Top 5 Internet Safety Rules & What Not to Do Online

Much of modern life is now happening online. Work, entertainment, banking, communication, and much, much more are now inextricably connected to the Internet, so it’s more important than ever to stay safe.

The Internet might be virtual, but the harm it can cause is very real.

Thankfully, there are a few simple and, more importantly, free Internet safety tips you could be following in your daily online activity.

Don’t use the same login credentials everywhere
Use two-factor authentication
Don’t give your password to anyone
Check the links before clicking.
Don’t download files from uncertain sources
Be safe out there

1. Don’t use the same login credentials everywhere

It is understandably convenient to use the same e-mail/username and password combinations for every account you use regularly, but this presents a real risk for your cybersecurity.

Even if you keep your credentials safely secured behind software such as KeePass or other encrypted password managers, websites are prone to database leaks.

They often include data such as e-mail addresses and, indeed, passwords. If you don’t vary your credentials, one such leak means all of your other accounts might be compromised and at risk of being used against you or at your expense.

Additional recommendation: use strong passwords. Many websites already require new passwords to have a combination of lower- and uppercase letters, numbers, and special symbols to help with the process. It’s also recommended to avoid using data that could be gleaned from your online activity, such as names of your pets, or important dates.

This way you shield yourself against brute force attacks and people stalking your activity for password hints.

2. Use two-factor authentication

Sometimes a safely kept, unique password might still not be enough to make sure you are the only person with access to your accounts. This is where using Multi-Factor Authentication comes in.

In short, with 2FA/MFA there is another layer of verification which takes place when you, or anybody else, try to access your account. There are many methods, depending on the service in question. They include, but aren’t limited to:

an automated phone call asking you to press a specific button
a text message with a code
a dedicated smartphone app connected to your account
fingerprint scans

With 2-/Multi-factor Authentication enabled, not only do you create an additional layer of security against potential threats, but also, unlike other methods, you will be notified when a login attempt takes place.

Additional recommendation: don’t take 2FA/MFA for granted. Always check if they come from a legit source and never confirm anything if you weren’t trying to log in anywhere. Especially text messages can be spoofed (sent from a fake number posing as a legitimate one), so be twice as careful if this is the only available authentication method for the given account.

3. Don’t give your password to anyone

While the tip itself is obvious on its own, the thing to watch out for are the techniques used by cybercriminals to manipulate people into giving their passwords away.

Frequently, they will use an appeal to emergency to make people stressed, and therefore more susceptible to making mistakes.

Messages warning about undue activity, alerts about data leaks, warnings about unpaid bills or taxes, perhaps even spoofed message from a family member, they can all put targeted people on high alert for the stated threat, while the phishing attempt hiding in plain sight is the real problem.

In all cases, it is essential to remember one thing: legitimate communications from services will never ask you for your password, or other login credentials. Whether it’s your MMORPG account being “hacked”, or your bank account falling victim to a mis-processed transaction, even if such an issue existed, nobody would ask for your data.

Additional recommendation: if you’re in doubt about the legitimacy of an alert or message, you can contact the customer support of the allegedly affected service and verify that on your own terms.

4. Check the links before clicking.

Links can be tricky. In many cases, they will be exactly what they appear to be, but it’s always a good idea to check several things:

Ensure that the URL is correct – check for misspellings or tricks such as using “rn” instead of “m”.
Make sure the domain is real – if a proper address would be “examplewebsite.com/mail”, don’t trust links such as “example-website.com/mail” or “examplewebsite-mail.com”.
Check the actual URL – before clicking on unexpected links, hover the mouse cursor over them and see if the URL that appears in a small box (often in the lower-left corner of the browser, or right below the cursor) is correct. A link that looks like “examplewebsite.com” might actually lead to “examplethreat.org”.

A malicious link might expose your device to a variety of threats, including ransomware and spyware, so take caution when you interact with any weird, unexpected links.

5. Don’t download files from uncertain sources

The final cybersecurity advice on this list is to avoid downloading files from suspicious websites.

It is sometimes difficult to judge, but a good starting point is checking whether the URL begins with “HTTPS”, as it is more secure than the regular HTTP. Another hint might be visually cluttered, noisy, confusing page layout, making it difficult to figure out which link is actually the correct one.

If possible, only download from known sources, such as the download section on the hardware/software producer’s download section.
If this option isn’t available, try to find out if the website was linked to in places where users can rate or review sources and solutions being recommended (upvotes, thumbs up, forum responses, etc.).

Additional recommendation: You should also exercise caution regarding e-mail attachments. Do not download or open files from unknown senders, and if you receive one from a seemingly familiar address, try to confirm that the person intended to send it – it’s possible they have fallen victim to cybercriminals themselves and their account is being used for finding other targets.

Be safe out there

These tips are the very basics of personal-level Internet security, and require nothing except time and caution.

If you are open to exploring increased safety measures, it is also advised to always have an antivirus active on your devices, to have a higher chance of spotting malware infections before they can take root.

A VPN (Virtual Private Network) might also be useful, if you care not only about immediate security, but also the privacy of your Internet presence.

However, as far as free, simple, and accessible prevention methods go, keeping these five tips in mind should help you avoid many of the most common threats present on the Internet.