Security Primer

The purpose of this post is to have a place to point friends and family for advice on staying secure online. This is not targeted at advanced users.

Basic Security

Stay up to date

This is the most important thing you can do: keep all of your software up to date. Whether you are talking about Windows, OS X, iOS, or Android, if you are not running the latest: you are not secure. Wherever possible, turn on automatic updates, and check on your updates from time to time.

Don't Use Flash

Adobe Flash Player is dangerous. Really, don't use it. Just uninstall it. It is not secure. Sites like YouTube all support native HTML5 videos now. You will still be able to get your cute kitty video fix without flash.

Don't Use Java (in the browser)

Unless you know you need Java (like you're a Java developer) you probably shouldn't even have it installed. It is nowhere near as much of an issue as flash, but the Java browser plugin is still regularly exploited.

Don't Use Internet Explorer

To be fair, Microsoft has been getting its act together, but IE should still be avoided. Firefox, Safari, and Chrome are all better choices. Microsoft's new browser: Edge, does show promise.

Don't Click on Links in Email

Unless you are 100% sure the email is from where it says it is from, don't trust it, don't click on anything in it. It is not hard for the bad guys to create emails that look like they are from the major social networks, or from your bank. If you get an email for a friend request, or a notice of fraud detection from your bank, just log into the social network / bank manually. Clicking on the link, if it isn't from where it claims to be, could be exposing you to all sorts of risk.

Don't Open Attachments in Email

Same as above.

Add Some Helpful Browser Plugins

HTTPS Everywhere is available for Firefox and Chrome, and will try to force your browser to use secure (https) connections whenever possible.

uBlock Origin is available for Firefox and Chrome, and is an ad-blocker. You can white list sites you want to allow to still show ads (if you're feeling bad about the sites not being able to monetize) but it is generally a good idea to have an ad blocker running as you browse. Ad networks have become a popular way for the bad guys to get malware onto major sites that you would never consider risky.