Get Premium
Dark mode theme is available exclusively for premium users. Learn more about the benefits of subscribing.
No fees, cancel anytime.
Dark Mode 
No fees, cancel anytime 
then open in external browser
and click "Open in External Browser" 
21 Cybersecurity Tips Coming From Netizens That You May Want To Incorporate In Your Daily Online Life
Interview With ExpertSponsored by
Once upon a time, in the ages that were sometimes called the “good old days,” it would have been considered a leak of personal data if, let’s say, you accidentally lost your passport or checkbook on the street. But now it’s 2024, our lives have long and firmly moved online, and the internet is no longer the serene paradise lagoon it was decades ago...
There is no doubt that cyber security is a proper and necessary thing, but, like any sphere of human activity, it has managed to acquire so many rumors, myths and recommendations that it is difficult to distinguish the truth from the fake, and current useful advice from the already outdated. However, people are trying. Like, for example, in this wholesome thread on the AskReddit community.
More info: Reddit
This post may include affiliate links.
#1
Read before you click. Think before you click. Beware of common threats.
You are your own best antivirus. You are the weakest link in your cybersecurity.
Nilsen 1 year ago
The weakest link in computer security is placed between the keyboard and the chair....
GraphicHealer 1 year ago
PEBKAC - Problem Exists Between Keyboard And Chair. I work in IT, and learned this from my first boss, may he rest in peace.
Load More Replies...
Graham_Illegal 1 year ago
Digital media studies should be considered as essential in education as reading, writing, and basic math, for several reasons including this one ☝️ In a world where we can hardly avoid using online services, it is crucial to be prepared for them, much like we prepare our kids to handle numbers and text.
Edelgunde Winterhuber 1 year ago
Immediately after installing the operating system and programs, create an image of the computer system. I currently use Hasleo Backup Suite for this, which is free and, above all, relatively uncomplicated. System images are extremely helpful if you do catch a virus despite taking precautions. If you want to install additional software, first restore the last image before installing it. Then create a new image. Of course, do not save important data on the system partition, otherwise the data saved after creating an image will be lost when the image is restored In any case, it is recommended to make regular backups of all important data.
Mustafa Kiziroğlu 1 year ago
Read it when Windows tries to warn you. Ask someone if you don't understand. Don't click OK if you don't get what that text means.
RELATED:
#2
Don't reuse passwords and change them often. If one site is breached, if your accounts are associated with your email address, then they all are.
Edited by writer to insert a comment from Aleksandr Valentij, Cyber Security Lead at Surfshark:
"Frequent password rotation isn’t a good idea and is already not recommended by the NIST organization and the InfoSec community overall. At the end of the day, it’s a counterproductive practice with dubious benefits. When a user has a lot of accounts and has to rotate passwords, they end up using weak passwords because of the lack of imagination.
"A better piece of advice is to use password managers and generate longer than 12-14 character passwords unique to each protected resource. Also, necessarily use 2-factor authentication (2FA) wherever possible. Protecting an account with a password only in 2024 - not a good idea. For especially sensitive accounts, physical security keys are recommended such as Yubikey, Google Titan, Thetis, Feitian, SoloKeys, etc."
The Idaho Potato 1 year ago
What about password managers that autochange your passwords for you?
WindySwede 1 year ago
What about 'hardware authentication device' like YubiKey?
Load More Replies...
Trophy Husband 1 year ago
My standard is 128 character passwords, automatically generated by my password manager. I go short (like 20 characters) on things I may need to type on my TV (think Disney Plus) and really short when a store requires it. I have a bank that only supports 10 characters!
WindySwede 1 year ago
We have a (constantly changing) qr-ish code we scan with app. The app is authorised fir just me on that device. Then a personal code. One way, but are some more. But never just a set password.
Load More Replies...
Ken Beattie 1 year ago
I use the same password for low value sites. ie: sites that don't have an personal or financial information. If someone really wants to pretend to me on 6 different discussion forums I don't give a damn. But I'd always use unique passwords for bank, email, shopping sites etc. I'd even use different emails for some of them, emails that I don't use for anything else.
Mustafa Kiziroğlu 1 year ago
Any moderately well designed system keeps passwords as one-way hashes and uses additional safety, known as salting. This means, even if the site is breached, the password you chose cannot be used for any of your other accounts at somewhere else. I would still use a password manager which can also generate, like the one Google Chrome provides.
