We've all heard that clicking on links or attachments can lead to identity theft of sensitive, personal information. And while it's true - if you're not careful, you could be leaving yourself open to hackers and other dangers. But what most people might not know is the difference between "hacking" and "data theft". In this post, we outline the steps data security engineers recommend you take to protect yourself from these different types of threats.

What do data security engineers recommend for people who don't work in security?

Data security engineers are not your everyday IT professionals, so what do they recommend for parts of the population who aren't working in IT?

Data security engineer advice for regular Internet users
Data security engineer advice for regular Internet users

Step 1: Don't breeze through sites with suspicious links or attachments.

While some advice might be obvious - if you're on a secure, encrypted site, for example - for regular Internet users, data security engineers often urge people to take this one step further. In general, we suggest that individuals don't just treat a website as secure if they can't see that the website is encrypted with HTTPS , but instead assume encryption is there unless it's explicitly said otherwise.

What this means for you as a regular Internet user is that before you click on a link, you should pause and consider if the destination is where it says it's going to take you. If in doubt, search for the destination site to find out where it lives, then visit the site from there instead of clicking the link.

Step 2: Use two-factor authentication whenever possible.

Two-factor authentication adds an extra layer of security in addition to your password by asking for another "factor" to activate your account - most commonly, a number sent either via text message or generated by an app on your smartphone.

Using two-factor authentication, you get maximum protection of your data in your account, protecting yourself from both hackers who have your password and malicious advice that directs you to a fake login page. And once you're there, using two-factor authentication can stop attackers from taking over your account entirely.

Step 3: Update and patch applications

Computer security is a constant battle between developers on one side who are trying to make their applications as secure as possible and attackers on the other who are trying to exploit flaws in those applications. To keep up with the latest patches, developers recommend that users keep their software up to date with the latest versions - either automatically or manually.

Users also have a choice to control which applications automatically update. To stop them from installing unwanted software, users can opt out of automatic updates through their OS's control panel. And to ensure the latest security updates from their developer, developers recommend that users always install updates when told.

Step 4: Update your browser with new and fresh security features.

Since browsers are the foundation on which websites are built, regular Internet users need to keep their browsers current with the latest patches, features, and security fixes. And that means staying up to date.

For users who find themselves caught in an old browser, or for those who might have trouble keeping track of updates, developers recommend taking advantage of automatic browser updates . Then, when updates are available, the browser will notify you and you can update from there. With automatic patches and feature updates, your browser will ensure you're always current with the latest security features to protect your devices and information.

Step 5: Make good, informed decisions about what you share online.

With all the benefits of social networking and sharing, it's easy to feel comfortable sharing each other's information with a promise of trust.

  •  For regular Internet users putting personal information online for others to see, data security engineers think it's important to make sure that when you do share your information online, you're doing so for the right reasons.

  • The deciding factor here is whether or not you have control over the information and how to delete it from the site when you decide later that you don't want it there anymore. 

  • If you do have control over the information and can delete it from that site, then data security engineers don't see any harm in sharing.

If you don't have control over the information though and aren't allowed to delete it, then data security engineers think it's important to consider other ways of getting your point across - perhaps by taking a picture with your smartphone and posting that online, rather than posting another selfie or a picture of your cat.

Step 6: Encrypt your devices.

Regular Internet users who are constantly using smartphones and tablets are not only making themselves vulnerable to hackers when they're out in public but also at home with their devices. And data security engineers suggest that if users aren't already encrypting their devices, it might be time to start.

Locking an Android device with a password gives users a greater layer of protection over their phones and tablets. Encrypting laptops and desktops can also prevent someone in the same household from accessing your devices. And data security engineers recommend making encryption automatic for all of your cloud storage services like Dropbox and Google Drive since this makes recovery much easier should something go wrong.

Step 7: Be smarter about the apps you install.

While most mobile apps are smaller and more focused than larger software systems, it's still important for regular Internet users to choose the ones that offer security features over those that don't. And for those that do offer features, it's important to make sure they're useful and useful only in your specific situation.

Data security engineers suggest taking a look at reviews of any apps you're considering installing first - both those that are free and paid. Just because an app looks like something you might want isn't always the best reason to install it. After all, what good is an app that can protect security if it can't protect your information?

And finally...

These steps should keep your online information and devices secure. But sometimes, no matter how prepared you are, problems can still happen. For those times when things do go wrong, data security engineers suggest taking a look at cyber liability insurance. So long as you're not violating the terms of service of any sites or apps that you might use - or ignoring the advice of data security engineers - then your policy should protect you if something happens.