Web security is no small matter these days, with hacks and breaches occurring regularly, it’s up to you to protect your personal and professional data in any way that you can. Hacks and breaches can happen anytime, anywhere online—as we’ve seen in the past:
- October 2017: Disqus, the world’s largest provider of hosted blog and website comments, announced that they were a victim of a data breach in 2012 for about one-third of the service’s 17.5 million users
- September 2017: Equifax, the USA-based consumer credit reporting agency, experienced a breach of over 143 million customer’s personal and financial information
- July 2017: Hackers obtained 1.5 terabytes of content from HBO, the cable and satellite TV provider, and then leaked the content to the public
- June 2018: MyHeritage, the genealogy and DNA testing service, incurred a breach of 92 million users’ email addresses and passwords
- March 2018: MyFitnessPal, Under Armour’s fitness and nutrition tracker app, discovered a data breach affecting 150 million of their users’ accounts
And these are just the highlights of the thousands of cyber-attacks and data breaches that have occurred over the last couple of years. Just because these are big names in the online world doesn’t mean that the same thing can’t happen to you. In fact, if it can happen to these businesses, it can certainly happen to yours, so you need to take every precaution possible to prevent anything or anyone from breaching your or your customer’s data.
Here are 15 web security tools and privacy services you can start using right now to live a more private and security-conscious life online.
Web Security & Privacy Tool #1: Sync
We mentioned in our From This to That: 15 Popular Apps We Left for Greener Pastures article that we made the switch from Dropbox to Sync for security and privacy reasons. Like Dropbox, Sync also offers file storage and sharing, however, Sync also offers full encryption so you’re the only one with the keys to access your digital files and no one who works there with the accessibility to do so could ever access your files, even if they wanted to. It’s ideal to have that extra layer of security when you store any important documents or sensitive information in the cloud because you can just never be too careful, especially when it comes to your own private information or business data.
Web Security & Privacy Tool #2: 220.127.116.11
If you’re already using a Virtual Private Network (VPN) service to maintain your anonymity online you’re already one step ahead of the game but if you’re still using the Domain Name System (DNS) assigned by your internet service provider, then you could completely be undermining the purpose of your VPN altogether and, thus, still compromising your privacy. This situation is known as a DNS leak and this article describes them best:
Usually, DNS servers are assigned by your internet service provider (ISP), which means that they can monitor and record your online activities whenever you send a request to the server. When you use a virtual private network (VPN), the DNS request should be directed to an anonymous DNS server through your VPN, and not directly from your browser; this keeps your ISP from monitoring your connection.
Unfortunately, sometimes your browser will just ignore that you have a VPN set up and will send the DNS request straight to your ISP. That’s called a DNS leak. This can lead to you think that you’ve stayed anonymous and that you’re safe from online surveillance, but you won’t be protected.
To combat this, 18.104.22.168 is a DNS resolver that allows you to change your computer’s DNS settings. So normally, when you sign up with an internet service provider—whether it’s on your phone or computer—your device is automatically configured to use your internet service provider’s DNS. What that means is that any time you go to a website, the connection first goes to your service provider’s DNS and requests access to the web address you’re looking for and then the DNS service locates the address and connects you to it.
So essentially, every time you try to go to a website on your device, you’re always going to go through your service provider’s DNS which means that they have knowledge of, and potentially even access to monitor and record, the websites you’re going to. If you’re trying to maintain a fully anonymous and private web security life online, you can see how this is an obvious problem.
When you use 22.214.171.124’s service, however, you’ll connect through Cloudflare’s DNS instead, and Cloudflare has committed to not keeping any records of DNS connection requests for longer than 24 hours, and they’ve even hired the auditing firm KPMG to conduct third-party audits to prove that they live up to their privacy and security claims.
Here’s an excerpt of their commitment to web security and privacy from their 126.96.36.199 announcement article:
We began talking with browser manufacturers about what they would want from a DNS resolver. One word kept coming up: privacy. Beyond just a commitment not to use browsing data to help target ads, they wanted to make sure we would wipe all transaction logs within a week. That was an easy request. In fact, we knew we could go much further. We committed to never writing the querying IP addresses to disk and wiping all logs within 24 hours.
Cloudflare’s business has never been built around tracking users or selling advertising. We don’t see personal data as an asset; we see it as a toxic asset. While we need some logging to prevent abuse and debug issues, we couldn’t imagine any situation where we’d need that information longer than 24 hours. And we wanted to put our money where our mouth was, so we committed to retaining KPMG, the well-respected auditing firm, to audit our practices annually and publish a public report confirming we’re doing what we said we would.