Rahul Pawa 1 year ago
While true, I wouldn't count on any particular website to be "moderately well designed." Many websites don't meet this standard and a user has no way of knowing which ones. Telling someone this is counterproductive because it gives a false sense of security.
Load More Replies...
Janissary35680 1 year ago
Devise an algorithm to generate a unique password for each website/service using the name as input. Remember the algorithm and don't tell anyone what it is. Problem solved.
Rahul Pawa 1 year ago
This is simultaneously the best and least helpful advice about passwords I've read.
Load More Replies...Do you know what's the saddest thing about all this? Many years ago, the great sci-fi writer Arthur C. Clarke claimed that "Any sufficiently advanced technology is indistinguishable from magic," and today it's damn true. In fact, much of what is available to us today through a variety of online services may seem fantastic and magical - but people are improving them not only for good, but also for evil.
According to a report published by the Identity Theft Resource Center (ITRC), in 2022 there were 1,774 data breaches all over the U.S. with over 442M total victims. This is only slightly less than the “record” figure of 1862 cases registered in 2021, but the main problem with these data breaches is that you may not even notice that you’ve become a victim. And, accordingly, the consequences can be felt months or even years later.
ITRC is, of course, not the only resource that collects such data. Cyber security companies are doing their own analysis, and these numbers are no less troubling. For example, only in the third quarter of 2023, according to a study conducted by Surfshark, one of the world's leading companies in the field of cyber security, the United States held the sad “primacy” in the number of breached accounts with 2.767B.
Thus, there were 816 breaches per 100 people only in the U.S. On a global scale, Surfshark research shows us that since 2004, a total of 16.6B accounts have been breached, and approximately 6.0B of them have unique email addresses. In other words, for example, a single email account is breached around 3 times.
#3
If your url says https://, the websites secure, if it’s http://, it’s not secure. Don’t put any personal information into an insecure website
Edited by writer to insert a comment from Aleksandr Valentij, Cyber Security Lead at Surfshark:
"I don’t want to scare you too much and cause paranoia, but that "padlock" SSL certificate can be bought for as little as $9 and added to any malicious website. So just that the HTTPS lock exists doesn’t guarantee a web resource’s safety all on its own. It just shows that data coming your way will be encrypted. There’s no difference whether you’ll get a virus from an encrypted channel or not.
So you shouldn’t relax just yet, but you should click on that "lock" to examine the certificate - who was it given to, are the recipient of the certificate and the website name identical, etc. But yes, the general rule is that HTTP is totally trash and you should by no means give your sensitive info (for example login/password) to a website with a bare HTTP."
Rostit.. . 1 year ago
Most of not all modern browsers automatically request https. They will reject or warn you if it's http only. This happened a few years ago.
Robert T 1 year ago
It doesn't even cost $9. You can get them for free from Let's Encrypt. You need to know a little about who issues what and what processes they use to verify the site before you can make any judgement on the likely security of a site, which most normal people won't. HTTPS is only encrypted in transit. It says nothing whatsoever about what happens once the data reaches the server, how it will be stored, where else it will be sent etc. The push to HTTPS is somewhat annoying for small websites that don't store any details or have logins - not all ISPs allow free certificates, and it can dramatically increase the cost of hosting a personal website - I've just moved mine so that I can use a free certificate, as the ISP wanted more than the annual hosting cost for one!
cugel. 1 year ago
Exactly. Google started "threatening" non-https websites, I so had to implement it for my website. Didn't know what it was, didn't care. But luckily free.
Load More Replies... #4
Make certain to have your important stuff offline backed up, totally isolated from the net. Worms, virusses, ransomware can hit online but just wipe the lot and give them the finger. Reload and be more careful.
Edited by writer to insert a comment from Aleksandr Valentij, Cyber Security Lead at Surfshark:
"It’s also advisable to encrypt those backups or store them in a drive with a physical encryption, such as disks with PIN code buttons or fingerprint protection."
Tams21 1 year ago
I was taught that if a digital file doesn't have at least three copies then it doesn't really exist. Granted this was in the days of unreliable floppy disks (and the rule saved my a*s a number of times in uni) but it's still better to go ott than to lose something important.
