This story was originally published on by . ProPublica Cezary Podkul Ngô Minh Hiếu was once a fearsome hacker who spent 7 1/2 years incarcerated in the U.S. for running an online store that sold the personal information of about 200 million Americans. Since leaving prison, Hiếu has become a so-called white hat hacker, attempting to protect the world from the sorts of cybercriminals he once was. These days, Hiếu said, it doesn’t take much hacking to access sensitive details about Americans. Companies and governments routinely leave databases exposed online with little or no protection, , giving cybercriminals an easy way to harvest names, emails, passwords, and other info. as we’ve reported While in prison, Hiếu wrote an for the average internet user. As he and others have pointed out, it’s impossible to create an impenetrable shield. But here are some of his tips for how you can mitigate your risks, along with some other practical online security advice. online security guide 1. Stop Reusing Passwords Make 2022 the year you finally stop reusing passwords. Once a password is exposed in a data breach, , cybercriminals may use it on other websites to see if it grants them access and lets them take over an account or service. To help you generate lengthy, difficult-to-guess passwords without having to commit them to memory, use an encrypted password manager such as or . as routinely occurs 1Password LastPass These services, which typically charge $3 to $4 per month, also monitor databases of breached passwords, like , which can identify some passwords that have already been made public. Have I Been Pwned 2. Delete Unused Accounts Another benefit of using a password manager is that every time you create a new account at a website, you can log it in your password app. The app will track when you created a password and when you last modified it. If you notice that you haven’t used a website in a few years, and you don’t think you’re likely to use it again, delete your account from that website. It will mean one less place where your data resides. 3. Add an Additional Layer of Security Use multifactor authentication — which requires a second, temporary code in addition to your password to log in to a site or service — whenever possible. Some services send a six-digit code via text message or email. But the most secure method is to use an app that generates a numerical code on your phone that’s in sync with an algorithm running on the site. To make the process easier, you can download an app like that, like a password keeper, helps you generate and manage all your multifactor authentications in one spot. Authy 4. Manage Your Apps’ Privacy Settings A lot of the data about us that gets leaked consists of information we don’t even realize apps and services collect. To limit that risk, check the privacy settings for any new app that you install on your computer, smartphone, or other device. Deselect any services you don’t want the app to have access to, such as your contacts, location, camera, or microphone. Here are some guides on how to manage your apps’ privacy settings for and devices. iPhone Android 5. Think Before You Click Clicking on a link from a text message, an email or a search result without first thinking about whether it’s secure can expose you to and . In general, never click on any links that you didn’t seek out, and avoid unsolicited emails asking you to open attachments. phishing attacks malware When in doubt, hover your cursor over a hyperlink and scrutinize the URL. Avoid it if it would lead you to somewhere you don’t expect or if it contains spelling errors like a missing or extra letter in a company’s name. And for safer online browsing, consider paying for an antivirus tool like that helps you avoid online (or sign up for a extension). Malwarebytes suspicious URLs free browser guard 6. Keep Your Software up to Date Whether it’s your web browser or the operating system on your computer or smartphone, it’s always a good idea to download and install the latest software update as soon as it’s available. Doing so fixes bugs and helps keep your systems patched against the latest security threats. To make sure you don’t forget, turn on notifications for new updates or enable auto-update settings if they’re available. 7. Limit What You’re Sharing Online Some of the large collections of personally identifiable information that have been floating around online weren’t hacked or stolen: They were simply scraped from social media websites like or . If you don’t want a particular piece of info about you out there, don’t put it on your social media profile. LinkedIn Facebook Scrub anything you don’t want exposed in your profiles, and check the platforms’ privacy settings to see who can access whatever is left. You can also pay for a service like , which helps centralize and pursue requests to delete your personal information from various data brokers. DeleteMe 8. Secure Your SIM One technique that has become increasingly common in recent years is : A cybercriminal tries to dupe your mobile carrier into switching your number from a SIM (the memory card that tells your phone it’s yours) that you control to a SIM that they control. The goal is to commandeer your phone so they can get around multifactor authentication settings that protect your financial accounts. SIM swapping To guard against SIM swaps, contact your carrier to establish an account PIN, or follow these directions if you’re with . And if you switch carriers, change your PIN. Verizon, AT&T or T-Mobile 9. Freeze Your Credit Reports If you’re afraid that a scammer might use your identity to open a fraudulent credit line in your name, consider placing a freeze on your report. A freeze will to your credit report, meaning that no one (not even you) will be able to open a new credit line while it’s in place. restrict access If you decide to apply for a loan or a new credit card, you can always unfreeze your credit later on. Freezing and unfreezing your credit is free, but you have to contact each of the three major credit bureaus separately to do it. Here’s a . guide on how to get started 10. Back up Your Data Don’t assume that you’ll always have access to all your files and folders. Backing up your data can help you guard against virus infections as well as hard drive failure and theft or loss of your computer. You could use well-known cloud storage providers such as or to save copies of your data or buy a subscription to an that automatically saves your files and lets you restore them if anything happens. Dropbox Google Drive online cloud backup service All such services offer encryption, but if you’re afraid of storing your data in the cloud, keep an encrypted copy on a separate hard drive. Photo by on fabio Unsplash

This story contains new, firsthand information uncovered by the writer.

AT&T

Dropbox

Facebook

Google

Support Fearless Journalism

Jobs with ProPublica

Our Newsletters

Too Long; Didn't Read

Questions about cloud security? Get answers here.

A Former Hacker’s 10 Tips on Staying Safe Online

Too Long; Didn't Read

Companies Mentioned

Pro Publica

STORY’S CREDIBILITY

Original Reporting

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

A Former Hacker’s 10 Tips on Staying Safe Online

Too Long; Didn't Read

Companies Mentioned

Pro Publica

STORY’S CREDIBILITY

Original Reporting

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

RELATED STORIES