Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Internet Safety: 7 Steps to Staying Safe Online

It’s within your power to take the steps necessary to stay safe and secure.

Online security is critical. Here are the key steps you can take to keep yourself safe on the internet.

Internet Security

The Ask Leo! Guide to Staying Safe on the Internet – FREE EditionSubscribe to Confident Computing, my weekly newsletter, and get the 88-page Ask Leo! Guide to Staying Safe on the Internet – FREE Edition digital download as a gift. Based in part on this article, the Ask Leo! Guide to Staying Safe on the Internet – FREE Edition will help you identify the most important steps you can take to keep your computer and yourself safe as you navigate today’s digital landscape.

The very concept of “internet safety” feels like an oxymoron these days.

It seems we hear about some new threat aimed at wreaking havoc across machines connected to the internet almost daily.

Here are some things you can (and should) do to stay safe.

Become a Patron of Ask Leo! and go ad-free!


Staying safe online

  • Use good security software.
  • Keep software up-to-date.
  • Secure your online accounts.
  • Educate yourself.
  • Secure your home and mobile connections.
  • Remember physical security.
  • Back up.

1. Scan for malware

Sometimes, most commonly via email attachments, malware can end up on your computer.

Security software will scan for, locate, and remove malware from your hard disk. A real-time scanner will notice it as it arrives, even before it hits the disk, but at the cost of slowing down your machine a little, and occasionally interfering with other operations.

Important: Because new malware is being created every day, it is critical to keep your anti-malware definitions up-to-date. Be sure to enable the scanning software’s automatic-update feature and have it do so every day.

2. Stay up-to-date

I’d wager that over half of all malware infections don’t have to happen. Software vulnerabilities exploited by malware usually have fixes already available by the time malware reaches a computer.

The problem? The user simply failed to install the latest updates capable of preventing the infection in the first place.

The solution is simple: enable automatic updates everywhere.

3. Secure your accounts

Account hacks are all too common. And yet, there are many tools and techniques available to prevent them from happening, or to dramatically reduce the impact when they do.

Particularly when it comes to your online accounts, it’s not only your responsibility, it’s in your best interest to ensure you’ve secured your account appropriately. That includes:

  • Choosing good passwords, and using different passwords for every site.
  • Using a password vault or manager to manage your passwords.
  • Enabling two-factor authentication wherever it’s available.
  • Ensuring that your account recovery information is set, and kept up to date.

Almost all the account hacks I hear of, particularly those where the account is lost forever, have failed to do one or more of those items.

4. Educate yourself

To be blunt, all the protection in the world won’t save you from yourself.

  • Don’t open attachments you aren’t positive are OK; attachments are one of the most common ways that malware spreads.
  • Don’t fall for phishing scams. Be skeptical. Phishing is a common way that online accounts are hacked into and can lead to more serious issues, like identity theft.
  • Don’t click on links in email you aren’t positive are safe.
  • Don’t install “free” software without checking it out first. Many “free” packages are so because they come loaded with spyware, adware, and worse.

When visiting a website, did you get a pop-up asking if it’s OK to install some software that you’re not sure of because you’ve never heard of it? Don’t say OK.

Not sure about some security warning you’ve been given? Don’t ignore it. Research it before doing anything.

And of course, choose secure passwords and don’t share them with anyone.

5. Secure your home network and your mobile connection

If you’re traveling and using internet hotspots, free Wi-Fi, hotel-provided internet, or internet cafes, you must take extra precautions.

Make sure your web email access — or, for that matter, any sensitive website access — is only via secure (https) connections, or that your regular mail program is using only encrypted connections. Don’t let people “shoulder surf” and steal your password by watching you type it in a public place.

Make sure your home Wi-Fi has WPA2-security enabled if anyone can walk within range, and you’ve changed your router’s administrative password.

6. Don’t forget the physical

An old computer adage is that “if it’s not physically secure, it’s not secure.”

All the precautions I’ve listed above are pointless if other people can get at your computer. A thief can easily get at all the unencrypted data on your computer if they can physically get to it. Even log-in passwords can be easily bypassed if someone has access to your computer.

The most common scenario is a laptop being lost or stolen during travel, but I’ve also received many reports from people who’ve been burned because a family member, friend, significant other, or roommate accessed their computer without their knowledge.

7. Back up

I know that backing up doesn’t feel like a “security” measure, but ultimately, it can be one of the most powerful ways to recover if you ever encounter a security-related issue.

The damage done by almost any kind of malware can be quickly reversed if you have a recent backup to restore to.

Having a back-up copy of your data (all your data) can help you recover after computer is lost or stolen (not to mention when a hard disk dies).

Backing up your email and contacts can be a critical way to restore your world should your online account ever be compromised.

Backups truly are the silver bullet of the computing world: a proper and recent backup can help save you from just about any disaster, including security issues.

Overwhelming? It might seem so, but…

This might all seem overwhelming, but please believe me when I say it’s not nearly as overwhelming as an actual security problem if and when it happens to you.

The good news is that the majority of the things you need to do to stay safe on the internet are things you set up once and let happen automatically thereafter, or new habits you form based on the important things that you learn about keeping things secure.

