BizTech Illos Data Security
Martin Gee for TIME

5 Tips for Staying Safe Online From a Google Security Expert

Feb 10, 2016

We're living in the age of the data breach. From Target to Home Depot, a growing number of companies have been targeted by hackers hoping to score customers' personal data and credit card numbers.

Unfortunately for consumers, there's little we can do to be sure the companies we're shopping at are doing enough to prevent these kinds of incidents. However, we can take precautions to secure ourselves in case our personal information is ever stolen.

What should we do to stay safe from identity theft and fraud? Mark Risher, Google's spam and abuse chief, offers these tips:

Keep your software updated

Updating software, whether it be on your phone, laptop, or television, is extremely important. When hackers discover new ways to steal your data, gadget and software companies usually work quickly to release fixes for those vulnerabilities. But it's up to us to actually install those updates — or set it so that updates occur automatically.

"We've done some research and it's something security experts themselves are very good at, but the general public is not," says Risher.

Don't fall for "phishing" scams

Phishing is an age-old technique in which users are tricked into submitting their login credentials on a fake website, only to have that information sent to hackers instead. Risher says these cons are becoming more difficult to spot.

"In the past, these phishing sites were greedy and clumsy," he says. Older scams might have redirected users to a website that looked sketchy, asking for multiple account passwords without imitating the style or look of any particular company's website. Today, the scams are "more simple," Risher says. "They just copy the exact page you're used to seeing and put it in a social context that's misleading."

The best ways to avoid phishing scams is by closely examining a website before you enter any login data. Pay close attention to the URL, which will often display a Web address that's slightly different than the website it's imitating. The same is true of email phishing scams; tricksters will often use an email address that looks legitimate but may be a character off from a company's actual email address.

Add recovery contact info to your accounts

If your account is compromised, companies will probably try to let you know. But that's only possible if they have some means of getting in touch with you on file.

"Add a phone number [or] an alternate email address, so that in the event you can't log in, we have other channels where you can verify that the account is yours," Risher says.

Don't use the same password for multiple sites

If there's one cardinal sin when it comes to online security, it's using the same password over and over again across different services. This, says Risher, can be worse than never changing an old password.

"It's much more important that you have unique passwords across all of the different sites that matter," he says. There's a reason many people are guilty of this: Passwords are difficult to remember. Using a password manager like LastPass or 1Password, which generate new unique passwords on your behalf each time you log in to a website, could fix this problem.

Enable two-factor authentication

Two-factor authentication adds an extra layer of security to your accounts by requiring another code in addition to your memorized password. That code can be sent to your smartphone via a text or generated by an app.

With two-factor authentication, even if a hacker has your username and password, he or she won't be able to access your account unless they also have your smartphone — not a likely scenario.

"If you're trying to defend yourself against getting hacked, you have to make sure everything is sealed off," says Risher. "In your house, you would make sure that your doors are locked, that your windows are closed, that your shades are down, that you don't have any places that people can climb through. And the bad guys just have to find one of them."

The 10 Most Ambitious Google Projects

A driver drives a Google Inc. self-driving car in front of the company's headquarters in Mountain View, California on September 27, 2013.
Google Driverless Car The Google Self-Driving Car has been in the works since 2005 after a team of engineers won a grant from the U.S. Department of Defense to design an autonomous car. The project, which aims to reduce traffic accidents, has made headway in recent years as states passed laws permitting self-driving cars. Google plans a commercial release between 2017 and 2020.David Paul Morris—Bloomberg/Getty Images
A driver drives a Google Inc. self-driving car in front of the company's headquarters in Mountain View, California on September 27, 2013.
Google Internet Balloon
This undated photo released by Google shows a contact lens Google is testing to explore tear glucose.
Avatars from Google Lively.
Eye in the Sky
Google's modular phone (Project Ara) at Engadget Expand New York 2014 at Javits Center on Nov. 7, 2014 in New York City.
colored pill capsules
Flight team engineers Kenneth Jensen, left, Damon Vander Lind, center, and Matthew Peddie prepare for the first crosswind test of their 20kW Wing 7 airborne wind turbine prototype in Alameda, Calif. on May 24, 2011
Vic Gundotra, director of product management of Google, demonstrates Google+ on the Nexus 7 tablet during Google I/O 2012 at Moscone Center in San Francisco on June 27, 2012.
Google Driverless Car The Google Self-Driving Car has been in the works since 2005 after a team of engineers won a grant

David Paul Morris—Bloomberg/Getty Images
1 of 10

Google is one of many companies researching ways to replace or enhance the traditional password. In 2013, for example, the company said that it was looking into login methods that involve plugging in a USB dongle rather than typing in credentials.

"As people are using mobile devices, this presents whole new ways that we have to look at the problem," says Risher. "It's definitely an active area that we're investing in; we've got some exciting stuff coming."

TIME may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.