The last few years have seen a massive jump in the frequency of reports about digital security breaches and personal privacy issues, and no doubt this trend will continue. We hear about scammers moving to social media, nations using cyberattacks as part of coordinated offensive strategies, and the rise of companies making millions tracking our online behavior.
Feeling apathetic about these events is all too easy, but you can do a great deal to improve your online security so that when you are caught up by a security event, you can mitigate the risk to yourself and quickly protect yourself from further risk. Security consciousness is surprisingly easy to learn, and many open source projects exist that can help you.
The point of security isn’t to turn your computer into a virtual Fort Knox, but to make accessing your data a big enough task that attackers will move on to easier targets.
Get a password manager
In a world where almost every site you visit has a username and password requirement, most people are suffering from password fatigue and have developed complex systems to create and remember usernames and passwords (or have given up entirely and just use the same username and password everywhere). Password managers are the solution to this issue, and I don’t know a single security professional that doesn’t use them. Also, they are surprisingly easy to set up and use.
For those who have not encountered one before, a password manager is software that acts like a digital vault for information, storing it in an encrypted environment. You create a master password, which is a single, strong password that protects access to a vault containing your collection of other username and passwords. Often password managers will auto-input stored passwords when you connect to a known site, generate strong passwords, and allow you to store other information.
A good number of password managers are available, and many of them are FOSS solutions. I have personal experience with KeePass on Windows and KeePassX on Linux and MacOS, and I recommend them as a good place to start. (Here are three more open source password managers you might like to try.)
However, each person should choose the best solution his or her situation. Some password managers have cloud storage in addition to local storage, which can be useful if you use multiple devices. More popular managers are more likely to be maintained and receive regular security updates. Some password managers have 2FA integration, which I would highly recommend you enable along with any other account you have that incorporates it.
Most password managers do not have a facility to recover forgotten master passwords. Choose wisely and make sure it’s something you can or will remember.
Use a VPN to improve security on shared networks
Virtual private networks (VPNs) allow your computer to send and receive data over a shared network as if it was communicating directly with a server on a private network through end-to-end encryption.
You may be familiar with the process from connecting to your corporate intranet while working away from the office. While using a VPN that is connected to a public network at a cafe or hotel will protect you from others on the public network seeing your traffic, it does not stop your VPN provider from seeing that traffic, and disreputable providers have been known to collect and sell data. A VPN provider may also receive pressure from governments or law enforcement to pass on information about the data that you have sent over their network. For this reason, remember that VPNs do not protect if you are carrying out illicit activities.
When choosing a VPN provider, consider which country it operates from because these are the laws it will be bound by, and even the most innocuous of activities might land you in hot water.
OpenVPN is a free and open source VPN protocol that is available on most platforms and has become one of the most widely used VPNs. You can even host your own OpenVPN server—just be careful to implement it securely. If you would prefer to use a VPN service, remember that many reputable providers want your business.
Some charge a fee, like ExpressVPN, NordVPN, or AirVPN. Some providers offer free services; however, I would strongly recommend that you do not use them. Remember, when you aren’t paying for the service, your data is the product.
Browser extensions are your friend
While Internet browsers have some built-in security tools, extensions are a great way to increase both your privacy and security. There’s a huge variety of them though, so which extensions are the right ones for you? This probably depends on what you use the Internet for primarily and how tech savvy you are. As a baseline, I would use the following extensions: