Understanding Internet Security and Online Privacy

Rosslyn Elliott / Updated Jun 14, 2023 | Pub Mar 09, 2023

Do you feel like you’re always racing to try to catch up to the latest cybersecurity advice? You are not alone. The breathless pace of internet progress has also produced lots of opportunity for internet crime. Most of us need to pay more attention to how safe we are online.

These days, there’s a constant flood of news about major companies getting taken down by cybercriminals. Our friends pop up online to warn us that their social media got hacked. Every day, many unfortunate victims get their identities stolen. We all know people who have to go through the painful process of clearing their names and restoring their credit and their bank accounts.

Here’s a comprehensive guide to how you can protect yourself online. Though it may seem overwhelming at first, each step in the process is actually pretty simple. If you check off a couple of these tasks each weekend, it will be easy. It’s worth it to get solid internet security and online privacy. In the end, practicing internet safety could save you thousands of dollars and countless hours of recovery time.

What is the Difference Between Internet Security and Online Privacy?

Internet security refers to the ways you can protect your networks and devices from unauthorized access, damage, or theft. Internet security focuses on understanding how people get into your devices or accounts, and learning how to keep bad actors out.

Internet privacy refers to who controls the private information that you voluntarily share online. So many companies and government organizations now ask us to submit crucial facts about ourselves over the internet. These facts can be dangerous in the hands of lawbreakers. The obvious ones are birthdates, social security numbers, and credit card numbers.

But there’s more personal information that falls under internet privacy as well. Your medical problems, your age, your race or religion, your private internet searches – all of these pieces of data might harm you in the hands of the wrong person.


attackers seek personal information online with image of driver's license and SSN card

Part One: Internet Security

We’ll start by focusing on internet security. First, you’ll learn about the most common types of attacks. Then you’ll get valuable tips for how to keep unauthorized intruders from getting into your Wi-Fi networks, home computers, mobile phones, and other smart devices.

Types of Cyberattack

You can use a number of tools and techniques to safeguard your devices against online threats. Some of the better-known methods to fight intruders are antivirus software, firewalls, and VPNs. But there are other ways to keep out any digital space invaders. First, you need to know how they will try to get in.

Two methods of attack are most common when criminals try to break through your internet security.


Hacking is an illegal activity through which a person gains access to your computer systems without your permission. Hackers use techniques such as phishing, malware, or con games to get into your networks, accounts, and devices. Once the hackers get in, they can do all kinds of mischief by either controlling your computer or stealing your data.

Viruses and Malware

Viruses and malware are programs designed to harm your digital devices or steal your personal data. Malicious programs can infect your computer through email attachments, software downloads, or unsafe websites. Those infections can destroy your computer, delete data, or turn your computer into a zombie that sends out massive junk mailings. Malware can also steal your personal data just like hackers can.

Why Cybercriminals Attack: Identity Theft

Hackers, viruses and malware are methods of attacking your security. Identity theft is a motive.

Identity thieves may use a variety of methods, but their end goal is to commit one of the most popular crimes online. Cybercriminals often focus solely on identity theft because success can bring them so much money.

Usually, identity theft involves stealing your address, SSN, birthdate, and credit card numbers. The thief will use your information to impersonate you, create fake IDs and passports, steal your money, open new credit cards, or commit fraud against other people in your name.

Know the Common Internet Security Threats

Public Wi-Fi Security

Public Wi-Fi spots can be very convenient when you are on the run, but their lack of security can give attackers an opening. Some cybercriminals will even set up entire rogue Wi-Fi networks, intercept unencrypted data, or jump in on your connection in a “man-in-the middle” (MITM) attack.


public wi-fi has security risks with image of two young people in cafe

Home Wi-Fi Security

All these attacks (rogue network, data-stealing, MITM) can also happen to your home network. The solutions for home networks tend to be simpler than the care you need to take on public Wi-Fi. Keep reading to get our 9 tips to improve internet security later in this article.


Phishing is a cyberattack in which attackers use fake emails, text messages, or websites to trick users into giving them personal information. Phishers will often use tactics that make a user anxious or panicky in order to get them to act quickly, without thinking.

Attackers may create a spoofed URL address. This link will take you to a website that looks like your bank’s website or Paypal, but the website is actually a clever copy. If you enter your password on one of these fake sites, the criminals then know your financial passwords and can hack into your real accounts.

Phishing attacks will often use your actual name to make you think they know you. Sometimes, a phishing email will use a return email address that looks like it comes from one of your friends or your boss. The important rule of thumb is never to respond to anything quickly, no matter how alarming or surprising it may seem. When in doubt, text your friend and ask if they sent that odd email.

Malware, Malvertising and Ransomware

Malware, short for malicious software, can be any type of software intended to harm or control networks, computers, or other digital devices. Malware comes in many forms, including viruses, trojans, worms, ransomware, spyware, and adware. Malware can disable your computer, turn it into a zombie under someone else’s control, and steal your data.

Malvertising may sound similar to adware, but the two advertising attacks work in different ways. Adware is designed to track your web activity to show you personalized ads. It’s a nuisance, but it’s not as malicious as malvertising.

Malvertising uses a decoy ad to get you to click on something that will infect your computer (i.e., malware of some kind). Sometimes, malvertising appears as a popup on a reputable website, which is why your browser has a pop-up blocker. Malvertising may also appear as a banner ad or a video.

Both malware and malvertising can be created by individuals or by cybercrime gangs. They can be convincing, so beware of any ad that sounds too good to be true.

Ransomware is an even more deadly kind of malware. Ransomware will lock down computer systems and deny access unless the victim pays a large sum of money to the attacker. Usually, ransomware targets businesses rather than individuals, because it’s easier to get businesses to pay up rather than lose business.

Ransomware is almost always created by criminal gangs, often based outside the United States where they are harder to track and catch. Though you are unlikely to be held for cyber-ransom as an individual, organizations who work with you are at risk. Some of the most dangerous cybercriminal attacks are ransomware attacks on hospitals, which can lock down lifesaving systems and cause deaths or serious injuries.


Ransomware attacks can kill in hospital settings with image of doctors in ER

Hacking to Gain Remote Access

If you work somewhere with an IT support team, you may have seen your IT people control your computer by remote access to fix something. Remote access can have positive results when someone is helping you, but not when a criminal gets control.

Remote access tools are usually wielded by hackers, working as individuals or in groups. They will use their access for all the usual nefarious purposes. So, if you don’t want your data or identity stolen or your computer used in other crimes, you’ll need to guard against it.

Con Artists: “Social Engineering” to Commit Cybercrime

The very respectable-sounding “social engineering” is not respectable at all. It’s an important part of many cybercrimes.

Social engineering means psychological tactics used to gain access to sensitive information such as passwords or financial data. Attackers who do it are usually known by another, more appropriate name: con artists.

Social engineering can appear in some of the techniques we’ve already mentioned, such as phishing. But there are some other types of social engineering cyberattacks that you need to be aware of.


Pretexting uses a made-up scenario to gain a victim’s trust. A pretexter pretends to be an important, trustworthy person with authority, like a bank employee, IT support person, or government representative. The attacker will use the trust you place in that authority to get you to give them your personal information.


Baiting uses an attractive item or offer to get you to click on a malicious link or go to a fake website where attackers steal your information.  Baiting might use the name of a famous company to offer you something free.

Example of baiting: “ACME Widgets will give you a free [expensive brand name item] if you answer this 2-question survey! Click to enter!”

Quid Pro Quo – Nigerian Letter Scam or True Love Needs Your Money

This classic old-school con is part of internet security because it now usually takes place online, by email, in chat, or on social media platforms. The first type is the con game where someone asks you to give them a smaller sum of money so they can gain access to a huge sum of money. In return, they promise to give you a commission.

So, for example, in the famous Nigerian letter scam, you get an email claiming that someone in Nigeria needs to transfer money to an overseas account.  They’ll offer a commission of thousands or even millions of dollars, and all you have to do is give them an initial deposit so they can pay taxes and bribes. Once you give them several hundred dollars (or more–ouch!), they disappear.

