Safe browsing tips

By

How to protect your sensitive information when browsing the Internet

The web browser is your window to the Internet. Unfortunately, it is also the Internet's window to you! Learn how to put a curtain on that window through these safe browsing tips. 

A safe browsing strategy

Your web browser keeps a record of the information that you type into it as you interact with various websites. It also keeps track of your browsing history. As it accumulates more and more information about you, your browser is turning into a treasure trove that is a tempting target for thieves.  

 Cyber criminals can steal your information in several ways: (a) by copying it from your computer, smartphone or tablet, (b) by intercepting it as it travels through the Internet, and (c) by copying it from the websites that you interact with. Here is a safe browsing strategy that covers those points of attack:
  • Reduce the information kept by your browser
  • Keep your computer, smartphone and tablet malware-free
  • Use an encrypted connection
  • Don't land on a fake website
  • Minimize your exposure 
These do's and don'ts might take some of the fun out of your browsing experience. But that is a small price to pay for your safety and security. Here we go...

Reduce the information kept by your web browser

Clear your browsing data

Delete the passwords that you have allowed your browser to memorize. Here's what happened to someone who didn't.

You can also clear other browsing-related data and tell your browser to never save your passwords. Tap here to see how it's done in the Chrome browser. For Safari on iOS, launch Settings on your iPhone or iPad, tap "Safari," then tap "Passwords" and then delete the saved passwords one by one. To clear Safari's history and cookies, scroll further down and tap "Clear History and Website Data."

Unfortunately, I am unable to include here the procedure for every browser and device. Please google the procedure for yours. For example, try googling "how to clear browsing data in FireFox on Android" or "how to delete saved passwords in Internet Explorer." 

Use "private browsing" mode

Before typing anything into a browser, set it to private browsing mode. Here's how to do it for Chrome. For other browsers, please google the procedure by typing something like, "how to do private browsing in Safari."

Private browsing mode is also called Private Tab, InPrivate Browsing and other names.

When in private browsing mode, the browser does not keep a record of the websites that you visit nor store their "cookies."

Note that private browsing mode will not prevent search engines, websites and corporate networks from recording your browsing activity. So always keep your guard up when using your browser.

In most browsers, you will have to choose private browsing mode every time you open a new browser window. If you prefer a browser that's always in private mode, there's Duckduckgo's browser and Firefox Focus.

Keep your computer, smartphone and tablet malware-free

Information thieves use various methods to slip their malware into your computing devices. The malware helps them to steal and/or delete your data, spy on you or do other unpleasant things. Here's how to stay malware-free.
  • Stick to established, well-supported web browsers like Chrome, Safari, Edge, FireFox, Opera and Duckduckgo.
  • Do not allow add-ons such as extensions and plugins to be installed in your browser unless absolutely necessary. When new toolbars, icons and menu items appear on your browser, check for newly installed add-ons. Check your browser regularly and delete the add-ons that you do not need anymore. To understand what browser add-ons are and how dangerous they can be, please visit this page
  • Ensure that Google Safe Browsing or SmartScreen is turned on in your browser settings. Avoid websites that it flags as unsafe.
  • Learn how to recognize and handle malware-carrying emails.. Opening the attached files or clicking the links in them can cause malware to be downloaded into your device.
  • Download apps only from trusted sources such as Google Play and Apple's App Store. Download PC apps only from reputable websites.
  • Install only apps verified by Google Play Protect into your Android device. 
  • Ensure that the antivirus of your Windows and Android devices are updated and scanning your devices daily. Also, do a scan before doing any online banking or shopping. 
  • Chrome browser users can get help on removing unwanted pop-ups, ads and malware here.
  • If you are unable to fix a virus or any other security problem, stop using your device and get expert help. 

How to deal with pop-up windows

Be very careful with the windows that pop into view as you browse a website. Watch out for fake pop-ups that masquerade as legitimate messages or prompts. They often try to pressure or scare you into clicking a button or entering sensitive information. For example, the pop-up will inform you that your computer has been infected with malware and tell you to immediately click a button to download an antivirus. Don't type or click anything on the pop up—not even the Close or X icon. On your PC, launch Task Manager and use it to close the whole browser. On your Android smartphone, tap the Recents button and close the browser. On your iPhone or iPad, tap the Home key twice and close the browser.

You can tell your browser whether to block or allow pop-ups from specific websites. Here's how for Chrome. For other browsers, please google the procedure by typing something like, "how to manage pop-ups in Safari."

Use an encrypted connection

The rule is to not type any sensitive information into the browser if any part of the connection is not encrypted. 

Do not input sensitive information into non-https web pages

Before typing any sensitive information into your browser, make sure that its connection to the website is encrypted. Inspect the address bar of your browser (it is where you type in the name or address of the website that you want to visit). The connection is encrypted if you see a padlock icon and the address or URL starts with https instead of http.
Look for a padlock icon and "https" on the browsers address bar

Avoid public WiFi...

Avoid using the public WiFi offered in coffee shops, malls, train stations and such. Many of them do not even require a password, so set your computer, smartphone and tablet to not connect automatically to these "open" networks.

 If you have no choice but to use a public WiFi, here are some safety guidelines:
  • Before connecting to a public WiFi, turn off file sharing or make your computer invisible on the network. Here are the procedures for certain versions of Windows and Mac
  • Don't enter your username, password or other sensitive information into your browser unless you are sure that its connection to the website is encrypted (i.e., you see https and a padlock on the address bar). 
  • Unless you are sure that a smartphone app uses end-to-end encryption, don't use it while you are connected to a public WiFi. The use (or non-use) of encryption by some popular smartphone apps can be found here.
For more on public WiFi, visit this page and this one, too.

