FBI Futurist Shares His Top 5 Tips For Protecting Your Identity Online

According to the US Bureau of Justice Statistics' latest report, 16.6 million Americans had their identities stolen online in 2012.

And as Marc Goodman, the FBI's resident futurist and former Interpol advisor, tells author and investor Tim Ferriss in the latest episode of Ferriss' podcast, 85% of these incidents could have been avoided had the victims been more careful online.

It's Goodman's job to inform the FBI of the cutting edge technologies criminals are using around the world, and that includes the tactics they use to target average individuals.

He tells Ferriss that there are some simple, highly effective web-browsing habits that everyone should practice. We've summarized them below.

1. Don't click links or open attachments from unknown sources.

Goodman says that most people like to think they're smart enough to avoid falling for an email scam or sketchy website, but the actual numbers prove otherwise.

Sure, the email that's partially in a different language asking you if you'd like to invest in diamonds is a dead giveaway, but the most sophisticated hackers are better at blending in with the crowd. If you get an email from a source with an identity you can't trace, you're best off just not clicking.

2. Make sure your software is always up to date.

You may be wary of any new software update for your smartphone or computer because you're afraid the update will slow down your operating system, you don't like the new design, or you feel like leaving your device to update for 15 minutes is unfathomable.

But besides any aesthetic changes that come with a software update, there are often key security updates included. What the more minor software updates often mean, Goodman says, is: "Our software has been riddled with security holes for the past six months ... and we're now finally fixing them."

3. Save your passwords in a secure password manager.

Don't make the careless mistake of using the same username and password for all of your online accounts. Large-scale corporate hacks are more common than ever, and those hackers routinely try retail logins for individuals' bank accounts.

Of course, you probably have too many accounts to remember a variety of crazy logins, so you're best off using a secure password manager. (Business Insider offers some recommendations in our 21-day plan for radical self-improvement.)

Goodman recommends using password managers 1Password, LastPass, or KeePass. These managers generate strong passwords for all of your accounts and give you a master password for all of them.

It may take awhile to set up, but from that point forward, you log into your manager when you begin browsing and then let it automatically fill in your login info for any of the sites you registered.

That means you'll never again have to stress over trying to remember a password or fearing that your identity was stolen.

As a bonus tip, which Goodman agrees with, Ferriss recommends you take advantage of any 2-step verification available. Google, for example, protects Gmail access from a computer it doesn't recognize by sending a password to your smartphone.

4. Use a virtual private network (VPN) when browsing the web in a public place.

If you regularly use WiFi at your local coffee shop, you should invest in a VPN subscription from a service like Private Internet Access or TorGuard.

A VPN extends a private network across a public network, meaning that through encryption your data will be inaccessible to anyone who may be up to no good.

Goodman points out that all it takes is a simple browser plug-in like Firesheep for a hacker to nab unencrypted cookies, data that contains your login info for sites like Facebook and Twitter, over a public network.

5. Don't use your computer's admin account as your primary account.

On your personal computer, keep your admin account - which has complete access to your computer - separate from a personal account that you'll otherwise use for almost everything besides major software updates and preference changes.

Why? "Because if you click on the email from the 'Nigerian prince' by accident and get your computer infected, if you're already logged into an admin account, then that code needs no further permissions to go ahead and infect you and get onto your machine," Goodman says. If you make this mistake and you're on a non-admin user profile and get a request to enter your admin password, it's a good sign that user has been hacked.

Goodman includes more "cyber hygiene" advice in his upcoming book "Future Crimes," out in February. You can listen to the rest of his conversation with Ferriss at Ferriss' blog or iTunes, and can sign up for his newsletter.