Beyond using 188.8.131.52 as a more private and secure way to browse the internet, it can also make browsing even just a little bit faster because Cloudflare owns a massive amount of online infrastructure so connection requests can take less time to go through.
Web Security & Privacy Tool #3: NordVPN
We’ve mentioned the importance of VPNs before and we’ll continue to sing their praises until every ecommerce entrepreneur jumps on board. Using a VPN is a foundational aspect of web security and something that’s super easy to sign up for and use on mobile or desktop devices.
VPNs are especially important for people using public wifi networks—like at coffee shops or airports—because literally anyone with free software downloaded to their own device can see what every other (unprotected) person using the same wifi network is doing on their computer or smartphone—including passwords, usernames, logins, and credit card information plus every website they’re going to and everything they’re typing into their browser. It’s known under the terms “packet analyzer,” “packet sniffing,” “protocol analyzer,” “network analyzer” or “packet capture” and it’s very, very real.
VPN services like NordVPN combat this web security threat by encrypting anything before it leaves your computer so it’s a much safer way to browse. Like we mentioned in the above section, some VPNs don’t account for DNS leaks but NordVPN does, which is one of the reasons why it’s regarded as one of the best VPNs on the market. Check out their DNS Leak Test to learn more.
In addition to protecting your highly sensitive personal and professional information, VPNs are also highly desirable because they enable users to bypass geo-blocked content online. So if you live somewhere that censors certain websites or you just want to watch American/British/Australian Netflix, then VPNs can get you there.
Web Security & Privacy Tool #4: Dashlane
We’ve been advocating for password managers like Dashlane since we published our How to Bulletproof Your Online Business article, and when it comes to web security it’s the absolute foundation of living a secure and private life online.
Using one, or a few, recycled passwords just doesn’t cut it anymore. Your personal and professional data is on the line so password security and privacy should be a top concern. If you aren’t protecting your data with secure passwords then you’re leaving yourself vulnerable to malicious cyber-attacks which may be more common than you think.
Hacking passwords and logins is an entirely automated process now, there isn’t someone in a dark basement manually typing in passwords and usernames one by one to see if they get a hit. No, automated bots use passwords and emails obtained from data breaches (like the ones we featured at the beginning of this article that have affected millions of online users) and they’ll run them against hundreds of other online accounts in seconds to see if there’s a match.
This means that all of your accounts are very vulnerable to security threats if you recycle any passwords at all, so to prevent yourself from getting hacked, using a password manager that creates unique passwords for every one of your accounts is essential so if one of your accounts ever does get hacked, you won’t be putting the rest of them at risk too.
Web Security & Privacy Tool #5: Authy Authenticator App
If 2-factor authentication is part of your daily routine (and it should be if you’re logging in and out of your business’ dashboards every day) then an authenticator app is something you probably already use. If not, it’s time to start using 2-factor authentication, and to do that, you’ll want to get set up with Authy.
Authy is one of the best authenticator apps on the market right now because they back up all of your codes so even if you lose your device, you can still access your accounts. Plus, Authy is also available as a desktop app as well as a mobile app so you don’t always have to access your authentication combinations from your phone—which is ideal if your phone is not conveniently accessible for whatever reason when you’re trying to log into an account.
All of the codes that are backed up in Authy’s cloud are also encrypted, so there’s that additional layer of security and privacy which should be an essential requirement from an authenticator app.
If you aren’t already using 2-factor authentication, then start by setting up 2-factor authentication on your Google account. If you’re like most people and you have a Gmail email address you’ll want to protect that under 2-factor authentication because if a hacker ever gets access to your Gmail account they can not only access your sensitive information but they can use it as a hub to change all your other passwords in order to get access to your other accounts.
The hacker would be able to see which accounts you’re signed up to based on welcome emails you’ve received in the past and they could send password resets or recovery emails to your Gmail account to change the passwords for all your other accounts to something only they would know. You can see how this could open up a potential hacker to your entire library of online accounts, but adding 2-factor authentication to your Google account adds an extra layer of security a hacker would have to get through in order to get access to your data.
Once you’ve done that, set up 2-factor authentication on other high-priority or highly-sensitive accounts. Here’s a list of sites that do and do not support 2-factor authentication.
Web Security & Privacy Tool #6: FastMail
FastMail is a privacy-focused email hosting service that’s simple and effective to use, doesn’t show ads, and offers a good mail service.
