How to stay safe online

Before you read further, stop for a few moments and think about how many websites, accounts, apps, and services you log in to every day. How many have you logged into today already? LinkedIn on the way to work. Your email while you wait for your coffee (and you logged into your loyalty card app while you were there too). Your banking app to check if your direct debit came out on time. Facebook. Your Amazon account to order more food for the dog. That’s six straight off the bat. Just how safe is your personal information?

Every single day, we trust a huge number of online services with our personal data and log into scores of accounts. What would happen if you were hacked on any of those accounts and fully locked out? Or your life savings transferred out into the ether? We’d wager your life would fall apart just a little bit.

There are plenty of ways to stay safe online and keep your money and your personal information right where it should be. This is important stuff and it always bears repeating. Bookmark this article and read it every six months!

Update your passwords regularly

 
It’s the classic password conundrum. It’s got to be memorable enough that we won’t forget it and have to reset our password every single time we log in. But, it also has to be obscure enough that it can’t be easily guessed.
 
Most websites now ask for passwords to contain a minimum of 8-10 characters, including at least one uppercase, at least one number, and a punctuation mark. But we’re afraid OConnor2009! isn’t going to cut it. If your surname is O’Connor and you’ve spoken about your 13-year-old daughter on social media, it’s a guessable password.
 
Here are a couple of memorable yet hard-to-guess methods of setting passwords. We’ve been recommended these by IT managers and have reliably used them over the years:
 

• Pick a line from your favourite song. Use the first letter of every word in that line, plus a punctuation mark and a random number. For example, a line from Bohemian Rhapsody as a password might be: Sswydtf(9) This creates a password that looks like a nonsense, random string of letters, but one that you’ll recall with ease. Plus, you get to sing the line in your head every time you enter your password, which is a nice bonus.
 
• Your childhood phone number. The postcode of your first house. The number plate of your first car (but strictly not your current ones!). Everybody seems to remember theirs, and it’s personal enough that a stranger on the internet couldn’t easily figure it out.

Always enable two-factor authentication

 
More and more web services now require two-factor authentication. This method uses both a password and a second form of verification (eg. a text containing a unique code) to keep your online activity doubly secure.

Yes, it’s a faff. Yes, it makes logging into things fiddlier. But you’ll kick yourself if your password is ever compromised and you get locked out of your email, bank account or LinkedIn profile.

Be mindful of what personal information you post online

 
It’s good practice to regularly review your privacy settings on your social media accounts to make sure you’re only sharing your life updates with the people who you actually want to see them.
 
That said, be careful with the personal information you share online.

Think of it this way:
 

• Each time you post a birthday post, for you or for someone you love, you’re telling your followers their (or your) date of birth.
 
• Let’s say you post an Instagram story of your coffee with a caption that says you “come to this café every morning on the way back from the school run”. You’ve announced that your house is reliably standing empty (or where to look for you if they were so inclined to find you).
 
• You proudly share a photo of your grandkids on the first day of school standing outside the front door in their uniforms. In doing so, you’ve revealed the identity of the school they go to and, by association, the neighbourhood you live in.
 
• You join in on a post on a public Facebook page that says “your aristocrat name is Lord/Lady plus the name of your first pet, then your mum’s maiden name and the make of your first car double-barrelled”. Without realising, you’ve published the answers to three common security questions. We promise the momentary amusement you get from imagining yourself being addressed as “Lady Bubbles Champ-Ford” isn’t worth it.

 
You get the picture. We don’t say these things to scare you, and you don’t have to swear off social media. Just be mindful of the information you’re putting out there and who’s seeing it.

Never click on links in email communications claiming to be from your bank

 
If your bank contacts you via email – which many do regularly and legitimately – they will rarely ask you to follow a link to their site. If an action needs to be taken on your account, the email will usually ask you to log in to your account or call them, not to click through a link.
 
When you receive any communications from your bank that require you to check your account, open a new tab and go to the login page yourself. Don’t go via a link in an email. Where possible, avoid going via a search engine. The safest bet is to access your login page via typing the address in directly or by using a saved bookmark link.
 
Always check the email address. If in doubt, call them on a number that you know to be legitimate and get confirmation.

Look out for scams claiming to be from Revenue, AnPost, or any other delivery service

 
It’s very easy these days to dress up an email – and even a sender address – to look convincing at a glance. However, it’s always worth digging and checking before clicking on links from any emails you’re not expecting. They could be what’s known as a ‘phishing scam’. This is a fraudulent attempt to obtain your sensitive data such as usernames, passwords, or credit card information.

Common scams that go around regularly are:

• Emails and texts addressed from An Post. These claim that you’ve a package due to be delivered, but you need to pay fees or confirm details first. Sometimes it’s accompanied by a link to supposedly correct it or pay the imaginary fees.
 
• An email or text which looks like it comes from Revenue. These usually state that you are eligible for a tax or wage subsidy refund and request your personal information and/or card or bank details to complete the transfer.

The head of e-crime at Mimecast says:
“Do not respond to any electronic communication in relation to monies via email. And certainly do not click on any links in any related message.”

An official notice posted on revenue.ie in August 2022 says:
 

“The Revenue Commissioners never send emails or text messages requiring customers to send personal information via email, text, or pop-up windows.
 
Anyone who receives an email or text message purporting to be from Revenue and suspects it to be fraudulent or a scam should simply delete it. Anyone who is actually awaiting a tax or wage subsidy refund should contact their Revenue Office to check its status.”

And, finally, one way to stay safe offline too:
 
 

Don’t advertise your large purchases, gifts, or location to thieves

 
Have you ever seen Home Alone? Thieves are opportunists. If it’s obvious you’re away for an extended period or that you’ve got brand new expensive goods in your home (that huge Samsung TV box sitting out on the curb for recycling is a bit of a giveaway), you inadvertently make yourself a prime target.

Sure, it’s an effort to break down boxes properly or to take oversized ones to the tip. But at least you won’t be providing potential thieves with a nice kerbside catalogue of the contents of your home.

 
––––
 
Hopefully you’ve learned a thing or two about staying safe online. Pass on this information or share this article with your friends and family, so that they can stay safe and secure too.