I have been asked a number of times for some basic ideas to make surfing the internet, e-mail, and social media a little more secure, so I thought I would post my thoughts here. For those who are looking for some form of reassurance that the World Wide Web is a safe and secure means of communication, I’m afraid I may not be able to help.

The first thing to be aware of is that the internet is not a safe place. If most people knew the magnitude of the threat out there, they might stay away from the internet all together. We are constant attacked from computers all over the world. Some are attempt to grab information, some try to commit identity theft, some try to control your computer to send out further messages in what is called a “bot net.” If you have installed a fire-wall that can log attempted penetrations, check the log sometime. Most computers on the internet get probed hundreds (or more) of times a day by other computers looking to find a way in. Some are from people who know what they are doing, who program their own code and look for exploitable weaknesses, others are what are referred to as “script kiddies,” who log onto hacker websites and download open source software to break into your computer. The attacks can come from almost any country. Many of the vulnerabilities they find have either been corrected or are detectable by any good antivirus, but many people just don’t get around to fixing the problem, thus letting them in.

These are some of the tricks I either use, or know about, to keep information a little more secure. This is not an all-inclusive list, but a start.

1. Create a decent password for your online accounts. Don’t use your name, a simple word, your telephone, birthday, or anything simple to guess. A hardened password should consist of more than ten characters and use capital letters, small letters, numbers, and symbols. Change the thing on a regular basis. A secure password may be difficult to remember, and many people come up with a system. If you do that, don’t tell people your system. Don’t store your passwords on your computer or cell phone.

2. Use a different password for every account. That way if one gets compromised, you have not lost them all. I know this can be difficult as many of us have a multitude of passwords for different accounts, and many companies want you to log on and use their billing systems located online to pay your monthly bills. Try your best to separate them. Remember, each one of these accounts is associated with the transfer of finances and has your personal information. A little extra time is worth the security.

3. Do not share your passwords with other online applications. Facebook used to have app that allowed it search your e-mail address book for others on Facebook. All you have to do is give it your password. Problem is if someone gets into your Facebook, they can now access your e-mail.

4. Keep your e-mail address book on your local machine. That way if someone does get your password, they are limited as to who they can send messages to. It also makes it simpler to re-create it later. One method is to use a mail program on the local machine such as Outlook. It simply goes to your e-mail, pulls down the mail, and clears the server. It keeps all your addresses local.

5. Do not get too attached to your e-mail or social media account. Accounts out there are free, if one gets hacked, burn it and get a new one. Use it to send to all your friends your new address and the fact the last one got hacked. This is another good reason to keep that address book on your local machine.

6. Get a good virus detection program, and a good fire-wall. Keep them up to date, and use them. If they tell you something is wrong, listen to them. A good virus scan will have a link to a database which will tell you about the detected malware or intrusion, and what to do about it.

7. Strive for anonymity online. Don’t tell every online application who you are. They are computers, they will not be insulted if you don’t give them your full name, address, phone number, or date of birth. You are not required to do so, and if you are, you might want to re-think signing up for them, or at least ask why. Some of you might have noticed I have a weird e-mail address for standard correspondence: “wesany.” This came from Google asking my first name (I said Wes) and them my last name (I shrugged my shoulders and said “any”). When I give up on this e-mail, get hacked, or start getting too much spam, you will get to see a new e-mail: “weswhocares,” or “wesnoneofyourbusiness,” or maybe even “wesgojumpinthelake.”

8. Do not click the box on Facebook or your e-mail that says “keep me logged in,” particularly on a public computer system. This creates a cookie on your machine which tells the website who you are and to log you back in. If your computer gets hacked, I suspect the cookie can be too. Log in each time.

9. Know who you are talking to. Do not respond to e-mails wanting you to confirm your bank or credit card information, your password, or your pin numbers. Your bank is not going to close out your credit cards for not responding to an e-mail, and probably has a policy in place not to send an e-mail asking for it in the first place. If you have a question on something you receive, call them using a phone number you look up yourself (don’t use the one from the e-mail). That way you know who you are talking to. You also will not be notified by e-mail of outstanding warrants, tax bills, traffic tickets, or lottery winnings (how did these people get your email in the first place). Nobody is just going to come out of the blue and hand you great wads of money.

10. Last, for now, if you get an email from someone you don’t know, delete it. Don’t open it, just pitch it into the burn bucket. If it has a strange subject or no subject, burn it. If it is from someone you know and seems fishy (like I’m trapped in England and need money), check with the person by some other means, then burn it. Look at the address of the sender. If the IRS does send you something it will not have a .com domain (although even .gov can be spoofed these days) Look for foreign domains such as .ru from Russia, .cn for China, or .cu for Cuba. Do not click the links on these e-mails, and do not download the attachments. If it seems too good to be true, it is.

The thing to remember is to consider anything you post online as public, and can be seen by everyone (I don’t care if you have your privacy settings on “friends only”). If you have something you think is a scam e-mail there are plenty of sites online which will help you confirm it.

I’ll revisit this subject in the future, and hit on more specific threats and remedies. Till then, happy and safe surfing.