Ken Beattie 1 year ago
It's not a bad rule. I pulled out an old backup drive (Hard disk) I hadn't needed for a couple years. It won't even spin anymore. CDs and DVDs have a life span and can "rot" if they're cheap discs. Solid state drives need to be fired up occasionally or they risk losing data too. Even a RAID 10 array can fail if you get a power surge from a lightning strike. So yeah, multiple backups are good. And if it's super sensitive then offsite, or at minimum a backup needs to be in a fireproof safe.
Load More Replies...
IguanaStampede 1 year ago
If it's necessary to backup information on a drive offline, what is the purpose of cloud storage?
If we talk about the 1,774 data breaches that took place in 2022, according to the ITRC study, then in more than half of them, the name (1,560 cases) and full social security number (1,143) of the victims were revealed. Among another biggest compromises are date of birth (633), current home address (565), driver license and/or state ID number (499), medical history with all information about diagnoses and treatment (465), as well as bank account number (443). And it’s still surprising how often people continue to step on the same online rake.
It seems funny when, at the end of the first quarter of the 21st century, people still use passwords like 123456 or their own date of birth (we remind you - the third most common leaked information in data breaches), but the statistics are inexorable: the three largest common password practices among hacking victims in the U.S. in 2021, according to Statista data, were using a password more than once (89%), sharing personal passwords (74%) and using a password with less than 8 characters (61%). In other words, people simply don’t pay that much attention to cyber security, or even forget about it.
#5
VPNs and data encryption should be top priority for anyone starting online businesses or handling money in general on the internet
Mat Hall 1 year ago
Assuming you're connected to a "secure" website and are using an encrypted WiFi or a wired connection, VPNs provide almost no additional security. They're great for getting round geofencing restrictions and maybe worth using on unencrypted WiFi connections if you're doing anything "serious", but for most people most of the time they offer zero benefit, and probably decrease your connection speed into the bargain.
Robert T 1 year ago
HTTPS should be adequate to keep prying eyes from the data. A VPN will also disguise which sites you are visiting, so making it harder for a hacker to create a suitable phish. If I am forced to use any public or hotel WiFi, I would use one. On my home broadband with WiFi that I control, I don't bother.
Load More Replies... You stole that from Robocop 1 year ago
The hilarious thing is that cloudflare blocks a lot of VPNs, so sites that are trying to protect themselves from DDOS attacks won't allow you to be secure.
Tiff Day 1 year ago
No nvps are a scam. They have a value of £1 and are sold at £100. All you need is windows security these days.
Ken Beattie 1 year ago
NVPs? Did you mean VPNs? If you live in Australia they're not. There are many sites banned at a national infrastructure level. Using a VPN allows access to them. We also have meta data collection for all internet traffic (yeah think about that one from a supposedly free and first world country). Using a VPN means they see that I went to VPN companies IP address and that's it. Not that I went to BoredPanda, or GreatBigBoobies.com or HowToMakeBombs.com.
Load More Replies... #6
Common sense. That big ugly yellow download button that obv doesn't look like it fits the theme of the website is not the download button.
Kevin Humble 1 year ago (edited)
Many years of looking for software etc has taught me - the big button is NEVER what you came to the site looking for ... you need to read the site and look for the link. However - people clicking these big buttons has kept me in beer for a good 2 decades.
Among the tips listed in this selection of ours, most of them are actually relevant today, although some ideas are repeated. The overall experience of surfing safely and avoiding unpleasant situations online, according to cyber security experts from Surfshark, can be summarized in ten basic tips:
- clear cookies after each browsing session
- use a password manager
- use two-factor authentication
- use an adblocker to stop malicious software
- use a VPN to protect your data
- use an antivirus
- make sure your browser is up to date
- enable private browsing or use a private browser
- use privacy search engines
- avoid HTTP websites.
#7
Older people are extremely susceptible to some of the better email scams like the ones telling you that you need to review something on your amazon or paypal accounts. It's best if there's a problem to just go to the website in their browser to see.
Silver5trike 1 year ago
Actually fun fact: rather than older people, it's actually younger people who have grown up online that fall prey to many cyber attacks because they are lulled into a false sense of security because they grew up there. I say this as a just turned adult who's studying IT.
Rostit.. . 1 year ago
As a 30+ year in the industry IT professional with multiple certs in cyber security, I'd like to see your sauce on that as it does not match up with the data I see.
Load More Replies... You stole that from Robocop 1 year ago
My 80 yo mum is generally pretty good and will phone me up or email me if she thinks it's off. However she's been stung twice by Google paid adverts, once when applying for a visa (Google advertising a 3rd party with a similar name that charged her for applying for a visa on her behalf) and a second time something similar, I think it was car registration or something.