Other quid pro quo scams are even more personal and tragic. Some internet criminals will spend months cultivating a fake romance with a target, asking for more and more money until the cash runs out. Sometimes the “quid” (money) is claimed to be needed for the “quo” (travel) that would mean the loved one visiting the victim’s country or state. Sometimes, your true love might come up with a reason they need your SSN and birthdate. But the real quid pro quo is the promise of true love in exchange for money.


Woman looks dismayed with head in hands after email scam

9 Tips To Create Your Strongest Possible Internet Security

There are a number of straightforward actions you can take to be as safe as possible online. Good internet security prevents people from getting into your accounts, stealing your passwords, or otherwise tricking you to get inside your digital networks and platforms. Here’s how you make it harder for cybercriminals to invade your spaces or take over your devices.

Use multifactor authentication (MFA)

Most of us are most familiar with MFA when our bank asks us to enter a six-digit code for access that they send to us on our cell phones or by email. MFA requires a second or third form of proof of identity to make it harder for criminals to get into your accounts. Many organizations will ask you if you wish to enable MFA. Always answer yes. It takes a moment longer, but provides valuable protection.

Update your antivirus/internet security software

Most security software updates automatically these days. Don’t forget to check periodically to make sure your software is still actively protecting you and as up-to-date as possible.

Use a firewall

A firewall blocks unauthorized traffic from entering your computer. All devices that connect to the internet should have a firewall, including your router. Don’t take down your firewall because it occasionally annoys you by blocking things it shouldn’t. It’s saving you from much greater problems.

Create strong, unique passwords

The strongest passwords are usually strings of random numbers, letters, and symbols created by a random password generator.

You may be reluctant to create a bunch of passwords this complex because you’re afraid you will forget them. That’s natural. Password manager software can help. Realistically, it is important to know that password managers can also be compromised as LastPass was hacked in late 2022 and entire password vaults were stolen.

Keeping your passwords only on paper is obviously one non-hackable plan, but cumbersome if the passwords are long.

There is no perfect solution, but at minimum, be sure that you use complex passwords with a mix of letters, symbols, and numbers, and use a variety of passwords rather than using one password across all your accounts. You will be grateful for that security if you get a notice that a company data breach has exposed one of your passwords!


Use strong passwords with image of laptop and padlock on screen

Pay attention to your browser security

Internet browsers have features that mean some offer more security than others. Look into the top-rated browsers for security to learn more about protective features.

Set up your router for maximum security

Your router settings can determine the level of security for your home Wi-Fi network. See our step-by-step guide for how to login to your router. Once you log in, you can change your network name and password and access other user controls that improve internet security.

Secure your other devices including mobile and internet of Things

Your mobile devices including phones and tablets should also have internet security software installed. Most antivirus companies will offer you a subscription bundle that can protect all your devices from desktops to smartphones. When you have a chance, enable your biometric security methods such as finger recognition or facial recognition.

Internet of Things items include all the nifty devices around your house that function with Wi-Fi, as well as smartwatches and other wearable tech that collects data about you. Make sure that you change all default passwords on these devices. Disable any unnecessary features such as remote access or file sharing. And keep monitoring for any suspicious activity that might indicate unauthorized access, such as device changes you haven’t made yourself.

Use a VPN

A Virtual Private Network (VPN) is a valuable software add-on that means your internet connection will always be secure and encrypted. A VPN routes your internet access through a remote server, which makes it harder for someone to hack into your connection or spy on your internet activity.

A VPN will mask your IP address, which also prevents bad actors from finding, tracking, or intercepting your connection online. You can purchase a VPN online and download the software. Look for a VPN with a wide variety of server locations, so you will have plenty of login choices.

Install Parental Controls

Don’t forget that when your kids are online, there’s more at stake than even their innocence. Kids are less likely to be able to detect fake popup ads or spoof websites. They may click on malicious emails without knowing it.

So, while you teach your kids all the internet security basics, make sure you also install parental controls to control their browsing. You need to keep children from accidentally opening the door to cybercriminals who can then get into your whole network.


Boy uses laptop protected by parental controls

Part Two: Online Privacy

Why is online privacy important?

