Skip to main content

For updates and guidance related to COVID-19 / Coronavirus, click here.


5 Tips to Stay Safe Online This National Cybersecurity Awareness Month

Kaitlyn Kiernan
He knows how to exploit weaknesses in every cyber system

These days, so much of our lives happen online. Email is more common than snail mail. Americans are just about as likely to shop online as at a brick-and-mortar store. And more than half of all bills are paid online.

"Traffic on open networks
can generally be discovered
by anyone else on that network,"
said Whitney Hewatt. "You
are better off using cellular
communications when possible."

We can get online pretty much anywhere we go and with most electronic devices we own. Even some refrigerators now provide access to the web.

Such pervasive online access makes cybersecurity more important than ever before, particularly given news of breaches and hacks every few weeks. This National Cybersecurity Awareness Month, we've got five tips to help you stay safer and more secure online.

Avoid Public Wi-Fi

Free public Wi-Fi may be convenient, but watch out—that convenience comes with risks. While public Wi-Fi might help you avoid data overage charges from your cellular provider, it can also be a ripe hunting ground for a hacker.

Avoid entering passwords or other personal or financial information into any website from a public network, be it at an airport or your favorite coffee shop or in a college classroom or hotel room.

"Traffic on open networks can generally be discovered by anyone else on that network," said Whitney Hewatt, a lead security engineer at FINRA. "You are better off using cellular communications when possible."

Even better: Turn off Wi-Fi on your cell phone when you leave home, work or other locations with trusted networks to prevent your phone from looking to automatically connect to other, unsecured networks when they are available.

Create Strong Passwords

A strong password is your best defense online, but shockingly few people take the need for a strong password seriously. In fact, about 71 percent of online accounts are guarded by duplicate passwords, according to a 2016 report by TeleSign, an internet security firm; and the average number of accounts protected by the same password is a whopping seven accounts.

Related: 7 Tips for Creating a Better Password

Ideally, a password should be at least 12 characters. It's a simple fact that longer passwords are more mathematically secure—and they don't have to be complicated to achieve that greater security. A 12-character password with only lower case letters has 95.4 quadrillion combinations compared to just 208.8 billion possible combinations for an eight-character lower-case password. Security experts suggest using a passphrase, which can be easier to remember than a string of random characters and numbers.

If you want to make your password even more mathematically secure, though, you can add in upper-case letters, numbers and special characters. A 12-character password with upper- and lower-case letters, numbers and special characters has 475.9 sextillion possible combinations, which makes it a lot harder to hack.

To do this, you can replace certain letters with numbers or special characters. For example, you could channel the fall season and go with "Pumk1n_$pic3"—though now we've ruined that one for everyone. You can use a password generator (there are a number of free options available), or pick a random sentence or phrase to use for inspiration.

Regardless of the length and complexity, your passwords should be unrelated to any of your prior passwords and shouldn't include any information easily found online, such as your high school, or the name of your pets or children. (Check out 7 Ways You Are Accidentally Revealing Your Password for more information.)

Be Smart About Where You Shop Online

At a time when 96 percent of Americans have shopped online, it's important to remember that the cheapest price might not be the best option if it comes from an unknown website.

Take some time to search around and verify that the retailer is legitimate and has positive reviews from purchasers. And when you visit a retailer's website, whether new or familiar, be sure you look for the padlock symbol in the address bar and the "S" at the end of "HTTPS" to indicate that the website is secure.

Similarly, before you download a new shopping app, check that it comes from a verified source. You can do that by going straight to the source to find the download. Visit the retailer's website for a download link. You don't want to find you've downloaded a fake app that looks just like a retailer's real app and end up giving away your personal information.

Watch What You Click

Similarly, it's important to watch what you click in your inbox so you don't fall for the bait of a phishing email.

You should check the URL of any link you receive, whether it appears to be a deal from your favorite retailer, an alleged fraud alert from your bank or a coupon for a hot new product.

You should also double-check the email address of the sender and not just the display name (as those can be spoofed), but the actual email address. Look for typos or a discrepancy in the top-level domain names such as .org, .com or .gov. Fraudsters will often try to mimic an email address to make a message look official, but swap out the domain name at the end of the email.

Keep Up-To-Date

Be sure to keep your operating system, software and apps up to date, and install any new updates as soon as they become available. That goes for your antivirus software too. Developers continuously find new vulnerabilities—weaknesses hackers may exploit to steal your data. Stay safe by installing updates that may be repairing a key vulnerability.

Subscribe to FINRA's The Alert Investor newsletter for more information about saving and investing.