Online Safety, Security, and Privacy

Online safety (including both keeping your online accounts secure and protecting your privacy) is an expansive task and one that has rules changing all the time. Our daily lives now require a quite robust online presence: classes tend to have an online component even with face to face, keeping up family members tends to require social media, banking is done online, dating is done online, etc. It is impossible to be completely safe when there are so many pieces to juggle (and so many of the pieces are handled by third-parties, such as Google and Facebook, who you have to trust to do well by your information), but there are some broad tips and concepts to keep in mind to help reduce your stress levels and to improve the quality of your online safety. 

First things first:

If you are being targeted by an online attack (either repeat phishing attempts, attempts to hack your accounts, or online stalking), contact folks that can help! If you find things that are wrong with your account, or find evidence that someone has managed to get a hold of private information, always consider reaching out for help.

This could be an email to helpdesk@uah.edu (for OIT/Tech help for UAH students, faculty, and staff) or even contacting the campus police or a counseling center. Also look to the websites/accounts being attacked and let them know about the attack since many have some sort of built in protections and often have people who can help with such situations. 

Other "immediate" tips:

• If you see transactions not authorized by you on your bank, credit union, credit cards, or sites like PayPal, let those services know immediately. 
• Change your passwords [both on that site/account and any that share a password] if you have any suspicion your account was compromised. If you cannot because your password has already been changed by the attacker, then click "Forgot Password?" immediately to try and have an email sent to you. 
• Consider changing your privacy settings (at least temporarily) to prevent unwanted users from seeing your data until you can make more permanent solutions.
• You can block users that are harassing you, but note that some will make new accounts, etc to get around such blocks. If you do block them, do not engage in repeated attempts, merely report. 

• Be aware: of user names, URLs, changes in site design/language, the unusualness of the request or delivery method, similarities to past attacks (often attacks use things you trust to trick you into thinking it is safe). 
• Use the tools available to you: security applications, password updates, privacy settings, links/buttons to report suspicious activities.
• Keep things up to date: browsers, phones, tablets, virus protection
  (security updates often quickly respond to known issues).
• Think about what you are sharing/doing before you do it: personal information on social media, personal account information via email, sharing untrusted information to others. 
• Trust your instincts but there is always room learn more and get better: if you feel doubt or it seems unusual, it might very well be, consider your past mistakes and the mistakes of others, read information about the topic ahead of time.

These are 10 basic tips for staying safer online. These will not fix everything and always protect you, but they will help. 

#1. Passwords. They can be annoying, perplexing, and seemingly immediately forgotten when you need them the most to log into an old account, but passwords are vital to the core of your online security. Step one to keeping accounts secure and safe is to develop good password habits such as making strong passwords, updating them regularly, and keeping them unique. See our Passwords guide for more information. And be very careful with sending even close friends or family your password unless you take some steps to protect your account. 

#2. Think Twice, Click Once (or Not at All). Double check anything you are about to click. In other words, pause a second and look it all over. Do not click through error/status messages automatically. Is someone asking you send them your social security number (a big red flag) or your credit card number or account login information through a less-than-secure means? Does the offer sound too good to be true [and how did they know to contact about you that amazing job, anyhow]? Are they asking you to submit to0 much personal information? Does something seem off about the email you got from a friend? Just take a moment before you follow-through. 

#3. Use the Tools Available To You and Keep Them Up to Date. Such tools include privacy settings on your social media accounts, virus protection on your computer, security updates on your computer/phone, password managers/generators, two-factor authorization apps, and more. The sites, devices, and applications you use often have ways to protect you and its good to find out from the first what they offer before you find yourself compromised. And always, always keep them up to date. 

#4. Be Aware of Your Accounts. Check your social media accounts, your email accounts, online store account, and bank accounts (etc) regularly. If anything looks strange to you or out of place, then change your password (and any other website's password that is the same). Consider deleting old accounts that you do not care to keep up-to-date. It is better to remove old, stale accounts than to have them sit around as a potential safety issue. 

#5. Be Share Aware. Be careful with sharing information about trips out of town, information about your security system, the bank you use, details about your past/present that might be used in security questions (Facebook chain quizzes where you are prompted to share stuff like your first pet's namecan cause quite a few problems), your class schedule. If you do share these things, make the posts/etc containing them private to just you and select friends. This also goes for information about your friends/family/coworkers/etc. Do not share their location/details without their permission and ask them to respect your wishes for the same.

#6. Note the "URL/Source" When Doing Online Activity. Pay attention to the URL. Did you get an email from "your bank" that has an email address that has nothing to do with your bank url? Were you on a trusted website but now you seem to be on a completely different website? Did the styles/backgrounds change? These things are not necessarily a sign you are being compromised/tricked (plenty of sites use third party sources to do lots of things) but it is a sign of caution, at least. 

#7. Be Careful with Permissions. When installing an app on your phone or taking a "See what you'll look like in 30 years!" quiz/game on social media, be aware of the permissions you are given the app/quiz/game creator. Sometimes you are exposing your contacts, your personal details, your email address, and the ability to post things for you. Like #4, this does not mean there is an automatic issue. It is a regular part of online activity. Just be more aware. 

#8. Note Changes in Spelling/Wording or just Changes in "Personality" from Supposedly Trusted Sources. Sort of a continuation of #6. If a professor emails you and asks you to open some file, but the email is worded completely differently, it can be a flag. If a friend suddenly starts asking you oddly personal questions on chat, someone else might be in charge of their account. When it doubt, contact them via another way and confirm who they are. 

#9. Make Backups and Plan Ahead. In the case that you do lose access to your account, have backups or another method to contact people. Write down phone numbers on the back of your credit cards (et al) so that you know who to contact even if you lose your wallet/purse. Do not rely on your phone's contact list to get in touch with the people you need. Back up important files to reduce the impact of ransomware. If you do get attacked/compromised, have a contingency plan.

#10. Keep Your Physical Setting in Mind. Are you on a public computer? Can people see what you do on your phone? Are you logging into an account while streaming to Twitch or giving a presentation? Are you in a hurry and less able to take time to double check things? There are times where caution is needed even for "regular" security activities. If you are more exposed than normal, or less able to be diligent, then maybe avoid doing certain online activities.