being safe online

We now live huge chunks of our lives online, and do ever more of our financial transactions and interactions via email, applications on our phones, and through websites.
As a provider of financial planning and investment advice, I am perhaps a little more sensitive than most to what can go wrong in terms of online security and privacy.  The recommendations below are not intended to be comprehensive or "fail safe", but could form a foundation for improving online safety.

lock your phone

This one should be obvious, but it seems that a number of us out there in the world are still resisting the step to add a PIN, fingerprint, or password to our smartphone.  These devices typically have unrestricted access to email, social media, and maybe even financial accounts via apps.  Accidentally leaving an unlocked phone on the bus, coffee shop table, or a park bench can provide one-stop access to a stranger.
At a minimum, a 4 digit PIN or "pattern lock" can provide a measure of protection, especially against the mildly curious.
BONUS: take a minute to review the "remote lock" function for your phone model, operating system, or carrier.
iPhone Remote Lock Instructions
Android / Google Remote Lock Instructions

go two factor

An increasing number of accounts (email, Facebook, Twitter, etc) offer what is called "two factor" or "two step" authentication or log-in.  What this means in brief is that to initially access your account on a new device (phone, laptop, tablet) you must have both the password AND a code sent to a trusted device.  So you may be logging into Gmail on a new computer and Google will send a text message to your phone, adding a layer of security to that log-in.
Generally, you can choose to have your account "remember" that device, so you do not have to go through the two step process every time.  HOWEVER, if you are using your phone as a part of this two step process, it becomes even more important to password protect or otherwise lock your phone.

passwords are crucial

 The first line of defense against another person accessing private accounts may just be having a decent password.  Gone are the days of being able to pick a pet's name or a clever but simple combination of initials and birth date.  And it is not reasonable to use the same password for multiple services.
Current best practice in strong passwords require length and randomness.
One approach could be a string of 8+ random numbers, letters (both lower and upper case), and symbols.  A challenge with this option is that the password can be overly difficult to remember even one account, much less a similar string for dozens of accounts.
A second option can be a "phrase" or combination of random words: "bananaumbrellafloristdog" is an example that may work in some scenarios...throwing in a number or symbol would make it better.
​Using a "password manager" may be helpful for some people, or having a readily accessible (but secure!) reference with various passwords could be supportive.

browse aware

Some browsers (the software you use to access the internet) now default to a "secure" mode when possible.  You can check whether your access is in this secure mode or not by looking at the address bar.  The actual language or graphic varies by browser, although most will show some version of a "lock" and include the letters "HTTPS"; an example from Chrome is in the image below.  To be clear, being in "HTTPS" vs "HTTP" does not guarantee against invasions of privacy or remove any personal responsibility for security, but is better on a relative basis.