Photo by James Sutton on Unsplash
On this first post, I would like to start talking about a topic that should be of concern for everyone with a computer and access to the World Wide Web (The Internet). I do not intend to give you here the most exhaustive list of actions to take to be secured while browsing,
One of our goal with the Zumberos Club is to help our members (family and friends) to reach a healthier life, one of the major influencers in your health today is stress, everyone feels stressed for different reasons, one of this reason might be that you feel insecure when accessing different sites in the Internet, this is the topic I would like to address in this post, and I hope by following some simple tips and guidelines as well as adopting the use of some tools, you will feel more confident when browsing and also be able to better recognize threats online.
I have always asked myself how could I help members of my family and friends that are less interested in technology to browse the Internet more securely and diminish the possibility that their computer or other devices might get infected or even that their online identities get stolen or compromised. The area of cybersecurity and privacy is something that I have always been interested in, I follow many different sites, news, twitter accounts and listen to podcasts on these topics weekly, so one of my goals is to use this information and get the more important aspect and bring them to you hopefully in a form that is simpler and easier to digest and use. I will split the discussion in 4 aspects, first what are the basic things to know and do right away, we will then touch on passwords and how to manage them, we will look at some things to be aware of when checking your emails and then we will look into VPN (Virtual Private Networks) services that will help you stay secure when you connect to public WiFi spots like at Starbucks, airports, etc.
1.- Basics
Nowadays, it is common that most web sites implement a way to secure the communication between the server and your web browser (encryption via TLS), the way you would realize that this is the case is by checking that your browser shows an icon of a lock in the address bar (Image 1), this is where you normally type the address of the site you want to visit (e.g. www.google.com) .
Some sites will not switch automatically to the secure connection, so always try to force the use of the secure connection by editing the URL (Uniform Resource Locator) and append it with https://, so for the above example you would enter https://www.google.com.
Another issue is the use of tracker by advertising sites that get loaded with the content of the website you visit, for this I would recommend that you install the “
2.- Manage your Passwords
When it comes to passwords, in today’s world,
This is something you need to avoid at all cost.
People tend to be very bad at creating good passwords, we tend to use dates, pet names, or the dreaded “password123”. Bad actors today can get access to very powerful computers for cheap, so it is increasingly easier for them to brute force passwords that are commonly known, such as the one mentioned above, or numeric only passwords, words that can be found in the dictionary or in books.
The recommendation here is that you have to use completely different passwords for each and every website where you create an account. You might say “Jose this is too much to remember”, yes in fact it is specially when you should have passwords with a length of 14 to 20 characters. But do not despair, this is where the use of password manager software comes in to play.
There are many options in the market, I recommend you take a look at 1Password, Last Pass, Dashlane and KeyPass. Some of them provide a free version that for many people is enough, or you can choose one of their paid options if you feel you want to support the creators of the software.
So, what is a password manager? Yes, you will be right if you said it is a piece of software that helps you store, search and organize your passwords. They will store all your username/password for all your sites typically in a file or database that is encrypted by a password that only you would know, and that would be the only password you will need to remember going forward. Once you use this password to open your passwords vault (as it is normally known) you then can access all your other passwords.
Usually the companies that provide these applications would have plugins for all the major browsers, which further simplifies the use and management of your passwords. For example as you visit a site and while being presented with the form to create a new account, your password manager plugin would prompt you to generate a new secure password and will automatically store it in your vault together with the username and the URL for the site.
The next time you visit the site then the application will fill the user and password filed on your behalf (of course once you have unlocked it with your master password). Again, this is of paramount importance in today’s life online, DO NOT REUSE passwords, each website in which you have an account it most have a completely different password from any other.
3.- Email Content
Email is not going away anytime soon, so we need to live with the fact that when it was created, online security was not of concern, so not much is implemented by default in the protocol used for email transfer. There are applications that will encrypt you emails before you send them, but only a small percentage of people is aware of it and has the software installed.
This is a topic that I could discuss in future posts if it is of your interest.
In this post though, my intention is to highlight the fact that, more and more, bad actors are using email to infect computers with viruses, bitcoin mining software, ransomware, etc. There are a couple of things I would like you to keep in mind regarding email.
First of all, NEVER CLICK on a link in an email from a sender that you don’t know. Even if you know the person, always be wary of any link sent to you in an email. If you believe that the email is legit, I would still recommend that you hover with the mouse over the link and see if the URL that the application shows correspond to the text or the company/person sending the email.
If the email appears to be from your bank or similar institution, don’t click the link either, it is better that you type the URL for your bank in the web browser, login, and check if the information in the email really applies to your account.
So, again, if there is one thing you remember from this section, let it be this: NEVER CLICK on links from weird or unknown email senders.
4.- VPN Services
Although this is something that probably not many people would be aware of, I wanted to briefly mention it, as it is, I think, important specially if you have the habit of bringing your laptop, tablet or even your mobile phone to public WiFi places.
Usually places like cafes, restaurants, airports, downtown areas, etc, provide free WiFi spots. These are normally very insecure, information is normally not securely encrypted and this could allow bad actors in the same network to be able to see all the information being exchanged with your device in clear text.
This is where having a VPN software installed on your device will come handy, the VPN software will create an encrypted tunnel between your computer, tablet, etc to the VPN’s provider servers. This immediately block the bad actors in your vicinity from looking at the information going/coming to/from the network to your device.
These services are usually paid, although you can probably find a free service, most VPN vendors provide a free tier up to a maximum amount of data per day.
Here are a couple of services that in my experience are trust-wordy and you could check them out: NordVPN, ExpressVPN, TunnelBear VPN.