Cut through the FUD in online security tips

In light of social movements and political upheavals around the world this year, there have been a spate of articles lately touting security tips to keep you, your information, and your contact list safe in a potentially inhospitable climate. But when you’re surfing around the web, you’ll come across as much FUD – fear, uncertainty and doubt – as you will useful suggestions to help keep you safe.

There are certainly many real threats to people living in nations where their identity, religious or political views could put them in danger, and understandably there’s also growing concern to many people around the world regardless of their nationality or political alignment about privacy and government surveillance.

This is not to trivialize these serious issues. Instead, let’s address the FUD.

If you have the desire or aptitude to commit to the security tips you see online,  if you have concerns about your privacy, and/or if you are the member of a marginalized group, certainly I would encourage you to take the more advanced tips seriously.

I do realize though, that many people can feel overwhelmed by the level of advice put forth. There is an element of FUD in many of the posts being shared that may make many readers feel like there’s little hope out there, and that many of the tips are for “tin-foil hat types” and there’s little else for folks who aren’t quite at that level. (Yet.)

The reality is that everything is a trade-off.

Assess your own risk and your comfort with risk to identify what security measures are relevant to you

What’s at risk if you don’t take a certain precaution? Is it something you can live with, or are the stakes too high? There’s no simple answer: it’s all about weighing the pros and cons, along with your own risk factors and appetite for risk.

For example, should you send all your text messages with end-to-end encryption via a specific app?

The risk is that by leaving text messages unencrypted, they could be potentially intercepted – a hacker, or a hostile government.  Encrypting your messages ensures that only the intended recipient can read them.

This may not be worth the hassle for you if you don’t care who potentially is reading your text messages. But if you want to absolutely safeguard the privacy of your messages, as well as potentially the identity of the message’s recipients, this precaution could be a no-brainer for you.

Make sure you understand what’s at stake for you, your family, your finances or your business if the worst happens.

The effort for security precautions can range from easy one-time changes to bigger, long-term shifts in habits – so be prepared 

Security takes work. Doing nothing is so much easier than doing the work needed to make yourself more secure. This is not to talk you out of doing what’s right and what’s safe, but it’s good to be realistic about the level of effort involved, and to be sure you will stick with the precautions you put in place so they can maintain their efficacy.

Just because you might not understand the technology or have even heard of the security measure doesn’t mean it’s something you can or should ignore.

You need to use good judgement here of course, but try not to let your eyes glaze over when you hear terms and acronyms you don’t recognize. It’s worth doing a little internet sleuthing if there’s a term you’re not familiar with before ruling something out.

So, digging past the FUD, where should you start? Regardless of your personal threat profile, pretty much everyone would be well-served by following these basic security tips:

• Keep your computers, phones, security programs, and apps up to date
• Mind what you click and avoid phishy links
• Safeguard your privacy on social media
• Use strong, unique passwords
• Enable 2FA wherever you can
• Use a VPN, especially when on a public network and when traveling
• Make sure you’re connecting to websites using HTTPS, especially when logging on to a web service

This is just the beginning, of course. If you’re already doing all these things, or feel that they’re not enough to address your specific concerns, by all means it’s time to take additional measures to safeguard your security and privacy. What about end-to-end encryption on SMS, and on all your devices? Changing your DNS? Avoiding all Internet of Things smart devices? Using burner phones or laptops?

There is no one-size-fits-all answer. Internet surfer, know thyself.