As we’ve become more and more reliant on devices and the internet in our day-to-day lives, the more of our data and information has been uploaded to the web. Not only that, but many of us rely on the internet for work or play — and internet security is essential to that. Whether you’re worried about nefarious hackers, government spying, or nosy advertisers, you can help protect your data by following a few easy steps and using a few different (and free) tools.
Here are the cybersecurity essentials — used by everyone from security experts to journalists — to get you started.
If you’re worried about privacy and protecting your information, you can follow some simple rules to make sure you have a head start against any would-be spies.
First, use a strong password. The best kind of password doesn’t contain words or fragments, but rather a random assortment of letters, numbers and special characters. You can also use a password manager like LastPass, Password Safe, or KeePass. 1Password is a popular option for iOS. Additionally, don’t use the same password across all of your accounts.
Next, make sure not to over-share information on social media. You really don’t need your phone number, email address or birth dates readily accessible to the public, do you?
Set up a Google alert for your name, so you can keep tabs on how your identity is being perceived or used without your consent. Don’t like advertisers gathering information about you? Use a non-tracking search engine like DuckDuckGo.
Lastly, try to enable two-factor authentication whenever you can. In that case, your accounts will have an extra layer of security even if your passwords become compromised.
There are many options when it comes to encrypted messaging services, but two of the best are WhatsApp and Signal.
WhatsApp is a popular messaging app, and it might be one that you already use. But what you might not know is that WhatsApp actually features end-to-end encryption: the messages you send are scrambled, ensuring that only you and the recipient have the key needed to read them.
Signal is another excellent choice, and is popular among journalist and security experts. Along with end-to-end encryption, it also features disappearing messages — meaning that there will be no record of the conversation after the messages expire.
Signal is arguably better encrypted, but a messaging app is only useful if you use it — and you probably have more friends on WhatsApp.
Get a Secure Email Client
If you’re worried about various entities reading your email, you should look into Proton. It’s a free, secure email client based in Switzerland — meaning that it falls under Swiss, rather than American, privacy laws. That means the U.S. government can’t force Proton to give up your data. Forbes famously called it “the only email system NSA can’t access.
All emails sent through the service are end-to-end encrypted, and the client never logs your IP address. Besides a browser-based version, the service also has an Android and iOS app so you can take your secure emails on-the-go.
Some other options are Tutanota and KolabNow. Both are open-source and free-to-use. For something a bit more feature-packed, Berlin-based Posteo.de is held in very high regard among security experts. It doesn’t ask for any information when you sign up, it features two-factor authentication, and it allows you to pay others anonymously. Unfortunately, it’s not free.
If you’re serious about encrypting your online activities on your computer, there’s The Onion Router, also known as the TOR project.
TOR Browser is a lightweight program, available to download for both PC and Mac, that obscures your online browsing via a proxy network. When you use TOR, your computer doesn’t directly access a site — the program sends your request through various servers spread across the world. That way, the site you’re accessing never actually sees your IP address.
Of course, this security doesn’t work if you’re accessing a site that asks for login or other personal information — like Facebook or other account-based services. While your computer and IP address might be anonymous, TOR doesn’t hide the specific, possibly compromising activities that could give your identity away.
Use a VPN
A VPN works by extending a private network over the public connections we use daily. VPNs use a series of discrete networks or computers to secure and encrypt communication when using the internet. A user logging into a VPN would typically access it via a client/browser window, log-in with special credentials (really similar to how you’d log into your email) and voila — once inside the VPN, the user is secure from any eavesdropping or spying.
Any time you’re doing something on the internet, you’re exchanging and sending data to another source. A VPN ensures that each time you do so, all the data that’s being sent from your end is encrypted, and safe from people seeking to steal it. Learn more about VPNs and some of the best VPN services available, here.
Even with using privacy services like TOR, some of your DNS traffic might still leak through, potentially compromising your anonymity. To find and plug those leaks, you can use DNSLeakTest.com.
Similarly, you can see just how much information your computer web browser is giving away by going to BrowserLeaks.com or Panopticlick. You can take notes and additional steps to plug those leaks, too — like turning off cookies and disabling site tracking.
Many apps on the iPhone use location services — while this can be great for remembering exactly where you took that iPhone picture, it also means that your data might have scarily specific locations attached to them. For example, the Exif data embedded into your bathroom selfie can potentially let attackers know exactly where you live. Paranoid? Just turn off location services for any or all apps via Settings > Privacy > Location Services.