Digital Security Coach

Take a crash course on digital security.
Learn how your digital life can be endangered and what you can do to protect yourself.

Free
We aren't here to sell you anything. We don't make any money if you follow our suggestions, most of which are also free.
Quick
We try to explain things with only the important details, making this a quick read.
Easy
We recommend solutions that are practical for the average person.

Step 1. Understand the problem

Understanding the problem is half the battle. You’ve probably heard news stories about people and companies getting hacked, but knowing the facts and being aware of how these attacks can hurt you should make you more motivated to protect yourself.

Prevalence

Digital security is a really hard problem. Individuals and organizations are hacked frequently, and you probably don't even know about it most of the time. As we put more and more information online and in digital systems, hackers have an ever greater incentive to break in.

In 2017, a survey of small and medium sized business found that more than half reported being attacked in the past year. On average, each company lost $1,835,011 due to disruption of operations and damage to or theft of digital assets.

You might think that large, well-known companies have the expertise and resources to fend off hackers, but the truth is that they are not immune. Here are just a few cases:

Yahoo was hacked in 2013, leaking names, email addresses, and passwords for about 3 billion accounts across its various websites.
Equifax, one of the three major credit reporting agencies, was hacked in 2017, leaking personal information for about 143 million people. Some of the information included names, Social Security numbers, addresses, birth dates, and driver's license numbers.
eBay was hacked in 2014, leaking names, email addresses, addresses, phone numbers and birth dates for up to 145 million users.
Home Depot was hacked in 2014, leaking information for 56 million credit and debit cards.

Check a password

This will check if a password is in Have I Been Pwned's list of passwords that have been publicly exposed. The password will not be sent to us, but do not submit a password that you actually use. Use this to better understand the point that many passwords are no longer safe to use. Once a password has been exposed, it should not be used again because hackers will try known passwords to break into other services.

Consequences

If you've never been impacted by a digital security breach, you may not be very aware of just how harmful it can be. Here are some ways:

Identity theft

Your personal information can end up being distributed or sold, and one of the main things people do with that information is to commit identity theft. Armed with your information, someone else can open accounts in your name, apply for credit cards, and even file tax returns to try to steal your refunds.

Hacked webcams and microphones

Viruses can be programmed to activate your webcam without you knowing (they can turn off the indicator light while keeping the webcam on). Hackers can then collect pictures and videos of you, which they can use to extort you. One hacker said in 2013 that access to a woman's webcam could be bought for about $1 on an online black market. You may want to cover your webcam with a sticker or tape since it's very hard to guarantee that you will never get such a virus.

Ransomware

Ransomware refers to viruses that lock your device or files until you pay money to the hackers. Sometimes there will be a deadline, at which point the files are permanently deleted. In 2017, a global ransomware attack affected computers worldwide, including those in at least 16 hospitals in England, locking patients' records.

Physical harm

As more of our physical world becomes digitally connected, we also face greater threats from digital breaches. In 2017, the U.S. Food and Drug Administration had to recall certain pacemakers because "hackers could remotely cause the batteries to rapidly go flat or force the pacemakers to run at potentially deadly speeds." This doesn't mean the benefits of going digital aren't worth it, but it does mean that we should account for these new vulnerabilities.

Doxing

Doxing refers to the practice of finding personal information about an individual and making it public. Sometimes the information is already public (like on a social media website), but sometimes it is obtained through hacking. The goal could be to extort, shame, or harass the target.

Step 2. Take action

There is no such thing as perfect security, but there are steps you can take to make it less likely that your digital life will be compromised. Do whatever you feel comfortable with. The goal is to make you more secure, and every bit helps.

Be vigilant

Hackers can't steal what doesn't exist. Be reluctant to give websites personal information, and you'll keep your potential exposure to a minimum.

Don't click on sketchy links, download files from sources that you don't know, or install programs and apps without vetting them.

Keep your software updated

Updates frequently include security fixes. By not updating your software, you're leaving yourself exposed to known vulnerabilities.

Sign up for Have I Been Pwned

Sign up so that you can be alerted when your email address shows up in future data breaches.

Visit websites through HTTPS

Have you ever seen something like this in your browser's URL bar and wondered what it means?

HTTP is a standard for how data is transmitted on the internet. HTTPS is a secure (hence the 'S' at the end) version of this standard. With HTTPS, the information that is transmitted between you and the website is concealed. With plain HTTP, a hacker in the middle can view whatever you send and receive.

Whenever you are doing anything particularly sensitive, like logging in or providing credit card information, it is especially important that it is done over HTTPS. A website that allows these activities over HTTP is failing to take a basic step to keep you secure. Take care to double check.

You can also install HTTPS Everywhere, which is a free browser extension that will try to make as much of your web activity go through HTTPS as possible.

Use two-step authentication

Two-step authentication means that when you log in to a service, you have to verify your identity in more than one way, making it harder for hackers to break into your account because they need more than just your password. For example, you might have to enter a code that is texted to you. This may seem annoying, but you should at least use it for particularly important accounts, like your email account. Here are instructions for setting up two-step authentication on some popular services:

Use a password manager

Password managers are services that generate and store your passwords for you. They can generate very secure passwords and relieve you of the burden of remembering them. They can also autofill your information to make logging in easy, even on mobile devices. Here are some options:

Use an ad blocker

Ad blockers are programs that stop ads and trackers from loading. Companies use trackers to collect data on your browsing activity in order to serve targeted ads. That's how you can view a product on one website and then see ads for the same product on a totally different website days later.

Blocking ads is good for security because ad networks can be used to deliver viruses and other malicious software. This technique is called malvertising. You may also be uncomfortable with the amount of information ad companies are collecting on you.

Keep in mind that many content creators depend on advertising for funding. If you do decide to use an ad blocker, consider finding another way to support them, such as purchasing a subscription, making a donation, or disabling the ad blocker on a per-site basis.

Desktop

You can install the free uBlock Origin browser extension.

Mobile

You can use the free Firefox Focus browser.

Step 3. Share the knowledge

If you found this guide helpful, please consider sharing it.

Email LinkedIn Google Plus

You can also contact me through Twitter or email with any feedback or suggestions.

Made by Danny Guo. Hosted on GitHub with a MIT license. Powered by Have I Been Pwned and Netlify. Logos provided by Clearbit.