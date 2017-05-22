The modern guide to staying safe online

Keeping safe and productive online requires smart decision-making and just the right preventive measures to fit the level of risk you can live with.

The internet can be a scary place. Threats come in many forms, lurking in practically any corner. Worse, yesterday’s prevailing advice for staying safe online -- avoid dodgy websites, don’t traffic in stolen or illegal goods, interact only with people you know -- no longer holds. Phishing emails from supposed family members, spyware piggybacking on legitimate apps, well-known sites hijacked with malicious code -- digital safety clearly needs new rules to meet today's evolving threatscape.

Considering how much of our digital lives occurs online -- communications, financial transactions, entertainment, work, education, to name a few -- adopting even a few safe browsing practices can lead to broad benefits. And this includes how we deal with email messages as well, given how popular email is as a delivery mechanism for online attacks using exploit kits and malware.

Here, we provide a strategic guide for staying safe online, outlining what you can do to protect your data and privacy on the web, while remaining productive.

Understand your threat profile

With so many threats looming, it’s tempting to take the strictest approach by locking everything down, but the challenge is to balance precautions in a way that keeps you productive. For example, to avoid malicious JavaScript, you could just turn off JavaScript in your browser preferences -- except half the Internet would become nearly impossible to use. Have you tried using Gmail without JavaScript turned on? It isn’t pleasant.

We all use the web differently, and our risks vary drastically, depending on where we are, what we are doing, even what day it is. How security researchers stay safe online is dramatically different from a consumer who emails, uses Facebook, and watches Netflix. That in turn is different from a developer downloading new tools and frequenting forums for advice.

At a base level, you should regularly update all your applications -- not just the OS, but every application, especially your web browser. You should also switch your browser preferences to click-to-play for Flash if your browser hasn’t proactively done that for you. You should also deactivate ActiveX and uninstall the Java client on your machine. Unless you are using Java-hungry client applications, such as games or certain educational offerings, you likely don’t need Java anymore. Even major videoconferencing applications are shifting to pure HTML5.

You should also consider the combination of venue and activity. For example, performing sensitive transactions on public wireless networks can get you in trouble. The public Wi-Fi at your favorite coffee shop is not the place for online banking. Not even if you’re using an SSL connection; a man-in-the-middle attack is still possible over SSL.

Once you've got those basics down, you’ll need to consider what dangers you are most worried about, what assets you want to protect, who you interact with regularly, and where your data is stored. In the following sections, we break down these concerns to help you match your secure browsing practices to your threat tolerance -- the level of threat you’re willing to live with online.