They’re a paid service, so that enables them to maintain the level of service they offer without mining out their clients’ personal data and sharing it with third-parties. They’re also based in Australia which generally has stricter privacy laws, giving them another edge for being one of the most secure and privacy-focused email hosting platforms on the market.
In addition to that, their dashboard is just so much simpler and cleaner to use, there are better options to categorize and organize emails, and the overall user experience is more premium which are additional reasons why we recommend them over other email platforms.
Web Security & Privacy Tool #7: DuckDuckGo
Search the web with peace of mind knowing that your searches aren’t being tracked thanks to DuckDuckGo. Their app and browser extension work just like search engines such as Google, however, they allow you to search privately. If you believe that your search history is your business alone and aren’t interested in other companies accessing your information without your consent, then you might want to make the switch to DuckDuckGo.
As part of their commitment to web security, DuckDuckGo doesn’t collect, store or share your personal information, they don’t follow you around with ads, and they don’t ever track your searches whether you’re in or out of “private” browsing mode. It’s search engine searching simplified, and that’s why it’s one of our essential ecommerce security tools.
As a search engine, it works generally just as well as Google does, however, we have experienced some cases where Google is more up-to-date with new launches or handles more complex queries better. That being said though, in most cases DuckDuckGo performs excellently as a search engine and we can browse with confidence knowing that our privacy is protected at all times.
Web Security & Privacy Tool #8: 10 Minute Mail & Mailinator
There are plenty of these services out there, but 10 Minute Mail and Mailinator are two that create temporary, disposable email addresses that you can use whenever you’re signing up for a free trial or using any kind of online tool or service you’re not sure about yet.
Basically, using one of these temporary email address services will keep your own email address private and will enable you to keep your own inbox free from spam mail or getting signed up to email lists you don’t want to be a part of. It can also help prevent your personal or professional email addresses from getting sold to other third-party companies or scraped by bots online.
It’s good practice to use a disposable email address whenever you’re using a new or unfamiliar online service to keep your real email address more private, so keep these tools in mind next time you sign up for a free trial or need to input an email address to get access to something online.
Web Security & Privacy Tool #9: Privacy
With data breaches occurring regularly, part of your web security strategy should be to protect your credit card information. But, with that being such a fundamental aspect of how you shop and use services online, what options do you have to protect your information from prying eyes?
One of the best options is Privacy, a credit card number generator that creates decoy credit card numbers for you to use when paying for products or services online. Privacy still charges purchases to your account, but their goal is to be an extra layer of insulation between your credit card and any hackers who obtain your information through data breaches.
Privacy is also a useful tool to use when trying to cancel services online that usually make it really complicated or difficult to cancel. When you use Privacy, you have access to a range of different options to protect yourself from fraudulent or unwanted charges like being able to pause a card between transactions so other fraudulent transactions can’t sneak through, you can set a spending limit so you can control exactly how much merchants or services charge you, and you can even close a card so even if a fraudulent person has your card information or a shady organization is trying to keep charging you for services you didn’t consent to, they can’t.
It’s as simple as generating new card numbers with a click and then managing your charges without your own personal or professional card being put at risk.
Privacy is free to use, they make money from the interchange paid by merchants (which is similar to how credit card companies make money through transactions) but unlike credit card companies, Privacy doesn’t sell their customers’ data or charge interest fees or annual fees. The one catch is that they’re currently only available to US citizens or permanent residents who are 18 and older who are the account holders of a US checking account.
Web Security & Privacy Tool #10: Ghostery
Block thousands of third-party data-tracking technologies from accessing your personal information and data by adding Ghostery to your web security roster.
Ghostery is a privacy blocker that makes browsing faster, cleaner, and safer by protecting your privacy by default. In addition to blocking ads while you browse the web, it also blocks tracking scripts—including but not limited to Google Analytics—as well as ad trackers and privacy trackers. All of these technologies are following you around the web to collect and store data about you, but Ghostery puts the control back in your hands by allowing you to block these trackers whenever and wherever you want to.
To make their service even more powerful, Ghostery uses an enhanced ad blocker to shoo away pesky online ads and they’re also the first-ever tool to combine artificial-intelligence-powered anti-tracking and blocklist technology to make browsing more secure and faster than ever. Even with its advanced features, Ghostery is still an extremely simple ecommerce security tool to use and you can turn it off at any point for any website.
