Avoid connecting to unencrypted wifi networks, such as those at Airports, Coffee shops, Malls and more.If the wifi network doesn’t have a lock icon next to it, than anyone physically near the wifi hotspot can see all of the traffic for everyone connected to it. If you must use public unencrypted wifi, use a VPN that doesn’t allow internet traffic from your desktop until you are securely connected. Otherwise as soon as you connect to a public access point, your computer may send sensitive personal information to a 3rd party, for anyone in the local area to intercept.
Use a privacy screen on your laptop, mobile device and tablets. Shoulder surfing is a problem and can leak sensitive information. You may have your font set very small, or you may be flipping through information so fast you don’t think anyone could realistically read it, but keep in mind that just about everyone these days has a small, fast and high resolution camera in their pockets. It’s trivial to take a series of photos from a row behind you in an airplane. With those pictures, someone can see exactly what was on your screen for even a split second. Someone can also record you typing a password and reconstruct which keys you pressed.
Never post a photo that has your house, car, office, or any type of physical key in it. A photo of a key is all it takes to reproduce that key and open the lock it belongs to. Think of it as a Where’s Waldo game, where every photo you post needs to be checked for keys. Obviously the same goes for photo ID’s, passports, checks (make sure if you depost checks with a photo, you don’t have an app that automatically posts all your photos to a public album), social security cards, etc… Make sure that whatever you post a picture of, your fine with anyone in the world having any information that can be taken from it.
Passwords are obviously important. Specifically for the accounts that receive password reset emails. You should make sure that you have two factor authentication and a strong password on any email services or mobile phone accounts. You should do this for all accounts, but those are critical accounts that once compromised, could lead to all other accounts becoming compromised.
Install a plugin that forces your browser to use SSL whenever its available. SSL can cost a company money to support, so they may not want you to use it for absolutely everything, however they won’t stop you from doing so, they just won’t make it happen by default. Installing a plugin that identifies sites that support full SSL and forces the browser to use it, ensures that as much of your private interactions online stay private.
Don’t access personal accounts at work or school. Many large networks employ proxies that intercept all communication to and from the network. It is theoretically possible that if you login to your personal facebook account at work or school, that someone in that network will be able to recover your credentials and hijack your account. We would all like to believe that those responsible for running these networks are ethical and would keep this information private and secure, and wouldn’t use it for abuse, but user’s should be extra cautious nonetheless. At worst, the company could get breached and that information could inadvertently end up in the hands of an attacker.
Never email sensitive personal information. Theres a few reasons. One is that emails aren’t encrypted as they pass from provider to provider. As such, its possible someone could intercept the email without you even knowing and see the contents. Second reason is that emails are permanent, or at least they should be treated that way. You have no control over when the person on the other end will delete the email, and you have no control over how much security they place around access to their email. In other words, even if the recipient is completely trustworthy, its possible that your information could get leaked on their end. Finally, if you have a bunch of old emails in your account, each with personal information, and that email account gets compromised, it becomes trivial for an attacker to harvest all your sensitive information from your email history in one sweep.