...or use a VPN 

VPN stands for "Virtual Private Network." It makes all the apps on your smartphone safe to use on a public WiFi. 

For more on VPNs and how to get one, click here. For a comparison between https and VPN, click here.

Don't land on a fake website

If your browser lands on a fake website, all the information that you type into it will go straight to the information thieves. Here's how ensure you're on a genuine website:
  • Type the correct address of the website you want to visit into your browser's address bar. For example, PayPal's correct web address is https://www.paypal.com. To visit PayPal's website, always type this exact address into your browser. Before hitting "Go" or "Enter," inspect every character and symbol in the address.
  • Before typing or clicking anything on the website that you landed on, make sure it's the genuine site. Is the correct web address displayed on the browser's address bar? Is there anything that seems out of place, like grammatical mistakes or outdated images? If you have any doubt, play it safe: disconnect from the Internet, close the browser and scan your device for malware.
  • Do not click any link in an email, document or webpage from an untrusted source.

Minimize your exposure 

Make your information obsolete, if possible

Unfortunately, you cannot take back the information that you have already sent to a website. This information puts you at risk until it becomes obsolete.

You can hasten the obsolescence of some of your sensitive information. For example, you can ask your credit card issuer to replace the credit card that you have used in too many online shopping sites.

Disclose as little information as possible

Validate all requests for information and find ways to avoid disclosing non-expiring or very sensitive information, such as your social security number, passport number, bank account number, and credit card information. Here are some tips:

Validate the request

 When you are prompted by a website to provide information about yourself, ask yourself why they want it. For example, why do they need to know your social security number? Do they really need it to help you accomplish your objective? Is the organization that runs the website worthy of your trust? Is the risk worth the reward? If not, then back away. 

Avoid or minimize risk

 If you are faced with a valid request for information, your next task is to minimize your risk by:
  • Providing information that carries the least risk, or information that you can easily replace.
  • Giving as little information as possible.
Here are some examples:
  • Avoid using your credit card online. Instead, use safer alternatives such as PayPal or a virtual credit card.  
  • If you can only pay with a credit card and you have two of more of them, use the one with the lowest credit limit.  
  • For online payments, use your credit card instead of your debit card or bank account.  
  • When filling up an online form, do not fill up the fields that are not mandatory.
  • Do not use your real personal information when enrolling in mailing lists, gaming sites, discussion forums and the like. Create an alter-ego of yourself for such sites. Give your alter-ego its own email account. 

Additional Reading

For more safety tips, visit the following sites:

US-CERT

Comments

Post a Comment

Popular posts from this blog

How to obtain your first Professional Tax Receipt (PTR) in the Philippines

By
Image
I would like to share how I obtained my first Professional Tax Receipt (PTR) at the Manila City Hall. I suppose that the procedure and requirements are similar in various jurisdictions in the Philippines. As a first-timer, I needed to prove that I passed the professional licensing exam. So, I brought with me a hardcopy of an email from the company where I was affiliated with which attested that I had passed the licensure exam. I also prepared some money to pay the tax, which amounted to Php 300. Then I went to the Manila City Hall, where I was directed to the Licensing Division on the Ground Floor. There, the staff inspected the email message. Satisfied that everything was in order, he prepared a small slip of paper called "Order of Payment" and instructed me to take it to "Window D" of the Taxpayers' Lounge located on the Ground Floor. At Window D, I paid the tax and was issued an official receipt. The official receipt indicates my profession and the amo
Read more

How I added streaming to my audio system: My experience with the Arylic A50 streaming amplifier

By
Image
  This bird’s-eye view on the Arylic A50 streaming amplifier is for audio enthusiasts who may be in one or more of the following situations: -           Looking for an audio streaming solution -           Needing a small (40- to 50-watt per channel) high-fidelity stereo amplifier for their loudspeakers -           Planning for a multi-zone (multi-room) audio system installation -           Have a tight budget (less than US$200)     -           Are curious about the A50 or about anything related to audio  Disclosure: This is a sponsored post. I received compensation from Arylic by way of a partial refund on the purchase price of their product. Regardless, I only recommend products or services that I truly believe in. What I needed The last time I upgraded my audio system was ten years ago, when I purchased a pair of Paradigm Mini Monitor v.6 speakers and a NAD C 356BEE 80-watt per channel stereo integrated amplifier. A 120-watt Dynaquest DQ-120 subwoofer (purchased in 2002
Read more

How to transfer the ownership of a privately owned vehicle in the Philippines

By
Image
Transferring the ownership of a motor vehicle was a frustrating experience for me. This was because I was not thoroughly familiar with the requirements and the process. I would like to share how I should have done it so that other first-timers will have a more streamlined and pleasant experience. The procedure described below applies to the case where a privately owned motor vehicle is sold by its owner to a buyer. If your case is different, please look for the applicable procedure on web site of the Land Transportation Office: http://www.lto.gov.ph/motor-vehicle-registration/307-transactions-requiring-change-of-certificate-of-registration.html If the seller has just completed all of his mortgage payments, the car needs to be released from its chattel mortgage before it can be sold. Please read this article: What to Do Next After Paying Off Your Car Loan . Let’s begin with some preliminary notes: a) The seller should take the lead in this process. He should see to it that
Read more