Eight ways to stay safe online

To avoid falling victim to phishing attacks, consider using strong passwords for your accounts, enabling two-factor authentication as well as scrutinising permissions for apps.
To avoid falling victim to phishing attacks, consider using strong passwords for your accounts, enabling two-factor authentication as well as scrutinising permissions for apps. PHOTO: REUTERS

Stay safe online with these tips from the Cyber Security Agency of Singapore and cyber security firms Akamai, Check Point and HackerOne.

1 Be wary of questionable links and files

To avoid falling victim to phishing attacks, do not carelessly open links or files sent via e-mail or social media.

Examine the URL of links to ensure they are legitimate before clicking on them. Be extra cautious if an offer or deal sounds too good to be true. Never reply with personal information such as passwords or bank account details.

2 Use strong passwords

Strong passwords have a mix of random alphanumeric characters and symbols that are harder to crack by brute-force attacks.

However, they can be difficult to remember. This is especially so if you follow what experts recommend and do not reuse passwords for your different accounts.

The solution is to use a password manager to generate and automatically fill in the passwords for your accounts. All you need is to remember a master password.

Google's Chrome browser, for instance, comes with a built-in password manager. It even has a Password Checkup feature - launched last year for Android and the Web - that can check saved passwords to see if they had been leaked or compromised in past breaches.

Alternatively, choose biometric authentication methods such as facial recognition or fingerprint if available.

3 Enable two-factor authentication

Turn on two-factor authentication - an extra layer of identity verification through a one-time password or biometric authentication - to secure your online accounts.

For those who are at greater risk of being targeted by cyber criminals - journalists, activists and business leaders, for instance - Google has an Advanced Protection Program that offers enhanced security for personal Google accounts.

For instance, users must use a physical security token - on top of a password - to sign in to their Google accounts.

Google also limits access to Gmail and Google Drive files to its own apps and select third-party apps, thus reducing the chance of a malicious app gaining access.

4 Keep up to date

Prevent cyber attacks that exploit software bugs by keeping your apps and software updated with the latest patches.

Turn on automatic updates, which are usually scheduled to occur in the middle of the night to avoid disruption.

5 Scrutinise app permissions

Malware may disguise itself as legitimate apps to get past your defences. Hence, avoid downloading apps via links in e-mails or social media.

Use the Apple App Store or Google Play Store instead of unofficial third-party stores or websites.

Although the vast majority of apps from the official app stores are safe, there have been cases where malware have got past Apple and Google's checks.

To mitigate the harm that could be done by such apps, scrutinise the permissions requested by a new app and deny unnecessary ones. For instance, a weather app should not need access to your photos or phone call function.

It may also be helpful to check the number of times the app has been downloaded before you get it, though this is not a fool-proof method.

6 Use a VPN

A virtual private network (VPN) creates a secure, encrypted connection over the Internet. It is handy if you are using a public or unsecured Wi-Fi connection.

While most VPNs are not free, there are decent free ones around, albeit with limitations, such as data quota. For infrequent users who do not need unlimited data, check out free VPNs such as ProtonVPN, hide.me and TunnelBear.

7 Disable cameras and microphones when not in use

Several PC makers have added physical privacy shutters to the front camera of laptops to block prying eyes in the event of the computer being compromised by malware. Or you could simply paste a sticky tape over the camera.

To disable the microphone in Windows 10 PCs, go to Device Manager, Audio inputs and outputs, right-click Microphone and select Disable. For Mac computers, go to System Preferences, Security & Privacy, click Privacy. Select Microphone to change an app's access to it.

Apple's Safari browser for iOS 13 also lets you control the camera and microphone permissions for each website.

8 Back up your data

Even if you take all conceivable precautions, it is still possible for your devices to suffer from a ransomware attack that locks their contents unless a ransom is paid.

Thus, it is important you back up your data regularly to multiple locations to mitigate data loss. Consider using a reputable cloud storage vendor, such as Microsoft OneDrive or Google Drive, on top of an external storage device.

Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Straits Times on February 12, 2020, with the headline Eight ways to stay safe online. Subscribe