Anyone can master these top online security tips

Jun 22 2013 - 10:46pm


Concerns about online privacy have reached new heights since reports revealed that the U.S. National Security Agency has been monitoring millions of phone logs and social media accounts as part of several top-secret programs. In light of the revelations, many people are wondering how they can protect themselves from snooping.

I had the opportunity to talk with Steve Santorelli, a security expert at research firm Team Cymru and a former Scotland Yard detective. I asked him to share his own measures for staying as safe as possible while using the Internet.

Several days later, he sent me his tips. First off, nothing will protect you from government surveillance if a service provider agrees to cooperate in the investigation, he said. Those providers could include your ISP or Google.

However, that doesn't mean you should dismiss safety measures -- cybercriminals are a real threat. He recommended a few simple measures to protect your privacy online.

Here are Santorelli's top nine tips:

1. Software patches

Patch your OS and all your applications, especially your browser and plug-ins such as Java and Flash. "This one step will likely give you 90 percent protection, as infections, which lead to privacy compromise, often rely on exploiting known vulnerabilities in your operating system," said Santorelli. Set up automatic updates whenever possible.

2. Two-factor authentication

Use two-factor authentication for as many accounts as you can. This means you must provide both a password and a second form of identification, such as a code that's sent to your phone, to log in to an account. Most of the major free service providers, such as Twitter and Gmail, have enabled this capability.

3. Antivirus

Use antivirus software, and update it regularly. "While it's only about 30 to 50 percent effective, it's still well worth doing," said Santorelli. Many ISPs will give you a license for free. And there are several free apps.

4. Web browsers

Santorelli said that you can stay safe using any of the modern browsers -- Internet

Explorer, Safari, Chrome and Firefox -- as long as you update them "rigorously." You should remove plug-ins that can execute code, such as Adobe Flash and Java. This may not be practical in all cases, however. "Most people don't do this because they find the Internet very boring without these plug-ins," said Santorelli. You won't miss much with Java turned off -- the only widely used online applications that really need Java these days are Web-conferencing things like GoToMeeting. But many websites still use Flash for displaying video.

5. Scripts

Use a script-blocker plug-in for your browsers, such as the free No Script for Firefox or NotScripts for Chrome. These plug-ins will block many ads and many types of active content, such as pop-ups that occur when you hover over highlighted text and other elements based on JavaScript. This is a popular way for attacks to enter your computer.

6. Firewall

Use a software firewall on your system. Most modern operating systems, such as Windows and Mac OSX, include a built-in firewall, but you may have to enable it.

7. Password control

Do not use the same password for everything. Santorelli recommends using a password-management tool, such as RoboForm Everywhere, to generate different passwords for each of your accounts. At the very least, he said, have separate sets of passwords for different types of accounts: one for banking accounts, one for free email accounts, etc.

8. Mobile-app permissions

"Beware of mobile apps that ask for massive control over your device, far in excess of what could be justified for what the app apparently does," said Santorelli. For example: Why would a game need access to your photos and contacts? "Remember, if the app is free, that sometimes means that (your information is) the product being sold," he said.

9. Linked accounts

Beware of online accounts that link to other accounts. Many Twitter apps do this. Once you stop using these apps, they represent a forgotten route into your Twitter account, said Santorelli. "Do a quick check, and you might be surprised how many forgotten apps have access to some of your accounts," he said. "Delete them." To see the apps that access your Twitter account, visit -- the length of the list may astound you.

According to Santorelli, if you protect yourself from the traditional acquisitive criminals, who are using the same tools as folks with less traditional motives, you are going to be as safe as you can be online.

Ogden-based guides consumers by comparing products in the world of technology, including electronics, software and Web services. Have a question for TopTenREVIEWS? Email Leslie Meredith

From Around the Web