Be careful where you enter your username and password
There is a well-known attack on the internet called Phishing where attackers email you an email which is EXACTLY like an email your bank would send you or paypal asking you to login to your account for various reasons such as Unclaimed Tax , A security problem or a problem. When you click on the link you sign in , but unknowingly to you , you it has just sent your username and password to the attacker.
Make sure when you click on an email you are actually going to www.gmail.com if logging into email and not www.g-mail.com.
Use Open ID / OAuth where you can
Open ID is a methodology of using a third party to authenticate yourself with for another website. For Example recently as Dropbox got hacked and their User Database leaked you can now sign into Dropbox with your Google Account. The two other main accounts you usually find are authenticating with your Facebook / Twitter account. These are GIANT organisations who invest heavily in layered security to make sure their User Databases will never get breached, as well as monitoring your behaviour to detect suspicious logins from new countries and asking for extra verification.
This enables you, just having to worry about securing your facebook/google account with a long and secure password instead of multiple accounts and it also enables Startups like dropbox to outsource it's user's security.
Use a password manager which will allow you to have a different password for each website
Most web browsers will come with one of these for free ( which save your Username and Passwords ). This enables you to have a separate random password for each site so if one does get hacked , you don't have to worry about the attacker having the same password for all your other sites.
Enable Two Factor Authentication on accounts where you can
Nowadays a 13 Character password with Uppercase , Lowercase , Digits and Symbols is still not strong enough to be compromised. Passwords get stolen in a variety of methods so you need an extra layer which changes all the time. This is something called 2 Factor Authentication and its usually done on your mobile device, so when you login you are asked for a Key which can be generated from your phone or SMSed to you.
Sign up to https://haveibeenpwned.com/
When you sign up to a third party website such as LinkedIn and Dropbox , you usually sign up with a username and password that is generic across your other logins such as your email and bank accounts ... right? This is usually due to one password being hard to remember. Unfortunately sometimes these sites get hacked and the attacker downloads the whole website and can get these details. They then use these details for example to login to Paypal and send themselves money!
Signing up to this site means as soon as one of these sites gets hacked and released to the public , you get alerted so you can change all your passwords
Be careful for Spear Phishing
We will be covering this in more detail in a specific post , however briefly, Spear Phising is an email that appears to be from an individual or business that you know. But it isn't. It's from the same criminal hackers who want your credit card and bank account numbers, passwords, and the financial information on your PC. There are numerous ways this can be blocked which we do for our existing customers , however when handing over information via email especially financial transfers always double check with phone calls!