Rostit.. . 1 year ago
Older people are more likely to use email. Younger people use chat apps for communication more than email. Younger people fall for phishing scams via chat apps links more often whereas older people who are retired spend more time in email where they will fall for phishing and refund scams.
#8
Deactivate or deleted old email accounts.
Shane S 1 year ago
In the process of doing this right now. The email I set up in 1998 was finally hacked by Chinese hackers and they sold the login info on the dark web. I am getting “unsuccessful login” notifications on an hourly basis from all over the world. It’s weird how sentimental you get over an email account.
It's no wonder that so much attention is paid to using a VPN - after all, it really allows you to avoid many problems. For example, I’m writing this text while sitting in a cafe with private Wi-Fi (well, there’s a sign with the password on the cafe wall, anyway...), so I turned on the VPN, and I can be relatively calm about the fact that that someone on the same network will have access to my laptop.
Basically, I could do the same thing using a free VPN service or maybe surfing with Tor browser, but the connection speed is still a game changer. Paid VPN services don’t cut down (or almost not cut down) on connection speed, so comfort plus security is something that I personally am willing to pay for.
#9
If you receive an email from Apple, PayPal, Amazon, etc. that you think be phishing; hit forward check the email address. It show the true the email address. If it looks different, forward to the real company's anti-fraud email. You phasing it by searching the company's name and report phishing ie Amazon report phishing.
Silver5trike 1 year ago
If you think that an email from a major company such as Amazon e.c.t, is a scam message, double check by clicking on the email to reveal its full form. Then check out that email either online or on the actual company's phishing alert to report it. Hope that helps!
Load More Replies...
Rostit.. . 1 year ago
Here is a far better option. Delete it. Call the company directly using a phone number on their public website. Not in the email. Don't trust PayPal invoices either. Basically unless you are expecting a bill whatever you get is almost always a scam.
#10
Don't use your debit card to buy online. If that gets compromised the money coming out is hard cash. If its a credit card it's on the credit card company to get their money back on fraud charges. This can take a long time.
Edited by writer to insert a comment from Aleksandr Valentij, Cyber Security Lead at Surfshark:
"It’s best to use single-use virtual cards for online purchases. For example, Revolut and other payment platforms have them."
Stary_cat 1 year ago
PayPal is also good as it’s not directly connected to a debit/credit card it goes to the money in the account not the card it’s self.
Robert T 1 year ago
Not necessarily. If it is linked to a card, and you don't have an account balance, then it goes straight off the card. However, Paypal have similar buyer protection to credit cards, so getting disputes resolved is a little easier.
Load More Replies...
Rostit.. . 1 year ago
Just use any of the myriad of digital cards. It's attached to your card but isn't your card. I use those.
You stole that from Robocop 1 year ago
PayPal every time, I'll actively reject sites that don't accept it. If I absolutely have to then I used a credit card (eg I've just bought some flights from an airline that doesn't accept PayPal).
Ken Beattie 1 year ago
Use a low limit card for "risky" transactions and keep your higher limit one offline. Or use a visa debit. Works like a credit card but can't be overdrawn. Simply put a minimal amount in that account (just enough for the purchase you want to make).
One of my favorite phrases regarding free services is “if you don’t pay for the product, then you are the product!” Well, of course, not you and me, but our personal data, our digital footprint, which is becoming larger over the years, and which various data brokers are willing to buy. By and large, almost all of this digital footprint can actually be deleted - although this will require a huge amount of time and effort. Much more than creating it...
“Completely wiping personal data from the network can be an uphill battle, given that once information is released or leaks onto the internet, it can quickly proliferate and scatter across countless platforms,” Aleksandr Valentij, Cyber Security Lead at Surfshark, whom Bored Panda asked for a comment here, agrees. “Bits of your digital footprint, including search history, passwords, and account information - every cookie you've ever clicked 'accept' for - are captured by data brokers.”
“These brokers diligently document your online activities, the pages you browse, and your preferences, repackaging this data to sell to interested third parties. However, there is a way to fight back. Incogni by Surfshark actively steps in on your behalf, engaging with these data brokers to advocate for the removal of your information, offering a layer of defense in the quest to reclaim your online privacy."
