Personal online security tips to protect your privacy

As we move more and more of our personal and professional lives online, we become increasingly vulnerable to the theft and misuse of our data. The number and range of threats to our online security and digital privacy keep growing – according to Forbes, 2020 broke all records for data breaches and cyber-attacks on companies, governments, and individuals.

With access to your data, hackers can open bank accounts and credit cards in your name, hold your personal details for ransom, and even steal your identity. Understandably, this is a terrifying prospect for internet users. Even in Europe, where General Data Protection Regulation (GDPR) legislation was introduced to try to safeguard personal information online, the majority of citizens say they are very worried about their online security.

Thankfully, steps can be taken to bolster your internet safety and strengthen control over your digital footprint. Here are six simple online security measures recommended by experts:

Having a strong, separate password for your email account

Alarmingly, even as data breaches and cyberattacks become more prevalent, a high number of internet users still don't use passwords strong enough to keep their accounts secure. A 2020 study examining more than a billion leaked credentials found that one of every 142 passwords was the highly guessable "123456". Overall, around 42% of the passwords were weak enough to be vulnerable to even basic attacks.

One of the key pieces of internet safety advice offered by the UK's National Cyber Security Centre (NCSC) is to use a unique, complex password for your email since it contains so much private information and can be used as an entry point to other online accounts. Length is key – it recommends using three random words that are specific and memorable to you, adding numbers and symbols if needed. The NCSC strongly advises against using the name of your current partner, one of your children, any other family member, a pet's name or your place of birth.

Using a password vault

Although some online security experts still recommend the regular changing of passwords, many now advise that strong, complex ones be kept until a user suspects they have been compromised. According to the digital identity guidelines issued by the National Institute of Standards and Technology in the US, updated in 2020, regular password changes actually make accounts less secure, because people tend to use predictable patterns when they change them.

A password vault or manager is a specialised, secure computer program used to store passwords and pin codes. This allows the account holder to use suitably randomised and complex passwords without struggling to remember them, or enabling browsers to store them – a fatal error in the eyes of IT security professionals.

Making the most of multi-factor authentication (MFA)

MFA requires two or more pieces of evidence to allow a user to access an online account. This evidence can take one of three forms: knowledge factors (such as a password), possession factors (such as a code texted to your mobile phone), or inherence factors (biometric information, such as a fingerprint scan).

While legitimate concerns have been raised about the security of SMS as a method of authentication, MFA is generally considered an effective way to strengthen online safety, and many governments actively promote its use. For example, Australia introduced legislation in 2020 requiring all telecommunication companies to implement MFA when customers attempt to transfer their numbers between providers.

Increase internet security on your phone

Smartphones may have revolutionised modern life, but they're also one of the easiest ways for cybercriminals to gain access to our information. Not only can the phone itself be easily lost or stolen, every time we use a public unsecured wifi network we may unwittingly be opening the door to anyone who wants to steal our data.

As well as pointing out the importance of having a screen lock with a strong password, pin or pattern on your phone and other devices, internet safety experts recommend enabling automatic software and app updates, since hackers quickly learn ways to outwit the security protections included in the most recent versions. They also warn against using unsecured wifi networks and advise people never to access bank accounts or sensitive data on these kinds of connections.

Keeping up to date on phishing/smishing scams

Phishing malware is one of the most widely used forms of cyber attack. A study by cybersecurity firm Deep Instinct found that malware increased by 358% in 2020, and attacks on Android phones alone increased by 263%.

The UK's NCSC warns that these scams are becoming increasingly sophisticated and hard to spot, but offers a few hallmarks to look out for, including:

authority (claiming to be a message from a bank, doctor, a solicitor, or government department).
urgency (giving limited time to respond).
current events (exploiting current news stories or certain times of the year, like tax reporting, to make scams seem more authentic).

As well as never clicking on a link in these kinds of communications, they recommend that anyone who receives a suspicious phone call, email or text message report it, to help authorities clamp down on scams more quickly.

For more on this topic, read our article on the various forms of online fraud, or check out our piece on specific scams related to Covid-19.

Securing your browser

The browsers we use to access the web can be made more secure in various ways. One method is to regularly clean out browser history and cookie caches, which can be used to track your activities online. There are also several browser plugins and extensions available that strengthen online safety.

Experts advise anyone conducting a financial transaction online to make sure the site uses Secure Sockets Layer (SSL), an encryption-based internet security protocol that makes these transactions more secure. In the address bar, a site that employs SSL will begin with “https://”, rather than “http://”. They may also show a closed padlock symbol.

It's becoming increasingly difficult to stay safe online, but being vigilant about dealing only with reputable sites can help to keep your personal and financial information safe. As a regulated foreign exchange platform, CurrencyFair uses two-factor authentication, encryption via SSL, segregated accounts, thorough verification and multiple other safety measures to ensure all transfers through our service are as secure as possible. See here for full details of our security procedures. For a more detailed look at sending money abroad securely, check out our guide:

Sending money abroad: a guide to international money transfers.