Online privacy becomes more important with every advance in technology that makes us more dependent on the internet for our daily activities.

The internet has brought us great convenience and a wealth of knowledge at our fingertips. Errands such as banking and filing government forms used to require trips to offices and hours standing in line. Now, we can take care of business in minutes from the comfort of our homes.

All this convenience requires us to share information digitally. And information that goes into the public arena called the internet can never be completely private or safe.

Your personal information shared online can allow other people to know things about you that would have been impossible to learn 20 years ago. Your internet searches can reveal your health problems, your politics, and your religion (or lack of one) in ways you would never suspect.

The problem is that companies, governments, or even individuals might find ways to use that information against you, even when you are not doing anything wrong and just leading a lawful life.

Your private data can be used to harm you in a number of ways. Knowledge of your beliefs can be used to manipulate you to believe things that aren’t true. Internet manipulation has caused many people to act unwisely or even criminally.


Image of paper-based filing system when information was harder to steal before the internet existed

Major Online Privacy Violations

Because online privacy issues are always getting ahead of our laws, we keep discovering privacy violations after the fact.

For example, in 2013, Edward Snowden leaked information showing that the U.S. government was collecting data on online communications for huge numbers of citizens. In other words, the United States was using illegal mass surveillance on its own population. Mass surveillance is troubling because any government can use it to act to squash political opposition or individual dissent. In more authoritarian countries such as China, of course, the government can watch everything its citizens do online without any kind of legal constraint.

The Cambridge Analytica scandal of 2018 revealed that Facebook had released private user information to political consultants, who used that data to polarize and manipulate the voting public. And in 2020, it became clear that artificial intelligence would play a role in privacy violation when Clearview AI sold “scraped” facial recognition information from the internet and sold it to law enforcement agencies.

These major scandals are just the tip of the iceberg. Most of us now regularly receive notices from major companies that hold our private information. Those companies inform us that there has been a data breach, and our personal information may have been compromised. Equifax, Yahoo, and Marriott are just a few of the companies whose databases have been breached, but there are many, many more.

In response to the public outcry and legal concerns about privacy, tech companies such as Google are changing the privacy rules.  By the end of 2024, third parties will not have as much access to your user cookies that reveal how you browse the internet. But change is slow, and massive exposure of user data continues every day, both legally and illegally.


mass surveillance can threaten democracy with image of American flag

Risks from Misuse of Your Personal Information

Once your privacy is compromised and someone gets hold of your personal information, consequences for you can include identity theft, fraud, and impersonation, as previously discussed under internet security.

However, there are some additional risks from privacy violation. When companies create a detailed profile of you and use it to manipulate you economically, mentally, or emotionally, you can experience serious negative consequences.

Mental, emotional, and financial manipulation

It’s not news that organizations are always trying to influence and manipulate customers to buy certain things or believe certain things. What’s different is the amount of data those companies or political groups can now collect without your knowledge, down to granular detail about your family, your lifestyle, and your beliefs. It’s not good for strangers to know exactly what emotional buttons to push to make you irrationally angry or fearful.

Data sharing/data selling by mobile apps

When you share some data with a fun app on your mobile phone, you may think the data stops there. But it doesn’t.  Many apps make an active business of selling information about you to third parties. Your phone is privy to an immense amount of data about you, including where you are at all times, your browsing history, your contacts, and even your text messages. So be careful what apps you download and use. Actually read privacy policies before you agree to them.


Cyberstalking is unfortunately growing more common. In cyberstalking, people use the internet to harass or threaten another person whom they may or may not know in real life. Because we now put so much information about ourselves on social media platforms, bad actors can find out things about you that you would never want an enemy or a criminal to know. The best prevention is not to share too much personal information online, especially in public forums or with your real name attached. Also, be careful that you know the real identity of anyone you are communicating with online.


Thoughtful woman is careful about what information she enters online to prvenet cyberstalking

Revenge porn

Using people’s private images (or faking parts of those images) is one of the most disturbing trends related to online privacy. There is little a victim can do if a rejected romantic partner or even a stranger takes an image of a face and skillfully edits it onto a nude body. With even more sophisticated deepfakes, the potential for fraudulent videos is chilling. Make no mistake: this is a terrible violation of personal privacy even when the nude image or sexual activity is faked. Fortunately, 48 states now have laws against revenge porn.

