Hushmail’s Top 3 Private Practice Security Tips
We often get asked what are the most effective things you can do to protect your information and identity from online threats such as viruses and hackers. There are a few remarkably simple things that you can do to protect yourself from these threats. The following tips are part of our daily lives at Hushmail, and we believe they can go a long way to helping keep you safe online.
1. Keep your operating systems up to date
The companies that create operating systems are always on the lookout for vulnerabilities in their systems. When they find weaknesses, they (usually) issue updates quickly to fix them. That’s why it is essential to always make sure your operating systems are up to date—on your computer and smartphone. The irony, of course, is that when companies issue updates, it can be a signal to hackers that there is a weakness in the system. That’s why it’s so important to stay on top of updates as they come up, and to automate their installation when appropriate.
It is easy to ensure your operating systems and software are up to date. Use the built-in “software updates” features on your computers and devices to let you know when you need to download a new version.
Tip: To update software on a Mac computer, iPhone or iPad, open the App Store app, then click Updates. If you have updates available, click the Updates buttons to download them, or click Update All.
Tip: To update Windows and other Microsoft programs, visit the Microsoft Update website. You can enable Microsoft Update to provide regular updates of your operating system and software. Here’s how to enable and disable Microsoft Update.
2. Don’t use the same passwords for multiple sites, apps or subscriptions
The reason for this is that if a website is compromised, attackers may be able to use the user IDs and passwords they steal to unlock valuable information on other sites or services. Using the same password for many products and services is like giving thieves a skeleton key to unlock your personal information across the web. Unique passwords and passphrases make it difficult for bad guys to hurt you more than once. Also, consider that not all sites and services have the same high security standards. In essence, your password is only as strong as the weakest service you use.
Tip: Use a unique password for each online service. Often your user ID is your email address, so if someone has your email address and password, which you have used multiple times, they can use this information to gain access to different services you have signed up for.
Email passwords are especially important, because email is often used by all kinds of services as the mechanism to recover or reset your password. Make sure your email password is unique and unguessable.
Tip: A passphrase composed of a few random words strung together can be easy for you to remember and extremely difficult for hackers to guess.
There are many ways to manage your passwords to avoid using the same one for everything, while still being able to easily access sites and services—without keeping a list of passwords on a post-in note stuck to your monitor. One way is through a password manager service, such as 1Password, which we use here at Hushmail and which generates unique passwords and remembers them all for you. You just have to remember one master password that unlocks all the others. Some password management services can be integrated into your browser, to make signing in simple and fast all over the web. They can also automatically sync with all your computers and devices to enable a seamless, integrated setup.
3. Enable two-step verification
Two-step verification is a feature many email services (including Hushmail) and other sign-in systems use. It employs a two-stage process to authenticate your identity on new devices. It’s helpful, since passwords can be stolen.
Tip: If you have two-step verification enabled and someone gets the user ID and password for your account, they won’t be able to get into your account.
With two-step verification enabled, you are typically asked for your password first, then you are asked to enter a code, sent by text or email, which expires after a short amount of time. Two-step verification makes it much harder for non-authorized parties to access your account. To get in, they would need to have access to your phone or alternate email address, in addition to your user ID and password. It’s an added layer of security that has been shown to be quite effective in mitigating digital fraud.
In summary: Stay safe online by keeping your systems up to date, using unique passwords for each service, making a strong email account password, and enabling two-step verification whenever possible.