Web Security for Students: 7 Main Principles


What kind of student would be able to stay completely off the internet these days, right? You need to go online to do your research, submit your homework, and even attend lectures. That’s not even to mention staying in touch with friends and getting entertained!

But people like you aren’t the only ones on the internet. There are also plenty of hackers and scammers. They never stop trying to steal your personal data or trick you into sending them your hard-earned money. That’s why you need to be careful whenever you go online.

What exactly should you do to keep yourself and your data secure, though? Let’s break down seven basic online security rules.

Be warned, though: improving your online security will take time. And since a student with a lot of free time is akin to a unicorn, you’ll probably have to choose it over something else. You can always pay for essay at EssayPro or skip out on a party or two to free up some time. Keep in mind: protecting yourself and your data is a worthy investment.

1. Keep Your OS, Antivirus & Apps Up-to-Date

First of all, if you don’t have any antivirus software on your devices yet, install it. Be careful and opt only for trustworthy antivirus apps, however. These five can be a good choice:

  • Norton 360;
  • McAfee;
  • ESET NOD32;
  • Malwarebytes;
  • Bitdefender.

Next, if you’ve disabled automatic updates for your OS and/or apps for some reason, enable them now. These updates often contain important security fixes.

2. Check Your Security & Privacy Settings

This is an obvious step, but a crucial one nonetheless. If you don’t know where to start, go ahead and check the settings of your:

  • Operating systems.
    • Security settings: firewall, as well as reputation-based and exploit protection should be on;
    • Network settings: turn on random hardware addresses to make it harder to track your location and set the profile to “public” for any network outside of your home;
  • Browsers. Turn on:
    • Protection from trackers;
    • HTTPS-only mode;
    • Automatic cookies deletion;
    • Blocking pop-up windows and automatic script execution;
  • Social media accounts.
    • Turn on alerts about unrecognized logins;
    • Enable two-factor authentication;
    • Hide your personal data like email address and phone number from other users;
    • Restrict who can see your posts;
  • Any other accounts that process sensitive data. Those include your email, cloud storage, banking, government services, and online payment accounts. Turn on:
    • Two-factor authentication;
    • Alerts about any suspicious activity;
    • Security questions.

3. Learn to Recognize Phishing Attacks…

Most phishing attacks try to trick you into willingly giving up certain information (your credit card details, login credentials, etc.). Some of them, on the other hand, are designed to get you to download a file that contains malware.

Here are the three most common phishing scenarios you should be able to recognize:

  1. You get an email that looks like it’s from your bank. It asks you to reveal your password, answers to security questions, credit card details, or social security number;
  2. You receive an email with gibberish instead of text and an attachment in .exe, .html, .rar, .zip, or any other format;
  3. You click on a link, and it looks like a website you’ve visited before – but the URL looks unfamiliar. For example, it seems to be an Amazon page, but the domain is some variation of amazon.com.

4. …And How Not to Fall Prey to Them

Unfortunately, those three scenarios are just the tip of the iceberg. Scammers and frauds keep coming up with more creative ways to trick you. Still, there are four simple rules you can follow to minimize the risk of falling into their trap:

  • Check the sender’s email address. Is it a legitimate one? If you’re not sure, go to the alleged sender’s website in a separate tab and check their contact details. Or, google the sender’s email address itself. 
  • Hover over links before clicking them. Do they lead to a proper URL? If you’re in doubt, don’t click it. Instead, google the alleged sender or type their real website (if you know it) yourself.
  • Ask yourself these questions. Does it look too good to be true? Does it contain any errors? Does something about it feel off? If so, it’s better to ignore it.
  • Avoid opening or downloading suspicious attachments. They’re definitely suspicious if instead of a .pdf you get an .html, .exe, .rar, .7z, .zip, .bat, .com, or .bin file.

5. Have a Strong Password Policy

This is another online security rule that everyone seems to know about, but very few actually follow it. Or, they think they do – when, in fact, that’s not the case.

Here’s your checklist to make sure your passwords are strong – and remain so:

  • Create strong passwords. Your password should contain at least 12 characters and include lowercase and uppercase letters, numbers, and symbols. You can come up with a phrase and then replace some characters with numbers and symbols. Or, you can use strong password generators;
  • Don’t ever recycle passwords. If you do, a data breach in one place will compromise all of your accounts that use the same password. So, come up with a unique one for every account you create. If you struggle with remembering all of your login credentials, use a password manager or create a master rule;
  • Change them every 3-4 months. Set a reminder in your calendar if you think you might forget to do this. When you change a password, really do change it – don’t just add a number at the end.

6. Use Different Emails for Creating Accounts

There are two broad types of accounts you can create:

  1. Important ones. They include online banking, financial services, government services accounts, as well as any website or app where you make online payments.
  2. Junk ones. If you know you might get spammed with promotional messages or you don’t trust the website or company yet, the account will fall under this category.

How do you understand which is which? Imagine someone else gains access to this account. How big of a problem would it be? If the answer is “huge”, that’s an important one.

Set up two different emails for each type of account. Then, if someone gains access to the fake one, your important accounts won’t be in danger.

This will also help you notice scams. If you get an email from your “bank” in your “junk email” inbox, it’s a clear sign it’s a scam.

7. Avoid Using Public Wi-Fi Networks

Who doesn’t love free Wi-Fi, right? Well, hackers definitely love it. It’s because they can easily intercept the data exchanged between your device and a website’s or app’s server. That data can contain your login credentials, credit card details, and a lot more.

Even if you have to enter a password to connect to a public Wi-Fi network, that doesn’t mean it’s safe. Hackers can still perform man-in-the-middle attacks, send viruses to your devices, the list goes on.

But what do you do if you need the internet when you want to work not from home? Here are three pieces of advice:

  • Use your mobile internet connection. Create a hotspot if you need to connect your laptop;
  • If you can’t avoid connecting to a public Wi-Fi network, don’t make online payments or access websites and apps that deal with sensitive data;
  • Use a VPN to encrypt all of your data and hide your activity.

In Conclusion: Stay Alert

Hackers and scammers never sleep. They keep inventing new ways to use people like you to get rich.

That’s why you should always stay alert while browsing online, even if it might seem like a lot of work at first. The key is to turn these rules into habits – until they become your second nature.