You can take a self-defense class to protect yourself from someone attacking you, but when it comes to your safety on the Internet, it's not so straightforward.
Given that online technology is always evolving, faceless criminals are constantly finding new ways to hack into your personal information — whether it's through free Wi-Fi hotspots or taking over your personal computer for ransom. This scary evolution has spawned Safer Internet Day, launched initially in Europe in 2004, in order to bring awareness about the issue.
In honor of the techy holiday, taking place Feb. 9 this year, Google is offering 2 gigabytes of free Google Drive space for users that complete a simple security audit of their accounts. And to celebrate on our end, TODAY decided to talk to one of the Internet giant's security experts to find out exactly what we should be doing to protect ourselves while surfing the Web.
From updating your passwords to understanding the meaning of common terms like "phishing," Mark Risher, head of product management, anti-spam and abuse, shared five tips to keep you safe on the Internet.
1. Software updates are your friend.
Google did some research last year comparing what security experts and non-experts do to stay safe online. Experts’ top tip was to keep their software updated. Surprised? Don’t be. "Companies are working faster than ever to fix security gaps as they pop up, but they only work if you upgrade," said Risher. "If your programs don’t update automatically, make sure you’re staying on top of this!"
2. Use encrypted websites.
You’ve probably heard about encryption, but don't necessarily know what it all means. "Encryption keeps your data private and secure — it’s the difference between sending a note in an envelope vs. on a postcard," said Risher. "Encryption helps ensure that the most important things you transmit across the Web — your credit card number while shopping, your Google account password, your family photos — can’t be intercepted by people or groups that shouldn’t see them." How can you tell if your site is encrypted? In Chrome, for example, you’ll see a green lock in the website address bar if your connection to a website is encrypted.
3. Lock down your account with a strong password.
We tend to think that hackers are whizzes at finding out all of our information, when it's actually a simply mistake we all make: reusing the same password on multiple sites. You don't have to be a memory champ to avoid this common mistake. Password managers like LastPass, 1Password and Dashlane can help keep you organized and secure by remembering your strong (think 50-character, symbol-ridden beast) password, and helping ensure you only enter them on legitimate sites. "Google Chrome even has one built right in," said Risher.
"You’ll also want to make sure that password isn’t something easy to guess," he added. "You’d be surprised how many people use passwords like “passw0rd” or “123456” — don’t do that!"
4. Watch out for phishing scams.
Traditional fishing can be a lot of fun, but online phishing is a more sinister sport. "Phishing scams are some of the simplest, but most dangerous, attacks on the Internet," said Risher. "Scammers build phony sites that look like legitimate sites — Google login pages, bank homepages — but that actually just steal your username and password. While it’s an age-old trick, the most effective phishing attacks still can succeed 45 percent of the time." To protect yourself, be wary of any site that asks for your personal information, and always double-check that you’re really on the site you intended to visit.
5. Set up account recovery information.
We’ve all been there: You desperately need to get into your account, but for whatever reason — maybe you’ve forgotten your password, or your account’s been locked for suspicious activity — you can’t get back in. It’s beyond frustrating. "By setting up an account recovery option, usually a phone number or alternate email, Google and other services can help get you regain access," said Risher.
And in honor of Safer Internet Day, Google decided to introduce a new tool in Gmail that tells you if an email you're receiving isn't encrypted, and therefore could be read as it travels across the Web. How does it work? If you receive a message from, or are about to send a message to, someone whose email service doesn’t support TLS encryption, you’ll see a broken lock icon in the message.
If you receive a message that can’t be authenticated, you’ll see a question mark in place of the sender’s profile photo, corporate logo or avatar.
"Not all affected email will necessarily be dangerous," said John Rae-Grant, product manager for Gmail. "But we encourage you to be extra careful about replying to, or clicking on links in messages that you’re not sure about. And with these updates, you’ll have the tools to make these kinds of decisions."