There is no real excuse for not using freely available protection mechanisms out there. Sure, it may prevent you from going to the places that you are probably better of not going anyway but it would also save you a lot of trouble trying to recover from a bad state. While a lot of the attacks favor Windows platform, even the linux, Mac, android and iOS users should technically benefit from having an Antivirus and Antimalware tools installed.
Antivirus and built in firewalls
Windows comes with Defender and firewall built in, but there are several very reputable Internet Security suites available in the market. In the paid segment, McAfee, Symantec, BitDefender, Trend Micro and Avast have strong presence. Even if you don’t want to pay, Avast and AVG has good free solutions that allows users to stay safe. Sure, the paid versions comes with a lot more bells and whistles, but depending on what you do, it may or may not add much value. Many of them make solutions targeted for Mobile devices as there is an increasing number of threats focussing on Mobile devices and operating systems.
Pick one that has real time and periodic scanning so that it can catch things as they come in. It is not always guaranteed that they will catch all the new ones. Every time an AV solution catches on, the attackers and Viruses find ways to work around them. It is always a cat and mouse game between the AV and the Attackers.
Browsers and Plugins
In today’s world, Chrome, Firfox and Safari probably fares better in keeping the users safe. Browser alone can’t protect you much as the Trackers, Adwares and Malwares hide in a lot of different places and forms. Luckily there are some good browser extensions that can help us with this. Checkout uBlock Origin – which is my personal choice at the moment. Others like AdBlock, AdBlock Plus etc has been around for a while as well. They are extremely helpful when you land on sites that overdo the Ad and track thingie.
As I mentioned before, I fully support sites doing a bit of ads to make money and I do turn off my uBlock for some legitimate sites I don’t mind getting a bit of Ad revenue. If your site just dumps more Ads than content, I am sorry, I am keeping it. Want to block me for doing it? Feel free, I got plenty of land to cover in the Internet of things 🙂
Similar apps exists for Mobile devices as well. 1Blocker for iOS and AdAway for Android are well reviewed applications that provides some level of protection from tracking and Adwares. There are also security minded browsers that you can probably use, but may not be the best supported browser in your favorite sites.
Use a Password Manager
We all have sinned in the password land in the past. In a world where the breaches and attacks are mounting, there is no more excuses to make to not use one. Some browsers (Like Safari) provides a built in password management option, but it may be better to get one that securely store the key file using a strong encryptions standard like AES 256.
There are plenty of good ones out in the market. LastPass, KeePass, 1Password and Dashlane are well reviewed and time tested password managers. Read up the feature list, reviews etc and pick your choice of manager based on what you use. This will help you to truly have one master password and unique passwords for all those sites. This will not truly avoid your credentials to be compromised, since it could still happen if the website you have the account with gets breached. This will help to ensure that that single breach did not expose your credentials to several other places that you used the same password and login in.
Consider enabling and using Multi Factor Authentication
Many modern websites allows you to use a second check to ensure that it is truly you who is attempting to login by using Multi Factor Authentication methods. They come in several forms – One time passwords or codes sent of SMS/Text Messages or email, Google and Microsoft’s Authenticator app profiles, RSA soft tokens that gives you a time based pass code, Hard tokens, Yubico’s famous YubiKey series are some examples.
While the email / text ones are proven to be intercepted or can be social engineered to gather them in real time, adding a secondary authentication challenge should be a no brainer if the site you are in is offering that. For greater protection, YubiKey is certainly is very useful. You can also use the Yubikey to login to your computer using a touch too. YubiKey can also integrate with password managers like LastPass and Dashlane. For NFC enabled Android devices, Yubico offers NFC enabled Yubikeys as well.
Most of the Social Media and Banking sites offer (or at least SHOULD offer) the ability to add one or more of these and if that is an option, don’t hesitate to add that on. It costs you almost nothing to set it up and use and the benefits it offers is timeless.