite, or collection of tools, providing personal firewall security and protection against viruses, spyware, phishing attacks, and other malware. As important as installing the protection is, it is more important to make sure the tools are frequently updated. Security software is typically only as secure as its last update. As new threats emerge, security software may be unable to detect or defend against them without the current update data.

There you have it. None of it is rocket science. In fact, most of it is simple, common sense. The dirty secret about PC and online security is that it is 90 per cent common sense and healthy skepticism. The security software just helps guard against the other 10 per cent.

Join the CSO newsletter!

Error: Please check your email address.

Tags online securityInternet-based applications and servicesspamantispamvirusessecuritysocial networkingphishinginternetmalwareFacebook

More about DLPFacebookIPSLPMcAfee AustraliaMcDonald'sStarbucksWeb Security

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place