Security is usually not something people think about, unless it's already too late. We often forgo taking additional steps to protect even our most valuable online assets, due to sheer laziness. Everybody wants to get things done as fast as possible, causing them to act carelessly when it comes to online security.
In the past, I've had one serious security breach of my system. That one event forced me to take security more seriously and led to the formation of my current security practices. I'd like to share some easy steps you can take to protect yourself against the most common attacks.
My Security Fail
Around six or seven years ago, I liked to play some competitive online poker whenever I had some free time on my hands. For this, I often made use of some free tools that I could find on the internet. One time, I had just downloaded a free odds calculator from a pretty sketchy website. At the time, I didn't worry too much about it and just downloaded the app and installed it. Dumb move on my part.
As soon as I had installed the app, I received a NET SEND message telling me to log in to my Pokerstars account and send x amount of credit to another user. If I didn't comply, they threatened to get access to my account.
At that point, I knew that I had installed a trojan, specifically targeting Pokerstars users. I assumed that they there was a keylogger, which is why they were asking me to log in. I knew that if they had to ask, they were probably unable to gain access otherwise.
I solved it with a simple reboot onto an Ubuntu live CD and scanning the NTFS filesystem with a free Linux virus scanner (ClamAV). Luckily this wasn't a particularly sophisticated attack and everything was fixed pretty easily.
From that point in time, I've started to take security a lot more serious by changing quite a few habits.
My Current Security Practices
I don't tend to download that many random apps anymore, everything that's installed on my computer has been downloaded from trusted sources. Most of it is open-source software. If I do have to install some new app, I first run it in a sandbox environment and also scan it beforehand. This might be a bit of overkill for most people, but the point is that you become aware of what you download and install.
For all my online accounts, I use different passwords that are made up of random strings of characters. Using a password manager such as KeePass is generally a good idea. I also check regularly if any of my accounts have been compromised via Have I been Pwned. Regular password changes are advised, as well as using a different password for every different account.
I've always used Firefox as my default browser. There are a couple of plugins that I have installed by default. NoScript and uBlock Origin are great tools to prevent malicious websites from executing exploits. NoScript sadly doesn't exist for Chrome, but I can recommend either ScriptSafe or uMatrix. Make sure you always block Javascript, Java and Flash for any websites that you do not trust. A lot of websites do have critical features that do require Javascript, so you can whitelist websites that you trust.
I'm very wary of using any sort of public WiFi, because there's always a chance that someone performs a Man in the Middle attack. If I do use public WiFi, I'll do so through an encrypted VPN. Hackers can intercept passwords by sniffing packets through a malicious hotspot.
On my desktops (Windows & Linux), I'm running a firewall and lightweight antivirus. There are a lot of decent free options. Do note that antivirus software & firewalls aren't perfect solutions in any way.
Afterthoughts
It's impossible to be 100% secure when you're connected to the internet. All you can really do is, make sure that you protect yourself against attacks that are designed to affect many people. Most malware focuses on user error, meaning that they rely on you making some sort of error. Either by running unsafe software or handing over your login credentials through phishing.
Do share other methods of protecting yourself online. I know that my ways are far from perfect, but they will offer you a good basic protection.
