Justin Schuh knows a thing or two about internet security best practices.
Before Google hired him as its very first, full-time security engineer for its Chrome browser back in 2009, he'd already had experience working for IBM, the NSA, and the US Marine Corps.
As one of Google's tech lead managers for Chrome, he's now responsible for making sure the browser stays secure from attackers through infrastructural preventative measures.
While he and his team toil away on strengthening Chrome's architecture, there are a lot of things the average person can do to stay safer online.
Schuh gave Business Insider some of his top, easy tips:
1. Avoid using public computers, and if you are using a public computer, it's best to assume that whatever information you access on it could be be public.
When you're working on a public computers - like at a hotel or in the library - don't check your bank statement or sign into any other sensitive accounts.
"It's too big of a burden on the system maintainers to really keep those kinds of system safe, so it's best to keep what you do on them to public research," Schuh says.
2. Use separate passwords for different services. Really.
Yes, memorizing a bunch of random passwords can feel like a big hassle, but having the same one for every account is needlessly dangerous.
"Password managers can really help with creating and remembering lots of strong passwords," Schuch says. (learn more about a few options here).
3. Use two-factor authentication whenever possible.
Two-step verification is a way for websites to confirm that you are who you say you are when you try to log in, usually through a code that gets texted to you.
"A lot of the drive-by attacks can be significantly mitigated with two-factor," Schuch says.
Here's how to set it up for Facebook, Google, Microsoft products, and more.
4. Think twice before installing a new plug-in
Schuch says that over the years he's been at Google he's seen an increase in malicious third-parties tricking users into downloading plug-ins or other executables. Users will download (sometimes despite warnings from their browsers), and then the tool will do something like reset all their preferences, monitor and log their keystrokes, or funnel their search requests to a third party.
Really investigate a new plug-in before you install. An easy way to make sure it's not sketchy is just by Googling its name and seeing what comes up.
"Chrome does a really good job of protecting you," Scuch says. "We saw the problem of bad plug-ins several years ago, and we spent a lot of work trying to address that."
Over the course of the next six months, he said, Google won't offer any "un-sandboxed" plug-ins for Chrome. When a security team sandboxes something, it means they've actually tested out the untrusted code or programs. So, soon you won't be able to download a plug-in for Chrome that hasn't already been thoroughly checked.
5. Keep an up-to-date browser.
Browser security teams work around the clock to protect users from risks. But all their hard work will go to waste if you're using an old version of your internet browser.
Chrome pushes major new releases every six to eight weeks, with minor releases every two to three weeks, and Goolge will make your life easier by updating your browser automatically. However, if you don't use Chrome, double check that you're working with the latest version.