Google Asked 230 Security Experts About How to Stay Safe Online

With recent hacking scandals plaguing the likes of huge corporations such as Equifax and TransUnion, web security has once again come to the forefront of the minds of many. Google recently published a research paper to identify the prevailing advice of the security community. 231 security experts were asked to name the top three pieces of advice they’d give to an average user to protect their security online. These were the top 10 pieces of unique advice provided by those experts:

  1. Keep systems and software up-to-date (90 responses)
    • “Always be updating (OS and applications)”
    • “Patch, patch, patch”
  2. Use unique passwords (68 responses)
    • “Different passwords everywhere”
    • “Do not reuse passwords on multiple sites”
  3. Use strong passwords (58 responses)
    • “Choose a strong password”
    • “Complex password for every site”
  4. Use multifactor authentication (36 responses)
    • “Enable multifactor authentication features, if available”
  5. Use antivirus software (35 responses)
    • “Use antivirus/antimalware software”
  6. Use a password manager (33 responses)
    • “Forget your password—use a password manager to remember it for you”
  7. Use HTTPS (24 responses)
    • “Use HTTPS if available”
    • “Watch for and understand why HTTPS is important”
  8. Use only software from trusted sources (20 responses)
    • “Execute only software coming from reputable websites”
  9. Use automatic updates (19 responses)
    • “Activate autoupdate”
  10. Be careful/think before you click (19 responses)
    • “Think before you click”
    • “Be careful what you click on”
  11. Don’t open unexpected attachments (19 responses)
    • “If you didn’t ask for the attachment, don’t open it”

Some examples of less common, but still interesting advice provided:

  1. Always browse in private mode, and delete cache after each browsing session.
  2. Always double-check the source of an email (the sender).
  3. Disable root certificates for entities that you would be alarmed to see certifying your bank’s login page.
  4. Don’t write down passwords.
  5. Don’t add absolute strangers to your social media accounts.
  6. Don’t click on ads.
  7. Don’t look for porn.
  8. If you notice anything suspicious, report it appropriately.
  9. If you travel, use the Tor browser from your encrypted hard drive.
  10. Install Microsoft EMET (Enhanced Mitigation Experience Toolkit) and turn the systemwide settings up to maximum.
  11. Let Gmail render your mail attachments instead of opening them locally.
  12. Make sure to set up account recovery options for your Google account.
  13. Never install or upgrade software from a popup screen.
  14. Unless you really know what you’re doing, you’re better off with documents in the cloud.