• Tech
  • Security

5 Tips for Staying Safe Online From a Google Security Expert

4 minute read

We’re living in the age of the data breach. From Target to Home Depot, a growing number of companies have been targeted by hackers hoping to score customers’ personal data and credit card numbers.

Unfortunately for consumers, there’s little we can do to be sure the companies we’re shopping at are doing enough to prevent these kinds of incidents. However, we can take precautions to secure ourselves in case our personal information is ever stolen.

What should we do to stay safe from identity theft and fraud? Mark Risher, Google’s spam and abuse chief, offers these tips:

Keep your software updated

Updating software, whether it be on your phone, laptop, or television, is extremely important. When hackers discover new ways to steal your data, gadget and software companies usually work quickly to release fixes for those vulnerabilities. But it’s up to us to actually install those updates — or set it so that updates occur automatically.

“We’ve done some research and it’s something security experts themselves are very good at, but the general public is not,” says Risher.

Don’t fall for “phishing” scams

Phishing is an age-old technique in which users are tricked into submitting their login credentials on a fake website, only to have that information sent to hackers instead. Risher says these cons are becoming more difficult to spot.

“In the past, these phishing sites were greedy and clumsy,” he says. Older scams might have redirected users to a website that looked sketchy, asking for multiple account passwords without imitating the style or look of any particular company’s website. Today, the scams are “more simple,” Risher says. “They just copy the exact page you’re used to seeing and put it in a social context that’s misleading.”

The best ways to avoid phishing scams is by closely examining a website before you enter any login data. Pay close attention to the URL, which will often display a Web address that’s slightly different than the website it’s imitating. The same is true of email phishing scams; tricksters will often use an email address that looks legitimate but may be a character off from a company’s actual email address.

Add recovery contact info to your accounts

If your account is compromised, companies will probably try to let you know. But that’s only possible if they have some means of getting in touch with you on file.

“Add a phone number [or] an alternate email address, so that in the event you can’t log in, we have other channels where you can verify that the account is yours,” Risher says.

Don’t use the same password for multiple sites

If there’s one cardinal sin when it comes to online security, it’s using the same password over and over again across different services. This, says Risher, can be worse than never changing an old password.

“It’s much more important that you have unique passwords across all of the different sites that matter,” he says. There’s a reason many people are guilty of this: Passwords are difficult to remember. Using a password manager like LastPass or 1Password, which generate new unique passwords on your behalf each time you log in to a website, could fix this problem.

Enable two-factor authentication

Two-factor authentication adds an extra layer of security to your accounts by requiring another code in addition to your memorized password. That code can be sent to your smartphone via a text or generated by an app.

With two-factor authentication, even if a hacker has your username and password, he or she won’t be able to access your account unless they also have your smartphone — not a likely scenario.

“If you’re trying to defend yourself against getting hacked, you have to make sure everything is sealed off,” says Risher. “In your house, you would make sure that your doors are locked, that your windows are closed, that your shades are down, that you don’t have any places that people can climb through. And the bad guys just have to find one of them.”

The 10 Most Ambitious Google Projects

A driver drives a Google Inc. self-driving car in front of the company's headquarters in Mountain View, California on September 27, 2013.
Google Driverless Car The Google Self-Driving Car has been in the works since 2005 after a team of engineers won a grant from the U.S. Department of Defense to design an autonomous car. The project, which aims to reduce traffic accidents, has made headway in recent years as states passed laws permitting self-driving cars. Google plans a commercial release between 2017 and 2020.David Paul Morris—Bloomberg/Getty Images
Google Internet Balloon
Google has been testing balloons which sail into the stratosphere and beam Internet down to Earth. Jon Shenk—AP
This undated photo released by Google shows a contact lens Google is testing to explore tear glucose.
Google's smart contact lenses.Google/AP
Avatars from Google Lively.
Google Lively Google Lively was a web-based virtual community space where users could design avatars, chat with one another and personalize their online hangout space. The project was discontinued after a six-month stint in 2008 after limited success.Google/AP
Eye in the Sky
Google Earth Google's virtual map of the Earth allows users to tour the earth with 3-D satellite images. The project, which dates back to 2004, has already found significant applications in disaster relief.Google/AP
Google's modular phone (Project Ara) at Engadget Expand New York 2014 at Javits Center on Nov. 7, 2014 in New York City.
Project Ara Google's build-your-own-smartphone project allows users to customize their handsets to their own preferences, with the possibility of eliminating electronic waste by encouraging users to add hardware updates on their own terms. The team is working towards a limited market pilot in 2015.Bryan Bedder—Getty Images for Engadget Expand
colored pill capsules
Disease Detecting Pill Google unveiled its plans to disease-detecting ingestible pill in October, a project that'll let patients access their real-time health data to encourage preventative care. The pill will contain nanoparticles that can bind to certain cells and chemicals, with the possibility of detecting diseases like cancer in early stages.Getty Images
Flight team engineers Kenneth Jensen, left, Damon Vander Lind, center, and Matthew Peddie prepare for the first crosswind test of their 20kW Wing 7 airborne wind turbine prototype in Alameda, Calif. on May 24, 2011
Flying Wind Turbines The flying windmill is the project of Makani Power, a wind turbine developer acquired by Google in 2013. The tethered airborne turbines will harness wind energy for the goal of producing low-cost, renewable energyAndrea Dunlap—Makani Power/AP
Vic Gundotra, director of product management of Google, demonstrates Google+ on the Nexus 7 tablet during Google I/O 2012 at Moscone Center in San Francisco on June 27, 2012.
Google+ Google's social networking platform launched in 2011, the most successful service after several flops at designing a Facebook competitor, like the now-retired Google Buzz. Today, Google+ boasts over half a billion monthly active users.Stephen Lam—Reuters
Google Books Google Books dates back to 2004, when Google partnered with libraries and universities to plan to digitize millions of volumes over the next several years. The project aims to make searching books as easy as searching the web.Getty Images

Google is one of many companies researching ways to replace or enhance the traditional password. In 2013, for example, the company said that it was looking into login methods that involve plugging in a USB dongle rather than typing in credentials.

“As people are using mobile devices, this presents whole new ways that we have to look at the problem,” says Risher. “It’s definitely an active area that we’re investing in; we’ve got some exciting stuff coming.”

More Must-Reads from TIME

Contact us at letters@time.com