Ever been told you’ve just lost your job? How about ‘Hello…, this is the police – we need to advise that we’ve arrested your son’..?
That twisting feeling in your stomach when you hear those words is exactly what you’ll feel when you discover someone has illegally accessed your bank account and cleaned it out. Only worse.
The more we do online (Amazon, Apple, airline reservations, hotel reservations) the more confident we become. And confidence is not good when it comes to matters of security.
I’m still shocked by the lackadaisical attitude of so many people I speak to about the need to have strong passwords, and to take common sense precautions when buying stuff online.
Usually I’m talking to them in terms of securing their websites, but the need for a security mind-set expands to everything we do online: the cyber criminals are exceedingly smart and getting smarter all the time.
So here are two ways you can protect yourself and your personal data online.
Only transact on HTTPS websites
It was good to read recently that both Google and Mozilla reported that more than 50% of the sites visited through their respective browsers are now operating on the HTTPS protocol.
HTTPS is the modern, secure version of the HTTP protocol on which websites and web browsers operate. It encrypts the data travelling from your browser to the website you’re looking at, and so protects your personal data such as credit card numbers, usernames, passwords, etc.
Of course, the counter to 50% of websites running on HTTPS is that the other 50% are still running on HTTP.
The growth and increasing sophistication of cyber-crime, allied with 50% of websites still running on HTTP, means that we need to become ever more vigilant and aware of security risks.
You can check whether a site is on HTTPS by looking for the little green padlock just to the left of the address bar. Also, the address of the site you’re viewing will start with HTTPS, not just www or the domain name – as in this screenshot:
You want to be particularly careful about submitting any personal details (anything other than an email address) into any form on any web page that is not running on HTTPS.
In fact, don’t do it.
The second way to protect yourself is to use a VPN.
What is a VPN?
A VPN (and we’re talking here about commercial, personal VPNs, not corporate VPNs) encrypts everything between your computer and the destination server. Or, at least, between your computer and the VPN server to which you’re connected. And that includes HTTP websites, email and any other online transaction.
That makes it extremely difficult for anyone to intercept and read anything that leaves your computer.
Consider this: if you connect to the free Wi-Fi service to use your computer or cell phone in coffee shops, everything you send across that Wi-Fi network can be intercepted, read and stored by bad actors, because it’s all sent in clear text.
Using a VPN avoids that. You can still connect to the coffee shop Wi-Fi service, but your VPN will encrypt everything that leaves your device and use the coffee shop connection to create a secure link all the way through to your VPN server.
What is my VPN server?
Your VPN server is operated by your VPN service provider and can be located anywhere in the world.
When you activate the VPN service on your device it will give you a choice of locations from which to connect. Once you’ve made your selection, the service will connect your device to your chosen VPN server and everything that travels from your device to that server will be encrypted.
And you can select from locations anywhere in the world. As an example, when I’m in Hong Kong I often connect to servers in the US so I can watch Saturday Night Live.
So not only does a VPN encrypt everything that leaves your device, protecting your personal data, but it can make you appear to be somewhere else – in my case in the US watching SNL.
Why my sudden interest in VPNs?
Actually, it’s not a sudden interest, although it has increased – I’ve used VPNs for some years to watch TV programs that are restricted in my location.
But, as you will have seen, the Trump administration recently repealed a protection, initiated by the Obama administration, that would have prevented Internet Service Providers from selling your personal details to companies wanting to target you for advertising.
Since VPNs are in the business of protecting your privacy online they prevent your ISP from reading your personal data, so you can still protect it, and they have nothing to sell (of yours, anyway).
A thought: Internet Service Providers would have potentially millions of dollars to gain by selling your personal data. VPN service providers would lose their business if they did so.
If you then combine the use of a VPN with the use of a public DNS service, such as Google Public DNS, you can completely shield your personal data from your Internet Service Provider. I’ll cover public DNS in a separate article.
My increased interest in VPNs, therefore, was triggered by the Trump administration’s move but also by the increasing level of governmental snooping in the name of state security.
Here in Hong Kong the Internet is still free and uncensored. But the central government in Beijing is exerting its control over what happens here increasingly quickly and that, along with the Trump administration’s move, has prompted me to start using my VPN 100% of the time.
Where can I get a VPN and how will I know it’s a good one?
The simplest answer to that is to search online: ‘Best VPN service providers’ will bring you more results than you can shake a stick at.
But, as always, there are VPN service providers and VPN service providers. You want the good ones.
The best rule here is: ‘You get what you pay for’. So do not go for free VPNs or VPNs that compete on price. You should expect to pay in the region of US$100 a year for a good service, but then we are talking about protecting your personal data.
Review VPNs that compete on:
- Number of locations globally
- Reliability (read the user reviews)
- No bandwidth limits
- Number of devices you can connect to the account
These are much more important than price.
You may also have noticed the Trump administration’s recent attempt to get Twitter to reveal the individuals behind a Twitter account that was critical of the administration policies, and operated by government employees.
Twitter went to court and won – the individuals were not revealed, but there’s a lesson there:
Once you’ve narrowed down your top 3 or so potential VPN providers look for any that are headquartered in a jurisdiction that is out of the reach of big government. The British Virgin Islands is a good location (that’s where the VPN I use is headquartered)
Remember: VPN service providers are in the business of protecting online privacy, but there are still jurisdictions where they can be forced to reveal personal data by the government.
How I use my VPN service
A common complaint against VPNs is that they slow down the internet response times you experience. This can happen, for sure, but it can be minimised and, in many cases, eliminated completely.
The speed you get depends on the location you access. Connecting to the nearest location will, 99% of the time, get you the best response times. When I’m in Hong Kong I connect to my VPN provider’s Hong Kong server and the speed I get is exactly the same as when I’m not using the VPN.
Some VPN providers include a speed test tool which is great when you’re travelling: you fire up your VPN application and use the speed test function to locate the fastest connection point, based on your then current location.
So that’s what I do when I’m out of Hong Kong. For sure, the speed I get when I’m travelling is often not as quick as when I’m at home, but it’s still perfectly acceptable – and at least I know I’m secure!
So if you’re concerned about protecting your personal data online then, three points to ponder:
- Develop a security mind-set online – keep your eyes wide open and make sure you know where your personal data is going
- Don’t submit any personal details into a website page that is not operating on HTTPS
- Learn as much as you can about VPNs and sign up to a good, secure and fast service
If you have any questions by all means get in touch: