Whether you're buying things online, posting on social media or just reading your emails, there are potential traps at every turn. It's all too easy to fall victim to a scam or use the same username and password for every website. In this guide, we'll explain the risks and how to mitigate them.
So here are six ways to stay safe online.
1. Use a password manager
This is always a bugbear for people, as trying to come up with a strong password for all the various sites you use is pretty much impossible, and that’s before you have to remember them all.
The wrong approach is to use the same, easy-to-remember details for each and every site. The trouble with this is that, if one website is hacked and your details are compromised, anyone having access to those details will likely try them on all the popular sites and services online to see if they work. And - of course - they will.
Fortunately, there is a solution: a password manager. There are lots to choose between, but we'd recommend taking a look at LastPass. It stores all of your usernames and passwords in one place, allowing you to access them with a single master password.
You can download it as a browser extension, so whenever you’re browsing the web it will auto-fill your details when you visit a website. It works on Chrome, Firefox and Opera, among other web browsers.
If handing over all your details to an app and storing them in one place worries you, then know that LastPass encrypts all your data in the cloud and even the staff cannot access it. It does mean you will also lose access to your passwords if you forget that master password, but since it's the only one you need to remember, it shouldn't be too difficult.
This will log you in, and give you access to your passwords for everything else – LastPass will even automatically generate passwords for your applications, long strings of numbers and letters that make them that much harder to break.
2. Enable two-step verification (2FA)
Lots of services including Google, Facebook, Twitter, Nest and others now encourage you to add a second layer of security called two-step verification or two-factor authentication.
What it means is that when you log in with your username and password as usual, you will be prompted to enter a second code which is typically sent to your phone. Only upon entering this code will you be granted access to your account. It's similar to the way that most online banking is done by requiring multiple security questions.
But unlike predetermined answers to questions, two-factor authentication uses randomly generated codes. This means that even if your password is compromised, your account still can’t be accessed since the person won't be able to get that second code.
3. Watch out for common scams
We've put together a list of known scams to avoid in the UK, but here we can summarise and say: if it sounds too good to be true, it almost certainly is.
Ignore emails that promise to deposit money in your bank account
Don't open attachments unless you have up to date antivirus software installed (even if you trust the sender)
Don't click on links in emails unless you are sure they are safe. If in doubt, type the website in manually and then log into any associated account
Don't give out passwords, payment details or any other personal information to a cold caller
Don't allow anyone to remotely connect to your computer or install any software on it
One really important thing to note is that companies will never ask you to give your full password on the phone or over email. Err on the side of caution and don't be too trusting. Scammers are becoming more sophisticated and go as far as creating identical replicas of websites - especially banking sites - to fool you into entering your login details. Always check the website address at the top of your web browser to make sure you're on the genuine site and make sure it begins with https: (not just http:).
4. Use a VPN
A VPN (virtual private network) creates a barrier between your data and the wider internet. Using a VPN means that no one can see what you’re doing online, nor can they see or access any data you send to a website, such as login and payment details.
While VPNs were originally much more commonplace in the business world, they have become increasingly popular for personal anonymity and privacy online. With news coming out that certain ISPs are selling their users' browsing data, a VPN will ensure that no one knows what you’re doing or what you’re looking at.
5. Don't overshare on social media
When you post on Facebook, Twitter or any other social site, you should be aware of who can see what you're posting. Many of these sites offer no real privacy: anyone can see what you've written and the photos you've posted.
Facebook is a bit different, but you should check your privacy settings to find out who can see what you post. Ideally you should set it so only 'Friends' can see your stuff, not 'Friends of Friends' or - worse 'Everyone'.
Avoid announcing that you're off on holiday for a fortnight, or posting selfies by the pool. Save this info for when you get back so people aren't aware your house will be unoccupied.
We've got other security tips for holidaymakers, too.
6. Run antivirus software
One of the most important components of your security is antivirus software. Every PC you use should have up-to-date antivirus installed, as it is your first line of defence in protecting you against malicious software (otherwise known as malware) that attempts to infect your computer.
Malware can be attempting to do a number of different things including locking up your files in an attempt to get you to pay a ransom, to using the resources on your machine to mine cryptocurrency for someone else or to steal your financial details.
If you don't have it, be sure to take a look at our recommendations of the best antivirus software.
Following the steps above will go a long way to ensure you stay safe online. With safe passwords, a VPN set up and proper anti-virus protection – you are much, much less likely to have your identity stolen, your bank accounts emptied and your computer data compromised.