Staying Safe Online – A short guide for non-technical people

Mattias Geniar: Help, my computer’s acting up! If you know a thing or two about computers, chances are you’ve got an uncle, aunt, niece or nephew that’s asked for your help in fixing a computer problem. If the problem wasn’t hardware related, it was most likely malware, a virus, ransomware or drive-by-installations of internet toolbars.

Instead of fixing the problems after the infections, let’s do some preventive work: this is a guide to staying safe online, for non technical people. This means it won’t cover things like 2FA because I think the problem is much more basic: how to keep your computer and information clean and safe.

The goal is to have this be a guide you can share with your relatives and result in them having a safer computer with less problems that need fixing. If you agree with these pointers, go ahead and share the link!

If you are said relative or friend: this won’t take more than 30 minutes and you don’t need to be a wizard IT guru to implement these fixes. Please, take your time and configure your computer, you’ll be much safer because of it.

Enable auto-updates on all your devices

The number 1 problem with broken or infected computers it outdated software. Yes, an update can break your system, but you’re much more likely to have a compromised computer by the lack of updates than the other way around.

For all your devices, enable auto-updates. That means:

  • Your laptop, PC, Mac, …
  • Your iPhone or Android device
  • Your iPad or Android tablet

Enabling auto updates usually isn’t very hard. Go to your settings screen and find the Updates or Upgrades section. Mark the checkbox that says “Install updates automatically”.

Don’t reuse your passwords or PINs, use passphrases

But Mattias, I can’t remember more than 5 different passwords!

Good.

Neither can I! That’s why I have tools that help me with that. Tools like 1 Password.

They work really simple:

  • You install the app and a browser extension (it’s easier than it sounds, just click next, next & next in the installer)
  • You pick a strong, unique passphrase for your 1 Password master password
  • You let 1 Password generate a random, unique, password for your online accounts

Here’s the reasoning: your password right now is probably something like “john1”. You added the number 1 a few years ago, because some website insisted that you add a numerical value to your password.

Or you’re at john17, because every few months work makes you change your password and you increment the number. But these passwords are insanely easy to guess, hack or brute force. Don’t bother, you might as well not have a password.

There’s a famous internet comic that explains this very well, but it’s all very nerdy. The summary is: you’re better of using passphrases instead of passwords.

After you’ve installed 1 Password, it will ask you for the master password of your password vault. Make it a sentence. Did you know you can use spaces in a password? And comma’s, exclamation marks and questions marks? You could use “I followed Mattias his security advice!” as a password and it would be safe as hell. Spaces and exclamation mark included.

It’s got so many characters, even the fastest computers in the world would take ages to guess.

Now, whenever you need to make a new account for a Photo printing service, an online birth list, your kids’ high school, … don’t reuse your same old password, let 1 Password generate a password for you.

Next time you visit that website, you don’t have to remember the password, 1 Password can tell you.

If you’ve reused your current password on Facebook, Gmail and all other websites, now would be a very good time to reset them all to something completely random, managed in your 1 Password.

Install an adblocker in your browser

First, you should be using either Google Chrome or Firefox. If you’re using Internet Explorer, Edge, Safari or something else, you might want to switch. (Note: it’s not just personal preference, Internet Explorer is much more likely to be the target of a hack and you need a browser that supports “extensions” to install an adblocker)

You’ll want to block ads on the web not just because they’re ugly, but because they can contain viruses and you’re probably going to be browsing to websites that are using shady advertising partners that are up to no good.

Now that you’re on Chrome or Firefox, install uBlock Origin, probably the best adblocker you can get today.

  • On Firefox: ublock Origin on the Firefox Add-on page
  • On Chrome: uBlock Origin on the Chrome web store

Once you have it installed, you should see a red badge icon appear in your browser: 

Don’t bother with that little counter, as long the icon is red, the plugin is active and blocking ads and other potential sources of malware for you.

If you have other adblockers, like Adblock Plus, go ahead and remove them. They slow your browser down, you don’t need those of if you have uBlock Origin.

Offsite Back-ups

Do you like the data on your computer? Those pictures from your grand children, the excel sheets with your expenses and the biography you’ve been working on for years? Then you’ll definitely care about keeping your data safe in case of a disaster.

Disasters can come in many forms: hardware failure, ransomware, a virus, theft, your house burns down, …

If you take copies a USB disk once in a while: good for you. But it’s not enough. You want to store your back-ups outside your home.

And it isn’t as complex as it sounds. The only catch, it costs a bit of money. But trust me, your data is worth this if you ever need to restore the back-up.

My recommendation for an easy-to-use tool is Backblaze: it’s 5$ per month, fixed price, for unlimited storage.

You install the tool (again: click next, next & next), it’ll back-up all files of your computer and send it to the cloud, encrypted. If you ever need to restore it, log in to your Backblaze account and download the files.

Remember, your back-up account contains all your valuable data, choose a strong passphrase for the account and save it in your 1 Password!

Odd emails from strangers or relatives

It’s something we call phishing emails, where someone sends you an email, which looks very legitimate, and tries to fool you into browsing to a website that isn’t real.

The most likely targets are: your banking website, electrical or phone bill websites, your facebook/gmail/… account page, …

If you receive an e-mail and you’re not sure what to do: reply and ask for clarification. If it’s a spammer or someone trying to trick you, chances are they won’t reply.

If they replied and you’re still not convinced: forward to someone in IT you know, they’ll happily say “yes” or “no” to determine the safety and validity of the email. In most cases, we can tell really quickly because we see them all the time.

About those porn sites …

Yes, the P word. I have to go there.

If my history of fixing other people’s computers has thought me one thing: if your PC is infected with a virus, it’s probably because you visited a dirty website.

So let’s make a deal and agree never to discuss this in public:

  • PornHub: Don’t go to weird Fetish websites, stick to the popular and big ones like PornHub (trust me, they’re famous)
  • Go private: When you browse them, use your browser’s incognito mode to prevent cookies & your browser history from remembering what you did. You do this by clicking the 3 dots in the upper right corner () and choosing New incognito window.
  • Adblocker: When you visit such a website, make sure you have uBlock Origin installed, the adblocker. Shady websites do shady things to make money.

And if a link looks shady: don’t click on it. Please.

Want to go beyond these steps and optimally secure your computer? Check out DecentSecurity.com and follow their guides. If you found these tips useful to you, please help me spread awareness by sharing this post on your social network (Facebook, Twitter, …) using the buttons below this post.

Good luck!

Posted by on January 12, 2017. Filed under Technology. You can follow any responses to this entry through the RSS 2.0. Both comments and pings are currently closed.