Web Security & Privacy Tool #11: Little Snitch
If you’ve learned something about web security that you didn’t already know before reading this article, it might be that so much can happen behind the scenes while you’re browsing the web that you aren’t even aware of.
Whether it’s tracking scripts, ad trackers, privacy trackers, cookies, DNS leaks, packet analyzers, and more—you may not have known that you needed to protect yourself from these invasive security and privacy threats. Little Snitch, however, is a tool that unveils what’s going on behind the scenes so you can better protect yourself.
Knowledge is power, and when the invisible trackers and privacy threats are made visible by Little Snitch, you can take action to block them if you want. Little Snitch notifies you whenever an app attempts to connect to a server on the internet so you can agree to it before the connection goes through which means that no data is shared without your consent and puts you in the driver’s seat of your own privacy online.
Web Security & Privacy Tool #12: Micro Snitch
There’s so much speculation about whether the camera or microphone on smartphones and computers can be accessed by external sources, but why speculate when you can know for sure?
Micro Snitch is an essential web security tool that monitors, logs, and reports the activity of your camera and microphone so you become aware immediately if they’re ever being accessed without your consent.
Many people think that their camera only gets activated when they see the little green light come on, however, there’s lots of malware that can turn on your camera without you even knowing. When it comes to your microphone, there’s no visual indicator at all when it’s been activated so you have no way of truly knowing whether it’s being accessed or not. Unless, of course, you use Micro Snitch, in which case you’ll always be aware when your privacy is being breached.
Web Security & Privacy Tool #13: AdBlock Plus
If you aren’t already using an ad blocker to stop pesky ads from interrupting you online, AdBlock Plus is one of the top-recognized ad blockers in the industry. It’s a simple tool, but it’s one of those ones that just works and you can set it and forget it while you go about your business online.
It won’t necessarily block tracking scripts like Google Analytics so it’s good to use in conjunction with other tools like Ghostery to get all-around privacy protection. Using an ad-blocking tool can, however, make page loading faster much like using tracking script blocking tools can, which can make browsing online just that little bit faster, too.
Ad blockers like AdBlock Plus are just a fundamental web security and privacy tool that most web browsers use for peace of mind, so install it (it’s free!) if you haven’t already.
Web Security & Privacy Tool #14: OpenPhone
We’ve mentioned OpenPhone before in our Ultimate Ecommerce Business Toolbox article because it’s a super useful tool that many more ecommerce entrepreneurs need to know about. Not only does it help in the web security and privacy departments, but it’s also just convenient, efficient, and helps create efficient workflows.
OpenPhone is a service that creates disposable phone numbers for businesses that you can use as one-offs or as entirely functional phone numbers that can be operated directly from your personal device. Most ecommerce entrepreneurs use OpenPhone (other similar tools exist like Hushed, but OpenPhone is tailored specifically for the ecommerce industry) to create a business phone number for their business so they don’t have to list their personal phone number when registering for business-related things.
There are many places where merchants have to use and list a phone number for their business whether it’s with suppliers or for customer support or when registering domains or signing up for other services and there’s nothing worse than using your personal phone number only to then have a customer call it thinking it’s a business number. Awkward.
Prevent that from happening by using OpenPhone. It will keep your personal number private, but you can still conduct business as usual from your personal device. It’s simple and it’s really worthwhile to invest in especially if you’re in contact with your suppliers over the phone a lot or if you want to build trust in your brand by providing an actual phone number that your customers can call.
Web Security & Privacy Tool #15: Signal
This is considered to be one of the most secure messaging apps out there, so if you’re looking for a secure way to communicate through messages, voice, and video calls then this is the app to check out.
Other popular messaging apps like iMessage, Google Hangouts, and WhatsApp are owned and controlled by Apple, Google, and Facebook respectively, so their privacy and security intentions are up for debate. Signal, however, is a free open source project supported by grants and donations so there are no ads, re-marketing, tracking, or sharing of private user information.
All calls and messages on Signal are encrypted from end to end, adding an additional layer of privacy and security so you can communicate freely knowing that no one else has access to what you’re sharing and who you’re sharing it with.
The importance of web security cannot be overstated, so if you’re flying blind with no protection for your personal and professional data, then you’re leaving your—and potentially, your customers’—information vulnerable to malicious attacks. This is not the time to assume risk—this is the time to be proactive and take every preventative measure available to you, like the 15 ecommerce security & privacy tools we featured in this article, and make them work for your business. Put the work in now to get set up with these tools and services and reap the rewards later when you can rest assured that your site, data, and information is protected.