While we might want it to be otherwise, the practical reality of the internet and computing today is that we each must take responsibility for our own security online.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

Podcast audio


17 comments on “Internet Safety: 7 Steps to Staying Safe Online”

  1. GREAT Internet Safety SUMMARY which has a perfect timing in the period of severe attacks by all the criminal hackers who’s only objective in their miserable life is to DESTROY ALL THE EXTREMELY USEFUL ADVICE ACCOMPLISHED by the GREAT ACTIVITY OF ‘Ask Leo!’ …

  2. How would I know if my regular mail program ( Thunderbird ) is using only encrypted connections? I use Linux OS but I see no difference in the TB interface and settings from Windows. Would you know off hand if TB uses encryption?

    • When you configure the account, you specify the server to connect to (things like and the like). Along with that specification are checkbox’s to indicate SSL or TLS should be used. Either of those checked indicate encrypted connections. I believe you can review your account settings after the fact.

  3. I bought a new laptop. Lenovo. I am wanting to add my pcmatic to this and microsoft says I can’t while in “S mode”. But advises not to turn off “S mode”. I am so confused.

  4. Leo, as I’m sure you know several of your items can be accomplished simply by using Linux as your operating system. As to malware, so far there’s virtually zero malware written for desktop Linux. Matter of fact, nobody so far has bothered to write an anti-virus program for Linux since it’s not necessary due to the inherent security built into Linux. There is one AV used on Linux but it only detects Windows malware to avoid Linux users forwarding infected files to Windows users. The big AV suppliers do offer commercial AV products for Linux but they’re expensive and aimed at servers, not desktop systems.

    Updates are handled much better than those in Windows. 99% of updates (which occur often) run in the background, not affecting operation, and install much faster than those in Windows.

    Linux is always free and the overwhelming majority of software is also free including several outstanding backup programs. For instance, BackInTime (for user files), Timeshift (backs up the OS). Both run in the background not affecting operation and feature multiple de-duplicated snapshots. Then there are offline Bare Metal rescue type backups like Foxclone. All are free and actively maintained.

    Vigilance is still the watchword because browsers, email and texting are still vulnerable to phishing and malware. Sandboxing programs like Firejail (free) can go a long way toward mitigating those problems.

    • Linux is not a major target for malware, but it’s still vulnerable. As you mentioned, here are a few antimalware programs for Linux and it’s a good idea to install one. Most are expensive but ESET NOD32 for Linux is only $40 a year, and if you already have a Windows license, you can transfer the license to the Linux installation and vice-versa.

      The fact the few people use antimalware protection with Linux might tempt a hacker to try hacking it.

      Unfortunately, there are no free AVs for Linux which is ironic because most software for Linux is free.

  5. I’ve never had a problem with malware with Linux, and see no reason to spend even a penny on anti-malware. On the remote chance that my computer is compromised I have full daily backups, my important documents are in dynamically updated end-to-end encrypted cloud backup plus the daily full system backup and a weekly full system backup that’s created and then physically disconnected. I’ve had to resort to the backups more than once since I’m an inveterate tinkerer.

    • Hacking isn’t only installing ransomware or other malware that damages files, most hacking is for profit and backups don’t protect against stealing passwords and other information, or installing bots to send spam and phishing email, mine Bitcoin, and other things the hackers can monetize.

  6. Leo,

    I appreciate this item! It provided me a chance to double-check that my anti-malware/Internet Security efforts are up to date (and as complete as possible).

    Happily, they seem to be. In fact, I am very pleased to note that my ATT-provided Wi-Fi router came to me with all security settings correctly configured. I live with my adult son. We both have full access to the router, and that is how I want it, so I have no need to change the devices access code, set an administrator password, or change the Wi-Fi connection password. The router comes with unique and long passwords/access keys. Remote access is disabled by default, and I cannot find any way to enable or disable UPnP (so I suspect the service does not exist at all). The router is configured to not respond to incoming requests of any type (ICMP or UDP) by default, so it is effectively invisible on the Internet. Finally, system/firmware updates are checked and installed automatically, so I didn’t have to change/set that up either.

    I particularly like that you did not skimp on the part of Internet Security I consider most important (I call it Cognitive Security). It involves remaining very skeptical about EVERYTHING that comes from the Internet until its veracity can be confirmed using other sources. In other words, trust NOTHING until you can verify its truth for yourself.

    I have been implementing all your other recommendations in this item for a long while, so I think I’m good to go with system security, encryption, etc. on all my devices. My Samsung phone even comes with Knox Security pre-installed, which greatly impressed me when I got the phone because Knox is one of the best-reputed mobile security providers, based on my research at that time.

    For me, the bottom line here is that EVERYONE who reads this item should do as you suggest in each part of it and take the time to read and do as all the linked articles suggest too. It may seem like a lot to do now, but whatever it takes will be very insignificant when compared with what users will likely face if they don’t.



      • Yes Leo,
        it’s a good summary & comments by Ernie, and I’m a strong supporter of all measures and efforts by the computer-users-community to fight the increased and ‘criminal abuse by the hackers’ because we all desperately need a substantial help by the legal steps to control this situation more effectively.
        Tony H.

  7. I like this article. I have a problem with having to roll back an up a change I made on bios. Can you tell me how to do this?

    • Unfortunately I cannot. That’s machine specific. You’ll need to contact your computer’s manufacturer. Normally it means reinstalling the prior version of the BIOS but how to get that and how to install it vary from machine to machine.

  8. Your articles and videos are vastly outdated and do not compare to the younger generation.
    Truth be told, LinusTech, Austin Evans, etc. have replaced you boomers. You don’t even hold a candle to 1/10th of their knowledge.

    It’s okay, if you shill enough to Xbox, you may just get more clout, Leo.


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.