#11
If you post a picture outside or inside near a window or inside in a publicly accessible building, it doesn't matter what precautions you take, people can geolocate your ass and doxx where you were and thus where you probably are
Rostit.. . 1 year ago
It's virtually impossible to be online and anonymous. Granted I don't use a damn thing on bored panda that is attached to my real identity but I bet if someone really had no life and the time they could figure it out. I'm also fairly boring IRL so I don't really expect it. Oh yay you found a middle aged white guy. Good job Only way to be anonymous is to stay offline
Ken Beattie 1 year ago
While we're on the subject of photos you should really be checking the image metadata as well. Some modern cameras and phones will actually put lots of identifiable information in that. In some cases your name and gps location.
#12
The advice I usually give:
* As others have said,. safety and cyber-security needs to be in the forefront of your mind all the time. Every. Single. Thing. you do on a computer, you should be slowing down a little and asking "Why am I doing this thing?"... "Is it necessary?". ."Is it safe?"..
* Keep everything updated. Your OS, Browser, Apps, etc. Updates fix security holes. Don't be "that guy" who never updates anything. Including your Motherboard BIOS or other Firmware (such as your WiFi-Router or Modem Firmware). Any or all devices that you have that have some sort of "Check for Updates" button.. you should be checking and reading what the update fixes. You might be surprised at how deep down the Security fixes go. (Example:.. Dell Laptop BIOSes have had INTEL CPU Security fixes in them nearly every release for years now).
* Don't login with a Local Admin account. Create a different account (example,. you have a primary account named "asmith" and an Admin account named "asmith-admin" ... when you're logged on as "asmith" (that does NOT have Local Admin rights). .and you get a popup saying something wants Admin-Rights,.. review what that thing is (is it OK?).. and use your "asmith-admin" and password to allow it.
* Use common-sense and don't click on stupid s**t. Don't open unknown Emails. Don't surf dodgy or risky websites. Don't respond to unknown friend-requests or unexpected Messages. Etc (again--- Cybersecurity should be forefront in your mind. Any thing unexpected your computer does, you should be asking "Why is it asking me to do X_Y_Z thing?")
* Don't install more software than you have to. Keep things as "minimal" as you can. The more and more software you install,. the wider and more diverse your attack-surface becomes (and the more things you have to maintain and update). It's far better (from a security standpoint) to keep whatever system you're using as "factory-original" and "minimal" as possible. Install software if you need it.. but don't go overboard installing every little "helper-app" that every yahoo on the Internet forums says you "need". You likely don't.
* If you need to do risky things.. do it on a more secure OS (such as an iPad or Chromebook or read-only bootable Linux USB or something like that. Don't put your primary system at risk.
If you're doing all of the above.. then the necessity of running anti-malware of anti-virus is far far reduced. (note: I didn't say "eliminated entirely".. cause I know someone is going to complain or say I'm recommending to NOT run anti-virus. That's not what I'm saying). Anti-malware and Anti-virus programs should be 3rd or 4th or 5th down on your list of things that protect you.
If you're NOT doing the above things...installing Anti-Malware or Anti-Virus and expecting it to somehow "magically protect you" (from your own sloppy or lazy behavior).. is ridiculous and nonsensical.
Ken Beattie 1 year ago
I will say when it comes to firmware updates (even driver updates) be careful. They have been known to brick computers. I've had it happen once myself (complete fdisk, format and reinstall needed). If you see a firmware update that doesn't have "security fixes" mentioned and your PC is running fine you might be better leaving it alone.
Sans Serif 1 year ago
They also can be found updating your router. So, slow or not working at all?
Load More Replies...
The leader among the information that attackers obtain as a result of data breaches has been the user’s name for many years. Some netizens, if they still need to register on a site which security is in doubt, use an alternative identity. “Creating an alternate online identity through a proxy email can be immensely beneficial for safeguarding privacy, sidestepping unsolicited spam in your primary email, or delineating the boundaries between various faces of one's life - such as work, personal activities, or when participating in discussions around sensitive subjects,” Aleksandr Valentij says.
“With Surfshark's Alternative ID feature, you can establish a brand-new, distinct online persona complete with a proxy email. This allows you to protect your personal information, prevent data breaches, and keep your primary inbox free from clutter. Simply convey to us the specifics of the identity you wish to project, and we will curate a new profile, complete with an email address, ensuring your actual identity remains concealed.”
#13
-Use a password manager.
