About a month ago, Yahoo admitted that hackers had stolen details of over 500 million of its users in 2014. And WikiLeaks has been in the news the last few months as it has been releasing the “Podesta files” — emails exchanged between John Podesta, the chairman of Democratic presidential nominee Hillary Clinton’s campaign, and a large number of Democratic Party leaders, including President Barack Obama.

Earlier this month, the U.S. officially blamed Russian hackers for targeting the Democratic Party, and a report in September warned that Russian hackers were targeting dozens of U.S. companies. Celebrities have had their photographs and other personal details stolen from online vaults and U.S. athletes had their medical records released. According to the Federal Trade Commission, there were over 42,000 cases of identity theft in January 2016 alone. The list goes on.

So, when national political parties and large multinational technology companies are not able to keep the hackers out, what is the average person to do to keep herself or himself safe online?

As the Yahoo hack showed, if an online service uses servers that aren’t secure, its users are at risk. So the first step toward personal online safety would be to choose a service that’s secure. Emmanuel Schalit, CEO of password management service Dashlane, told International Business Times: “Make sure the services you are using are secure: Even the tech-savviest among us who take every step possible to ensure their online security are no match for a website or app that seriously lacks in security protocols.”

But since, as a user, you have no control over a website’s or an app’s architecture and security protocols, Schalit and other online security experts all advise using different complicated passwords on different websites and changing them often. But since remembering them all can be a challenge, if not downright impossible (especially if the password is a randomly generated sequence of characters), password managers can come in handy. They can both generate strong passwords as well as remember them for you.

“This ensures that even if one account is breached your other accounts will be secure. Some breaches aren’t discovered or announced for years, like is the case here for the Yahoo breach that happened two years ago, so you never know when your information might be vulnerable,” Schalit said, urging users to delete old emails that contain login details for other accounts.

Passwords can also be strengthened by using two-factor authentication. 2FA is already used by many banking websites and businesses compulsorily, and users can choose to use the feature for services like Google. When using 2FA, users combine their passwords with another piece of information — such as a one-time PIN sent to their registered mobile number, the answer to a secure question or even physical data such as a fingerprint scan — to log in to their accounts. A 2FA feature launched by LogMeOnce, a McLean, Virginia-based security company, last month, removes passwords altogether from the logging-in process.

Alex Heid, chief research officer at SecurityScorecard, a Google-backed cybersecurity rating and risk monitoring platform, told IBT that consumers should make sure they update the operating systems on their mobile devices in a timely manner, and that they should be careful when opening or executing attachments received via text messages or email. He also said that the average non-sophisticated hacker attempts to use easy public exploits.

Hacking A hacker, who requests not to have his name revealed, works on his laptop in his office in Taipei, July 10, 2013. Photo: Pichi Chuang/Reuters

Speaking of easy exploits, Schalit from Dashlane recommended people to watch their public Wi-Fi use.

“These days, it’s not uncommon for folks to login to public Wi-Fi everywhere, but what most don’t realize is that it can leave you vulnerable to a hack dubbed a man-in-the-middle attack. A man-in-the-middle attack is a situation in which a malicious eavesdropper (the ‘man in the middle’) is able to read (or write) data that is being transmitted between you and the website you’re browsing. The attacker is typically a link in the chain through which data travels as it goes from you to the website or vice versa, and they have been able to successfully impersonate each side to the other, hence getting total access to the communication,” he explained.

To avoid such hacks, Schalit suggests people refrain from using public Wi-Fi networks such as those in coffee shops and airports, etc. And if you do use them, be sure to delete them from the list of saved networks on your device.

Some of these tips seem inconvenient, surely, but with hackers getting increasingly sophisticated, it is perhaps better to be safe than sorry. Unless, of course, you decide instead to reduce what you do online.