By now, almost a year into COVID-19 life, we all know to take at least 20 seconds when washing our hands. What if we had similar rules for practicing better “internet hygiene” habits? 

For example, what if we took at least 20 seconds before we responded to a political post online or at least 20 seconds to read through an email before clicking on a suspicious link? 

If you’ve never heard of the term digital hygiene, it simply refers to the process of keeping your digital identity clean and your online accounts organized.  In fact, it’s a topic we’ve covered both on our blog and on our podcast, GhoSTORIES with Franz & Pete. Good digital hygiene can include things like deleting old social media accounts, removing a saved credit card from online shopping sites, organizing your inbox, or even taking stock of which new services can help to improve your digital security. 

Internet hygiene is also a personal responsibility to behave kindly online (this is known as your digital reputation), so review posts you’ve been tagged in and limit the types of posts you make in the first place. Remember that almost anyone can access your digital footprint, including family, friends, neighbors, schools, and potential employers, so think twice before you (over)share online. 

Internet Hygiene FAQs

Here are some of the top frequently asked questions we’ve heard recently. We hope these FAQs will help to clean up your digital footprint.

Q: What are some data privacy trends in 2021? 

Social engineering attacks will continue to be something to watch out for this year. Although the entire world seemingly went remote and moved online last year, internet security didn’t move at the same fast pace. In some instances, your online safety even took a step backwards as otherwise-stringent online privacy rules were loosened to accommodate the new normal of “virtual everything.” The bad guys have been leveraging the COVID-19 crisis by luring victims with phishing emails and domain spoofing. Distracted people are often the weakest link in cybersecurity and that’s why social engineering attacks — like falling victim to a scam — are increasing. Phishing emails often look legitimate and prey on either your short attention span, your fears, or both. Using the hand-washing analogy, this is where you should take at least 20 seconds to enter a company’s URL directly instead of clicking on an ad or link. Think twice before clicking on links, since it could be a scam. 

Q: Just how easy is it to fall for domain spoofing? 

Very easy. Domain spoofing is a common form of phishing in which an attacker appears to use a company’s domain to impersonate a company. According to the FBI, these types of scams have cost $26 billion over the past six years. Usually, the spoofed email or website will include the visual design of the legitimate business (logos, branding, colors, etc.) which makes unsuspecting people feel safer entering their financial details or other sensitive information that the attacker intercepts. So take at least 20 seconds to look for awkward phrasing, an incorrectly spelled email address, or other subtle forms of phishing before replying to anyone online — if something sounds unusual from a trusted friend or long-time retailer you’ve used before, reread the email and pause before proceeding. 

Q: What exactly is HTTP vs. HTTPs?

When you’re browsing the web, be cognizant of where you’re going and look for the lock before you send personal or financial information online. HTTPs — the equivalent of lathering the soap of “internet hygiene” — means the web page is secure. If a browser is unlocked or open, it means the website hasn’t been acknowledged by the browser, making what you do more vulnerable to getting hacked. While most sites nowadays use HTTPS, if you get an error warning, proceed cautiously. Figure out why the website wouldn’t be HTTPs. Websites are trying to lock down and be strong, since many data breaches years ago happened because of unsecured third-party scripts on their websites.

Q: If I’m using HTTPs, do I still need to use a VPN?

Yes. A virtual private network (VPN) is essential to practicing good internet hygiene, and here’s why. A VPN is like a secure tunnel that will encrypt your internet traffic, making what you do on that network private and anonymous. It essentially runs in the background as an extra layer of protection against cybercriminals. Without a VPN, your Internet Service Provider (ISP) can trace your activity. You can sign up here to try out Ghostery Premium, which intercepts and blocks trackers in your desktop applications and encrypts your connection with our VPN.  

Q: Is multi-factor authentication the same as 2FA?

Yes, multi-factor authentication is sometimes referred to as two-factor, 2FA, or MFA. Multi-factor authentication is simply the process of using two different methods to prove your identity and isn’t entirely new — think of how you already use your debit card and enter a PIN. Turn on multi-factor authentication on as many accounts as possible, as 2FA can protect your various online accounts by making it more difficult for a cybercriminal to access your accounts. As you know if you’ve used it before, you enter your password and then wait for a one-time code to arrive via email or SMS, but it can come in other forms, like facial recognition, fingerprint, or the use of a token-based authentication app like Authy

Q: Is it really worthwhile to delete old accounts? 

Yes, it’s absolutely worthwhile. Your email address is part of your digital identity and often linked to a plethora of online accounts. Learn which companies have access to your information and keep it to a minimum. Take an inventory of your most used apps, websites, and account logins. Where do these live and how often do you access them? Sign into those old accounts, delete any personal data (address, birthdate, stored credit card, photos, etc.), and then check the settings to delete your account. To further improve your digital hygiene, unsubscribe from emails that are no longer relevant. Reducing random “clutter” in your inbox decreases the chances that you’ll respond to some type of phishing scam or hoax.

Q: What exactly is a passphrase?

A passphrase is essentially when you pick three random words that mean nothing to anyone else and then throw in uppercase, lowercase, and symbols. Most people tend to use the same traditional password on multiple accounts when they create an account. Make it more difficult for cybercriminals to access your accounts — mix up your special passphrase with a combination of letters, capitalizations, numbers, and special characters. 

Q: Is a password manager worthwhile? 

Yes, a password manager can be very useful. It’s an app that will store and encrypt your login information. Many password managers offer browser extensions that let you autofill login fields when accessing your favorite accounts. This way your password always remains encrypted. Another tip to protect your accounts? Consider creating different usernames on websites/forums/accounts — along with the different usernames you should also have unique passwords. We recommend LastPass or Dash lane as your password manager and password creator. 

Q: Does a security update mean that my device wasn’t secure before? 

Not exactly — sometimes when we get notifications to do a system update, it just means that the update is adding an important security patch — or a new “lock” to keep the bad guys out. When your device recommends a system update, don’t ignore it, because taking the time to perform security updates is a big part of keeping your digital identity squeaky clean and extra safe.

Final Thoughts 

Good internet hygiene involves asking yourself some security planning basics: what do you want to protect and what are the consequences of inaction? 

You should become more cognizant of what you’re downloading or accessing. Consider adding an anti-tracking tool to ensure that no personally identifiable information (PII) is sent to third parties while browsing. Remember, when your personal data is sold to the highest bidder, it also increases the chances of your PII falling into the wrong hands. 

If you’re ready to block trackers and browse more safely for free, Ghostery’s Privacy Browser has a built-in anti-phishing security feature and detects up to four times more phishing attempts than Google Safe Browsing. In addition, you may want a tool to shield your personal data across your entire computer and apps — you can try out Ghostery Midnight for device-level security for email clients, creative software, task apps, entertainment and music platforms, and more.