Protect yourself with our cybersecurity guides

Share this page

It’s always a good time to assess your security. We’ve shared some of our most important cybersecurity guides to help. 

At Proton, your security is our top priority. We believe your data belongs to you and you alone, which is why we protect it with end-to-end encryption(new window) and zero-access encryption(new window). Unfortunately, your security is not simply an on/off switch, nor is it something you can outsource to a single tool or service. Rather, it requires your input and attention. Your cybersecurity relies upon your behaviors, systems, and tools, and it’s only as strong as your weakest link. 

For example, if you use Proton Mail, set strong passwords, and use two-factor authentication but fall for repeated phishing attacks (emails that pretend to be from a trusted source to get you to share information), you’ll put your information at risk. That’s why we created these guides, so you can protect yourself and stay in control of your information.

To help you cover your cybersecurity bases, we’ve compiled several of our guides so you can follow them and keep yourself safe. 

At Proton, we’re building a better internet where privacy is the default. To do this, we encrypt as much of your data as possible, making it more secure even if the worst happens. If you want an internet that focuses on protecting your data rather than collecting it, join us!

How to avoid being phished

Phishing and its many variants affected more than 320,000 victims in 2021 alone(new window), making it the most common cyberattack. A phishing email typically appears as though it’s from an authority, such as a bank, and tries to instill a sense of urgency to make you act before you can investigate it. Its ultimate goal is to get you to share sensitive information or to click a link that will deliver malicious software onto your device.  

While some can be quite convincing, most phishing operations send mass emails, hoping to catch someone while they’re distracted. You can usually spot a phishing attempt if you just remember to take a moment and look closer. You should investigate any email that:

  • Is from an odd email address or one that you don’t recognize
  • Is unexpected or a surprise
  • Is poorly written or full of grammatical errors
  • Claims something is urgent and can only be fixed by clicking a link contained in the message

If you’re uncertain whether an email is a phishing attempt, you can always try to contact the sender by calling or texting them at a number you know is real. For example, if you’re suspicious an email from a bank could be fake, look up its phone number on its website. Do not click a link or download an attachment until you’re certain you’re not dealing with a phishing attempt.

Learn more about how to prevent attacks(new window)

How to make a strong password

Your password is the first line of defense for your online accounts, which is why it’s so critical you put more thought into it than just using “Password” or “123456789”. 

The easiest way to make sure all your accounts have strong, unique passwords is to use an open-source password manager(new window) to create and save your passwords for you. Then, all you need to remember is a single strong passphrase(new window) for your password manager.

Learn more about securing your accounts with strong passwords(new window)

How to use two-factor authentication

If your password is your account’s first line of defense, two-factor authentication (2FA) is the backup that keeps you safe if your password is cracked. Most 2FA methods require you to enter a one-time passcode from an authenticator app on your phone, but there are also hardware security keys that you simply need to tap. You should avoid 2FA that relies upon SMS, as this has proven less secure. 

Learn more about securing your accounts with 2FA(new window)

How to keep your device secure

Fortunately, this is a relatively easy one. There are four things you can do that will protect you from the vast majority of threats that could compromise your device’s security:

  • Always keep your device’s operating system, apps, and other software up to date.
  • Secure your device with a strong password. 
  • Do not give anyone physical access to your device unless you trust them.
  • Turn Bluetooth and AirDrop off if you’re not actively using them.

Developers release updates in response to known security vulnerabilities. If you use outdated software, you’re leaving vulnerabilities in place that malicious actors are actively exploiting. The best way to keep your software up to date is to turn on the auto-update option everywhere you can.

Preventing physical access to your device and securing it with a strong password are common-sense measures. If an attacker gets hold of your device, it can be very difficult to make sure that they did not compromise it.

Bluetooth and AirDrop are convenient features, but known attacks, such as BlueBorne (new window)and BrakTooth(new window), can take advantage of them. By keeping Bluetooth off, except when you’re actively using it, you reduce the chance that your device could be affected by these exploits. 

How to prevent cyberstalking and social engineering

The information you freely share with the internet can often be used by malicious actors. This is because social media posts can often contain a lot of information that you might not consider, including:

  • Your location
  • Your appearance
  • Your friends and acquaintances, and more

Consider fitness apps. In 2018, soldiers using Strava accidentally revealed their identities and locations(new window) on a high-security military base. Similarly, if you constantly post photos of your trip on social media while you’re away on vacation, you let people — and burglars(new window) — know you’re not home. 

If you use social media, you should consider adjusting the privacy settings for your preferred platform and think about what information your posts reveal — and what could be done with that information if it fell into the wrong hands.

Learn more about preventing cyberstalking(new window)

How to choose a browser that protects your privacy

You might not normally consider your choice of browser as a cybersecurity decision. However, nearly everything you do online requires using a web browser, such as Google Chrome, Apple Safari, or Mozilla Firefox. This gives your browser access to nearly all of your browsing activity, as well as your IP address, location, device operating system, and more, making it worth your while to consider which browser you want to use.

Google Chrome, by far the world’s most popular browser, has been custom-built by Google to sweep up as much data as possible(new window). To protect your data, you should use a privacy-focused browser like Mozilla Firefox, the Tor Browser, or Brave.

Learn more about privacy-focused browsers(new window)

How to recover from a data breach

While preventing a data breach or hack is always preferable to recovering from one, sometimes a cybersecurity failure is not your fault. Unfortunately, major data breaches by corporations(new window) continue to happen, sometimes affecting hundreds of millions of people(new window). When this happens, you’ll want to act quickly to make sure none of your information can be used to steal your identity or drain your bank accounts. 

Learn how to recover from a data breach(new window)

We hope these guides help you keep your information safe and private. Thank you once again to the Proton community for all your support. Stay secure!

Join us to protect your privacy and help build a better internet where privacy is the default. 

Get Proton for free today(new window)

Protect your privacy with Proton
Create a free account

Share this page

Richie Koch

Prior to joining Proton, Richie spent several years working on tech solutions in the developing world. He joined the Proton team to advance the rights of online privacy and freedom.

Related articles

With over 33 million registered users and more than 100,000 business customers, LastPass is one of the world’s most popular password managers. After an escalating series of highly-damaging disclosures over the last few months, LastPass has now admitt
Email headers are the hidden part of emails containing vital information to identify and authenticate messages. Learn how to read them to spot spam and stay secure. Have you received an unexpected email from a strange address? Is it actually from so
The United States is notoriously weak on privacy laws. With its secret surveillance courts and all-powerful spy agencies, the US has many tools to collect data on people within its jurisdiction and beyond. Recently, that power has been used to prose
When you encrypt files on your computer, it’s like storing them in a vault: Only someone with the correct key can access them. That’s useful if you’re concerned about hackers stealing your most sensitive documents or companies scanning your data for
Two-factor authentication (2FA) is an extra layer of protection for online accounts that requires you to use more than just your username and password to log in.  With 2FA enabled, you can protect access to your online accounts even if your password
Internet users of a certain age might recall earlier days of personal computing, with stacks of labeled floppy disks or CDs lying around the office. Those have all but disappeared thanks to the widespread availability of cloud storage, which took off