-Think before you click. (Did I hover the link to preview the URL? Is this REALLY a Nigerian prince?)
-2-Factor Authentication is your friend. Keep it simple with 1 platform if possible.
-Utilize browser add-ons and extensions to tailor your experience with ad/script blockers. Added benefit of privacy.
-Explore VPN options, for privacy's sake.
-Malware/virus protection.
Ken Beattie 1 year ago
If you're like many people and live in a home with people you trust then use a paper password manager ie: a notebook. It's actually more secure and not vulnerable to electronics failure (hard disk crashes and PW manager is gone). If you have kids then lock it in your fireproof safe (you should have one for important documents already!) or even a lockable desk drawer.
Admiralu 1 year ago
Top name password managers have offline access and work on phones, tablets and desktops. Your paper is the worst option. Thieves can crack most passwords in minutes. Password managers can generate complex passwords and many now handle 2 factor authentication as well.
Load More Replies... Rahul Pawa 1 year ago
Not sure about using those browser add-ons or extensions. Those could be insecure too.
You stole that from Robocop 1 year ago
I've got a Firewalla which can be arduous at times (my wife hates it) but it blocks a lot of c**p that Bitdefender misses.
#14
In email, especially at work, hover over a link and see the domain name makes sense before clicking. It should be your company's domain name or the domain name of the company you are working with.
I will literally not click on a link in an email from my bank or other financial institution if it is not a link directly to their domain. I stop doing business with banks that use a 3rd party domain for email links.
Robert T 1 year ago
This doesn't work if they have used an email shortening service. There are sites that will expand them for you so that you can see where they lead. Use "Copy Link Location" and paste it into one of these sites. If it doesn't look legit, don't click it.
Rostit.. . 1 year ago
There is no reason to use url shortening for legit emails. I tend to treat any url shorten as a potential grabify link
Load More Replies...In 2016, a photo of Mark Zuckerberg’s laptop with the camera taped over spread around the world, and many netizens rushed to follow his example. In fact, the creator of Facebook was largely right in his fears. "Unauthorized access to an individual's webcam can severely compromise their privacy. It enables attackers to covertly record personal images or videos, potentially leading to exploitation. This vulnerability can open the door to blackmail, stalking, sextortion or other malicious activities," Aleksandr Valentij states.
Well, today you can get by with software soultions instead of adhesive tape... "Surfshark Antivirus offers a layer of security by blocking camera access from all unauthorized applications, immediately alerting you to any failed access attempts. Furthermore, it provides robust protection for your device against malware by proactively scanning files before they are downloaded or opened, ensuring that no malicious elements breach your system," Aleksandr adds.
In other words, a VPN plus a few more additional services today can easily do the lion’s share of the security work for us.
#15
Don't download programs from sites you don't trust. Use app stores where possible.
Macs and Linux boxes are not immune to malware, do not treat them as such.
Use password managers where possible.
Use 2 Factor Authentication where possible. Avoid SMS-Based 2FA
If you download script files (eg: .bat, .ps1, .py), try to read it before running it. If you can't read it, see rule 1.
Watch what you click and exercise scepticism. No, there are probably not 36 model-looking singles in your area.
Edited by writer to insert a comment from Aleksandr Valentij, Cyber Security Lead at Surfshark:
To work out if your details have been stolen in breaches you can link this tool as well.
Me. Just Me. 1 year ago
Did anyone bother to tell banks not to use text messages for 2FA? Banks have among the worst security practices of any website. I have a harder time getting into my email than my bank sometimes!
You stole that from Robocop 1 year ago
Most major corporations have legacy systems that they're too lazy to upgrade and/or outsourced systems. It impacts their share price and dividends so they don't do it. Who cares if customers lose money, as long as they don't.
Load More Replies... Rahul Pawa 1 year ago (edited)
This sounds like you're saying Linux users are smarter than Windows/Mac users. Which is not helpful or relevant to the discussion, and insulting to many people. Edit: for anyone reading this, pebkac is an acronym for "Problem Exists Between Keyboard And Chair", i.e. user error.
Load More Replies...
#16
Password managers are extremely helpful, look for the little padlock in the URL bar so you know the site is secure, be very careful how much information you post on social media, have a firewall/internet security, use a VPN
Travelling Stranger 1 year ago
oh sweet consistency, a couple of entries before you put this: " "I don’t want to scare you too much and cause paranoia, but that "padlock" SSL certificate can be bought for as little as $9 and added to any malicious website. So just that the HTTPS lock exists doesn’t guarantee a web resource’s safety all on its own. " and now this..
