Cyberattacks, Ransomware and Scams: Follow This Checklist to Boost Your Privacy

As Russia's invasion of Ukraine escalates, the risk of global cyberattacks intensifies. The FBI has recently warned private industry and US infrastructure leaders about the threat of ransomware and other online security attacks arising from the military conflict, per CNN.

There's no similar warning for individual citizens, but the heightened global risk marks an opportune time to evaluate and upgrade your own online security practices. Whether you're new to online privacy protection or a security-software veteran, run through our cybersecurity checklist to make sure you're optimally protected.

For more on the conflict between Russia and Ukraine, see how the war could affect the US economy, find reliable Twitter accounts reporting on Ukraine and learn how cyberattacks in Ukraine could impact the entire world. 

For the newcomer

Use a password manager

If you've heard one piece of internet security advice, it's this: Create strong passwords unique to each of your online accounts, change them routinely and never reuse old ones. Most browsers will automatically offer to store your passwords when they see you log into a new site. Don't take the bait, and don't waste your time trying to memorize them all. Instead, put a secure password manager to work.

One excellent option for securing your passwords is Bitwarden, CNET's pick for best free password manager. Bitwarden works on all major platforms and web browsers. Its free version includes a random password generator and lets you store unlimited logins, notes and cards in an encrypted vault that's available to as many devices as you like.

Bitwarden also provides a breach feature that scans your stored accounts and sends alerts when security breaches occur at any of them. Catching a hack of a website or e-tailer early and updating your account credentials can ease your mind and save you from potential headaches.

Whilte Bitwarden is an excellent free option for managing passwords, it isn't the only player in the game, CNET's list of best password managers can get you up to speed on the top products for keeping your authentication information secure.

While you're beefing up your login practices, consider enabling two-factor authentication for your social media and email accounts. For sites like Twitter, Facebook or Google, enabling this extra layer of protection means you'll be prompted on login to enter not only your password but a secondary form of authentication, often a single-use SMS security code sent to your mobile phone.

Adopt encryption

Simplified encryption apps on your cellphone offer privacy by scrambling your communications so anyone who intercepts them is unable to read them -- as long as both the message sender and receiver use encryption properly. Though there's debate about the comparative security strength of different encryption apps, the perpetual quest by governments and intelligence communities to break or ban them stands as a testament to their overall effectiveness. You don't have to understand exactly how end-to-end encryption works to benefit from it; you just have to get moving on installation. 

Start with Signal, the free and open-source software application for desktop, Android and iOS. You can use it to make encrypted phone calls, send texts, video and pictures. To use it, both you and your message's recipient need internet access on your mobile device. And Android users have the option of making Signal their default messaging service. 

And why stop with your phone when you can encrypt your messages on all digital fronts? There are suites of possible apps offering degrees of privacy for video chats, hard drives, email and more. But remember: fishy files can still find their way to an encrypted inbox. Run suspicious attachments through an online virus scanner like VirusTotal before unleashing them on your device.

Stop web browsers from spying on you

The ubiquity of Google's Chrome web browser makes accessing your personal info easier for everyone, not just you. A December 2019 report from DuckDuckGo found Google trackers installed on 86% of the most popular websites. While tweaking your Chrome settings can help, the plain fact is that you need to be vigilant to keep Chrome from spilling your data all over the internet. In Chrome or Firefox or most other popular browsers, you can use private mode or incognito mode to protect your browsing sessions. 

If you really want to get serious about privacy, Brave is a browser equipped with nuanced controls for blocking ad trackers, third-party cookies (which track you across the web via social buttons on a webpage) and third-party fingerprinters. Since Brave is built on the same open-source Chromium technology as Chrome, you can enjoy using most Chrome extensions without dragging a nasty trail of Chrome trackers behind you.

Intermediate level

Get a VPN

A virtual private network is an essential layer of browsing software-based security that creates a private network between you, the websites you visit, and any wireless devices you've connected to. While VPN use won't guarantee absolute privacy, it generally works by blinding your internet service provider to the websites you visit, and blinding websites to your IP address. And it's absolutely critical if you're on public Wi-Fi and anyone could be potentially snooping on you, or worse. 

VPN prices range as widely as their security, which is largely based on which protocols are used. A long-time favorite like IPVanish, for example, might cost $89 a year, but it keeps no log of user activity, allows you to pay in bitcoin and offers a connection kill switch. 

CNET's side-by-side comparison of the best VPN services we've found in 2022 can steer you away from the rocks.

Learn Tor

Similar to a VPN, the Tor browser operates through an ever-expanding network of servers. In Tor's case, every request made from your computer bounces through an encrypted relay system of intermediaries to keep your identity hidden and make tracking your activity intensely difficult. The relays, or nodes, are volunteer-operated and open. 

Unfortunately, there are no official Tor browsers for iOS but Tor has install options for both Windows and MacOS, and an official app for Android. Security is a slow business, though. Don't expect to stream movies via Tor browsers. 

Head over to the official Tor download page for the installer and set-up instructions. 

Your cybersecurity checklist

To sum up, here are some quick tips for best online security practices:

• Never reuse passwords on multiple sites.
• Never allow a web browser to save your passwords.
• Enable two-factor authentication for your accounts whenever possible. 
• Never connect to a public Wi-Fi hotspot without connecting to a VPN.
• Use incognito mode or a privacy-focused web browser whenever possible, or make the jump to Tor.
• Run a virus scan on email attachments -- even those from friendly sources -- before opening them. 
• Any sensitive text-messaging conversations should always be conducted over a secure messenger such as Signal.

Advanced training

If privacy tutorials and surveillance-dodging has whet your appetite for cybersecurity, there's no reason to stop with these apps. Here are a few places you can go for more training that is either free or low-cost. 

• The Society of Professional Journalists keeps a list of privacy and security tutorials and tools stuffed into its Journalist's Toolbox.
• Udemy offers a cybersecurity survey class for $15 that allows you to get an overview of the fundamentals of good security.
• Professor Messer offers an extensive collection of security training videos if you're interested in sampling a range of cybersecurity principles and best practices.