Browser fingerprinting

Browser fingerprinting happens when a website creates a unique identifier for you in order to track your activity across multiple websites. You can add on browser extensions that block fingerprinting.

How To Protect Your Privacy Online

Some of the steps you can take to protect your privacy online are similar to those you use to practice the best internet security. Below, we’ll give you a checklist to use as a guide.

But first, there are two more specific areas of online privacy that deserve special mention. They are subject to misunderstanding and related to some of the newer technologies in our homes and browsers. Those two issues are incognito browsing, and voice assistants such as Alexa, Siri, or Google Assistant.

Incognito browsing: not as safe as it seems

Incognito browsing can be deceptive because it gives a false appearance of security. You think incognito means no one can track you or figure out who you are. But that’s not true. Companies can still capture your URLs and other information about you.

Incognito mode may also allow keyloggers to jump into your connection and track your activity. Do not trust incognito web browsing to protect your privacy. You need other safeguards in place.

Secure your voice assistant: Siri, Alexa, Google Assistant

Voice assistants may seem helpful and fun, but there’s a reason people have raised alarms about them ever since they hit the market around 2011.

Siri, Alexa, Google Assistant, and others have the ability to “listen” to you. That means a hacker can get into the device and record your voice. Once they have recorded your voice, artificial intelligence might allow all kinds of nefarious uses of your voice. If you have voice-activated technology for tasks such as banking, the risk is even greater.

Another danger is that hackers may listen in on your private conversations and publicize them or otherwise use that private information to hurt you.  To prevent this violation, keep your voice assistant’s software updated, use multifactor authentication, and regularly review the voice assistant’s privacy settings.


image oh phone with voice assistant such as Siri that could be hacked

Checklist: Protecting your Internet Security and Online Privacy

Here’s a review of our topics on a simple checklist. You can use the checklist to see if your internet security and online privacy is as good as it should be.

_____Allow multi-factor authentication (MFA)

_____Update your antivirus/internet security software

_____Use a firewall

_____Create strong, unique passwords and store them safely

_____Choose your browser for security

_____Adjust your router settings for maximum security

_____Secure and update all your mobile devices

_____Secure your smart home devices and smart watches

_____Don’t use public Wi-Fi for anything sensitive

_____Consider using a VPN, especially on public Wi-Fi

_____Install parental controls

_____Don’t share too much personal information on social media

_____”Think before you click” to avoid phishing and malware

_____Confirm the real identity of anyone you deal with online

_____Don’t trust incognito browsing to be truly private

_____Secure your voice assistant

_____Block browser fingerprinting


Image of man with healthy skeptical expression because your mindset is the first step in cybersecurity

Your Mindset is Your Best Internet Security

While technical aspects of security like the ones on our checklist are crucial, one principle is most critical to protecting yourself and your loved ones online.

Don’t believe everything you see or hear.

Second-guess everything you receive or see online. Start from a position of skepticism. Check sources, every single time you hear a fact or a story.

Is this email really from someone I know? How do I know?

Is this utterly shocking photo I just saw online true? Or could it be a fake?

Who published this article? What is their motivation?

Why does this person need me to give them sensitive information?

Why would my company need me to click this password change link?

Is that really an email from LinkedIn, or could it be a fake?

Is this job application hosted by a reputable, established company?

By thinking carefully about everything you see online, you’ll protect more than just your SSN and your credit cards.

You will protect your ability to tell truth from fiction.

As we enter an AI era when deepfakes and manufactured news will become ever more common, your mind will need the best security you can give it, every time you are online. If people hack your mind, they have made the ultimate hack.

Get the best out of the internet: let it help you with everyday tasks. But use this guide to help you improve your internet security and online privacy. We all tend to put it off, but now is the time to act.

Take an hour each weekend to just check out one device you need to secure, or complete one security step that will help. You’ll be glad you did.