Rostit.. . 1 year ago
That's not at all what an SSL is for. The only thing an SSL ever promised is that the server you expected is the one you are connected to. That's literally it. If you ever though it means more than that you need to read up.
Load More Replies... By the way, in addition to taking care of your online safety, VPNs have several other useful and pleasant features. For example, you can try to bypass geographic restrictions. Let's say, if you want to watch a show online that isn’t available in your region or country (and there are more and more such restrictions in the world...)
"If a user is facing geographic restrictions while attempting to watch a show online, employing a VPN is a common solution," Aleksandr Valentij says. “A reliable VPN service, such as Surfshark, can help in this scenario. When connected to a VPN, the user's internet traffic is rerouted through a server located in a country where the show is legally available, effectively changing the perceived location of the user. This process conceals the user’s actual IP address, making it seem as though they are accessing the content from within an unrestricted region.”
#18
You don't need to be a cyber security expert to know that you shouldn't pirate games and that you shouldn't run unknown programs as administrators
Corvus 1 year ago
"Pirated games contain malware" is just a myth designed to scare you away from... well... pirating games. But it's totally bogus. Yes, contaminated pirated copies of games do exist, but they are pretty rare. The majority of such releases are clean because the groups that release them actually care about their reputation and "prestige."
iseefractals 1 year ago
Virtual machines are your friend, bitdefender scan on EVERYTHING you download (or whatever flavor of Anti-virus/malware/ransome et al you prefer) buuuut....realistically, yeah most "pirated" releases, particularly games are 100% harmless. You're more likely to get something from a questionable torrent website, then an actual torrent download.
However, nobody’s perfect, and data leaks can always occur, no matter how prudent we are. In this case, it will be really critical to find out about the problem in a timely manner in order to take measures and minimize the damage. “Getting a fast and full alert if your personal data gets leaked is crucial. It lets you act quickly to protect your accounts by changing passwords and watching your bank activity to help prevent identity theft,” our expert is sure. “Surfshark's Alert service gives you instant warnings if your email ends up in a data breach, so you can take quick steps to keep your information safe.”
#19
Make sure you know who you are talking to online, what the security level is of what you are using to communicate, and keep an eye on your surroundings. "You are your own best antivirus, you are the weakest link in your cybersecurity."
#20
If you are going to enter sensitive information online close your webrowser and then go order pizza.
Each tab talks to your webrowser, if something malicious is going on a website can get your info from a different tab. Plus closing all tabs shuts down malicious cookies.
Edited by writer to insert a comment from Aleksandr Valentij, Cyber Security Lead at Surfshark:
"Closing all tabs doesn’t clear all malicious cookies unless you were browsing in incognito mode. For that, you need to clear the browser cache."
Robert T 1 year ago
There is a very very limited amount of info that can be passed between tabs, as funnily enough browser designers cottoned on to this some decades ago. And, no, closing a tab does NOT clear cookies. Incognito mode works by forgetting everything done in that tab when you close the tab by not persisting it on disk.
Rostit.. . 1 year ago
And incog is cached by Google. Unless you're using brave, you're being cached everywhere
Load More Replies... ƒιѕн 1 year ago
But... I have 48 tabs open in 4 different browser windows...Pizza sounds good let me open another tab and order one.
You stole that from Robocop 1 year ago
Oy, surfshark bloke, have a word with Cloudflare and tell them to stop blocking your VPN!
#21
Change passwords often. Store them in a file offline.
Learned this after the My Fitness Pal databreach.
Taibhse Sealgair 1 year ago (edited)
Passwords are tricky. The direction used to be don't write them down. Have mixes of characters. Change them often. Currently, password managers are favored. But things will change. People need to think more about Identities than Passwords. You should create multiple identities for online shopping vs online banking vs online social vs online personal. Separate emails, names, profiles, etc. You may need to be John Smith for your bank access, but you should have no problem being Jill Brown for other accounts. Segment your identities. Yes, you can write your ID/PWs down in an address book at home. Try and make the PWs unique to a site by doing something simple like adding an additional character or three that's part of the site URL. E.G. PW: SomethingSuperSecret_BP. See what I did there?
