The internet has seen a massive rise in usage over the last decade. Thanks to smartphones and highly efficient yet cost-effective computers. Another reason is the hardworking developer community that has made development and use of the software more and more easy with the requirement of lesser and lesser technical sophistication. The capabilities of software programs have also enhanced exponentially. The need for distributed computing and connectivity to the world for staying updated on current trends is the reason for businesses to increase their online presence. Some of these businesses are completely online with no offline element in their service or product. With all the emphasis on usability, an aspect has been mostly ignored since it has been a hurdle in usability. The security of online assets is a factor that was getting less attention than it deserved until the last four years. Cybercrimes were not that frequent before 2013. The rise in internet usage has resulted in rise of cybercrimes. The rise in cyber crimes resulted in an increased awareness of the importance of cybersecurity. But, a single successful attack can be enough to cause a loss of multi-billion dollars. Companies know it and hence are working towards making their products safer. 

However, you as an end-user can not fully rely on the security measures taken by the companies that sell you the products you use. There are a lot of ways you can commit mistakes and render all the security measures futile. But there are certain habits which when developed can be of great benefit to the internet security of an average user. These habits are simple practices that are easy to adaptable.

How to Protect Yourself?

1. Use an Internet Security Suite: 

If you know anything at all about a computer and the internet, the chances are very high that you might be using an antivirus already (And if not then do not take the risk unless you are seasoned cybersecurity professional with data backups in place). An antivirus program combined with an internet security program set helps you in:

• Avoiding malicious downloads done by mistake.
• Avoiding malicious installs done by mistake.
• Preventing from being a victim to Man In The Middle Attack(MITM)
• Protection from phishing.
• Protection from damage that trojan horses may cause. Some Trojan Horses are built in a way that the majority of the code is for doing useful and seemingly innocent things while a small portion does something nasty like acting as a backdoor or escalating privileges.

2. Use Strong Passwords: 

This can’t be emphasized enough. If you have “qwerty123” as your bank’s password and a lot of money in the account, you must be ready for a surprise transaction. You should not fully rely on the rate-limiting measures used by websites that you visit. Your password should be strong enough to be practically unbreakable. A strong password is one that is 12+ characters long and contains a diverse use of alphabets(both cases), numbers and symbols (and spaces). Setting a really unbreakable password should not be difficult specially when there are help available as random password generators. You can use this one or this one. 

3. Keep Your Software Up-to-Date: 

Despite the developer’s best intention to create secure software and thorough reviews from the security teams, there are unfortunately many zero-days that are revealed once the software is being used by a large user base. Companies are well aware of this fact and that is why they release frequent updates to patch these vulnerabilities. This is the reason why those updates, however annoying they may be, are important. They help in preventing attacks that can easily skip the radar of the antivirus programs on your computer. 

4. Avoid Identity Theft: 

Identity theft is when someone else uses your personal information to impersonate you on any platform to gain benefits in your name while the bills are addressed for you. It’s just an example, identity theft can cause you to damage more serious than financial losses. The most common reason for identity theft is improper management of sensitive personal data. There are some things to be avoided when dealing with personally identifiable data:

• Never share your Aadhaar/PAN number(In India) with anyone whom you do not know/trust.
• Never share your SSN(In US) with anyone whom you do not know/trust.
• Do not post sensitive data on social networking sites.
• Do not make all the personal information on your social media accounts public.
• Please never share an Aadhaar OTP received on your phone with someone over a call.
• Make sure that you do not receive unnecessary OTP SMS about Aadhaar(if you do, your Aadhaar number is already in the wrong hands)
• Do not fill personal data on the website that claim to offer benefits in return.

5. Be careful with links and attachments: 

Be careful when clicking on links or attachments in emails, even if they seem to be from a trusted source. It’s always best to verify the authenticity of the email and the link or attachment before clicking on them.

• Verify the authenticity of the email: Before clicking on any links or attachments in an email, verify that the email is legitimate and that it comes from a trusted source.
• Check the sender’s email address: Phishers often use email addresses that are similar to, but not exactly the same as, the email address of a trusted source. Be sure to check the sender’s email address carefully.
• Look for suspicious links: If an email contains a link, hover your cursor over the link to see where it leads. If the link is suspicious, do not click on it.
• Be wary of unsolicited attachments: If you receive an attachment from an unknown sender or that is unexpected, be wary of opening it. Malicious attachments can contain malware that can infect your computer.

6. Use of Domain-based Message Authentication, Reporting & Conformance (DMARC) : 

DMARC is a protocol that allows email domain owners to publish a policy in their DNS records that specifies which mechanism(s) are used to authenticate email messages sent from their domain and how the receiving mail server should handle messages that fail evaluation

7. Take appropriate actions if you have been a Victim: 

There are few things that should be done as soon as you realize you have been hacked:

• File a formal complaint with the police and inform the other relevant authorities.
• Try regaining access to your compromised accounts by utilizing secondary contacts.
• Reset the password for other accounts and websites that were using the same password as the account that was compromised.
• Perform a factory reset and proper formatting of your devices that are affected(assuming you have your data backed up already).
• Stay aware of the current data breaches and other incidents of the cyber world to prevent such incidents from happening again and staying safe online.

Note: If you are serious about your online security and privacy then there are some websites that you may follow:

1. ThreatPost
2. The Hacker News
3. Security Week