6 Easy Rules to Follow to Stay Safe Online

Teaching people how to stay safe online and avoid falling victim to cybercrimes primarily revolves around human behaviour.

For those deeply entrenched in the world of IT or passionate PC enthusiasts, computers may seem as logical as Mr. Spock himself. However, for individuals less familiar with these digital realms, encountering a typical Windows error message can be akin to deciphering Klingon.

[FREE E-BOOK] The Definite Blueprint for Cybersecurity in Manufacturing

Unfortunately, computer protection can sometimes appear as though it operates on the principles of magic for this latter group. Yet, in reality, most of the measures to ensure online safety are grounded in basic psychology and human behaviour.

When ransomware infiltrates a business network, it’s often not the work of a sophisticated hacker with malicious intent. More frequently, the root cause lies in something simpler: an individual falling prey to a cunning form of social engineering.

Those responsible for educating others on online safety need not delve into the complexities of buffer overflows and code injection. Instead, the focus should be on equipping individuals with a healthy dose of skepticism and heightened awareness of their digital environment. I’ve condensed the lesson plan into six straightforward and easily digestible rules.

1. Stay Calm and Assess

A seasoned expert in computer security once imparted valuable advice: “Don’t just do something. Just stand there.”

Wait a minute, though, that wasn’t actually a security expert; it was the White Rabbit from Disney’s Alice in Wonderland, circa 1951. Nevertheless, the wisdom still holds true.

When individuals encounter potentially hazardous situations online, their instinct is often to panic and hastily attempt to resolve the issue. For instance, upon receiving an email warning of a pending $480 charge to renew a fictitious Geek Squad contract or claiming ransomware on your computer, the urge to dial the provided toll-free number might be strong. However, this action would connect you to a call center where malicious individuals are eager to exploit your vulnerability and extract genuine charges from your credit card.

Scammers thrive on inducing fear. Therefore, before taking any action, grant yourself the necessary time to assess the actual level of threat.

2. Exercise Caution with Unknown Files

Attachments in emails pose a common avenue for security threats. These attachments can take the form of executable files or, more commonly these days, Word documents, PDFs, or HTML files. They might execute attack code or simply serve as a means to trick you into providing your email or bank account details.

When you receive a file from an unknown sender, the last thing you should do is open it. Even if the file appears to come from someone you know, exercise caution—especially if the message is unsolicited. The sender’s account could be compromised or their information faked.

If you suspect a file or a link in an email is suspicious, consider uploading it to VirusTotal (https://virustotal.com). This trusted, free platform, owned by a Google subsidiary, scans your entry against 70 antivirus engines and various security-related services, informing you if it’s known to be harmful or a false positive.

3. Exercise Caution with Unrequested Links

Social engineering often capitalizes on people’s trust. Scammers may not always resort to complex hacking techniques; sometimes, they create emails that appear genuine and design links resembling legitimate ones to deceive you.

If you receive an email that raises doubts, triggering a feeling of “Hmm, something seems off,” trust your instincts—your spidey sense is at work.
Even if the message doesn’t display obvious warning signs, it’s perfectly acceptable to be skeptical, especially if you’re prompted to click a link for an action you didn’t initiate. If in doubt, refrain from clicking the link. Instead, utilize a saved bookmark for the website or manually type the URL to complete the action you intended.

4. Avoid Paying for Security Tools Unnecessarily

Developers of security tools often leverage fear to promote their products. As part of this strategy, they strive to convince you that the built-in defences of your PC, Mac, or mobile device can’t possibly match the security their products provide.

This may have held some truth two decades ago, but it’s no longer the case. Most third-party consumer security software doesn’t significantly enhance safety, particularly in the case of widely marketed features like “Dark Web monitoring.”

Investing in software and services that provide better insights into user activities and network status might be prudent for business network administrators. However, it’s generally wise to save your money and rely on the built-in security features when it comes to your personal computer.

5. Refrain from Unnecessary PC (or Mac) Interference

The classic management adage, “If it ain’t broke, don’t fix it,” holds true in many contexts. However, a slightly different perspective is advisable when it comes to safeguarding your computer.

While drive-by exploits garner considerable attention, the unfortunate reality is that most malware infiltrates PCs because someone willingly installed it, often without fully realizing the risks involved. This can occur when individuals download cracked software from dubious sources or click on promoted links in search engine results, inadvertently acquiring a program bundled with adware or even malware.

The solution is clear: exercise restraint when running unfamiliar applications. For Windows 11 Pro or Enterprise users, there’s an excellent tool called Windows Sandbox. This feature allows you to set up a secure virtual machine quickly and effortlessly. This virtual environment is entirely separate from your main system, allowing you to safely explore sketchy websites or test unknown apps. Once you’re done, simply close the sandbox, and it vanishes, taking any experiments with it. It’s a valuable feature worth familiarizing yourself with.

It lets you set up a safe virtual machine quickly and without much trouble. The VM is totally separate from your main system, so you can safely visit a sketchy website or try out an app you don’t know about. When you’re done, you just close the sandbox, and it goes away totally, taking your experiment with it.

It’s a great trait that you should be aware of.

6. Employ a Password Manager

Given that I’ve discussed the importance of password managers extensively in the past, I won’t reiterate those points here. (For a refresher, you can review “Forgot password? You need a password manager for these five reasons.”)

However, the reality remains crystal clear: people struggle to create truly random passwords, and attempting to remember strong, unique passwords for various accounts is practically impossible and not conducive to your safety.

In fact, embracing a password manager not only simplifies your online experience but also enhances your security. If you’ve postponed this task because it seemed daunting, consider my three-step plan, which can be completed in 30 minutes or less.