Admiralu 1 year ago
Try Cloaked. Allows you to create separate identities and manage them. Cool service. Search for Cloaked app.
Load More Replies... ofcrjackson 1 year ago
I have a tiny password book in my bag, and I write my passwords in a code I created for myself years ago.
Me. Just Me. 1 year ago
You do not need to change your passwords frequently. Repeat. You do not need to change your passwords frequently. This is very outdated advice. Also, no password record keeping is impenetrable. Writing them down and storing them somewhere means you yourself could misplace them, and if someone ever found them and did not have your interest at heart... Relying on your memory means you are bound to duplicate passwords, and if they are easy enough to remember, they are easy enough to brute force. Remember that someone trying to hack your password isn't sitting behind a computer typing this stuff in. They are literally using farms of processing power to brute force. Use a password manager to generate highly secure, 20-character passwords you don't have to remember, and don't share the password to the password manager with anyone. I mean anyone.
Ken Beattie 1 year ago
The difference with writing them down though is the bad actor needs to have physical access to your house (or bag if you keep a notepad in your bag). If someone has broken into your house they can force you to tell a password.
Load More Replies... Stary_cat 1 year ago
Best thing to do is store them in a book and hide the book just in case, it’s good for people who forget passwords
Load More Replies...
And now - probably the main and most wholesome piece of advice. Do you know where the main element of my, your and any person’s cyber security is located? Yes - in our heads. In fact, no matter how many cool services we buy, no matter how many password managers we install - if we surf mindlessly, open any links and believe all the incoming emails - sooner or later our data will end up in the wrong hands.
So no service, even the most reliable and effective, is a panacea if it is not used wisely. An ancient Kodak advertising slogan was “You push the button, we do the rest!” When it comes to cyber security nowadays, it's critical that we don't press unnecessary buttons - and let dedicated, smart solutions do the rest for us.
What do you think ?
Rostit.. . 1 year ago
If anyone ever asks you for your phone number and then you get a six digit code and then that person asks for it as 'verification' they are trying to steal your account. It's a common Facebook marketplace scam as well as for Gmail/Google accounts.(and any other account). Never share a six digit code ever.
Shane S 1 year ago
I didn’t fall for this but I didn’t identify it at first either. He kept saying, “does this code look like yours? Send me a screenshot.” After I confirmed mine looked like that but refused to send a screenshot, he kept pushing. Then I realized what he was doing…
Load More Replies...
Shane S 1 year ago (edited)
In the online dating world, keep conversations on the app and resist moving to text too quickly. “I’m not on the app much. Want to text?” really means ‘I want your number to clone your phone and access your accounts via 2 Factor SMS’. I had a friend get extorted for $1000 to prevent the scammer from sending nudes to his Facebook contacts.
Šimon Špaček 1 year ago
Little bit weird, but for somebody useful. Have two computers. One for "real life" where you have your pictures and proper password manager and you access bank and one with basically no personal things. There you can go to shady places and if anything happens, just reinstall the system. Also, it is good to have an OS install flash drive and another flash drive with basic programs setup ready just in case. You can even write a short batch script to install those programs for you, just plug the drive in.
Rostit.. . 1 year ago
If anyone ever asks you for your phone number and then you get a six digit code and then that person asks for it as 'verification' they are trying to steal your account. It's a common Facebook marketplace scam as well as for Gmail/Google accounts.(and any other account). Never share a six digit code ever.
Shane S 1 year ago
I didn’t fall for this but I didn’t identify it at first either. He kept saying, “does this code look like yours? Send me a screenshot.” After I confirmed mine looked like that but refused to send a screenshot, he kept pushing. Then I realized what he was doing…
Load More Replies... Shane S 1 year ago (edited)
In the online dating world, keep conversations on the app and resist moving to text too quickly. “I’m not on the app much. Want to text?” really means ‘I want your number to clone your phone and access your accounts via 2 Factor SMS’. I had a friend get extorted for $1000 to prevent the scammer from sending nudes to his Facebook contacts.
Šimon Špaček 1 year ago
Little bit weird, but for somebody useful. Have two computers. One for "real life" where you have your pictures and proper password manager and you access bank and one with basically no personal things. There you can go to shady places and if anything happens, just reinstall the system. Also, it is good to have an OS install flash drive and another flash drive with basic programs setup ready just in case. You can even write a short batch script to install those programs for you, just plug the drive in.
Related on Bored Panda
