Everyday Cybersecurity

1. You are a target: Understand cybersecurity basics to protect yourself

Even if you think you aren't, you are the target.

Everyone is vulnerable. Cybercriminals don't discriminate based on wealth or status. They target anyone with valuable information, including bank accounts, credit cards, personal data, and even computing devices. Your information and devices can be used for financial fraud, identity theft, or as part of larger attacks.

Understand the basics. Cybersecurity involves protecting your devices, networks, and personal information from unauthorized access or theft. Key concepts include:

• Confidentiality: Ensuring only authorized individuals can access information
• Integrity: Protecting data from unauthorized changes
• Availability: Ensuring data is accessible when needed

Take action. Implement basic security measures:

• Use strong, unique passwords for each account
• Keep software and operating systems updated
• Install and maintain anti-malware software
• Regularly backup your data
• Be cautious of suspicious emails, links, and attachments

2. Create strong, unique passwords and use multi-factor authentication

Secure passwords, and their protection, are so foundational to good cybersecurity, this chapter will be longer than others.

Length and complexity matter. A strong password combines length (at least 16 characters) and complexity (mix of uppercase and lowercase letters, numbers, and special characters). Longer passwords are exponentially harder to crack. For example, a 16-character password using 70 possible characters has 3.32 x 10^29 possible combinations.

Use unique passwords. Never reuse passwords across accounts. If one account is compromised, others remain secure. Consider using a password manager to generate and store strong, unique passwords for each account.

Implement multi-factor authentication (MFA). MFA adds an extra layer of security by requiring two or more forms of identification:

• Something you know (password)
• Something you have (phone or security token)
• Something you are (fingerprint or facial recognition)

Enable MFA whenever possible, especially for important accounts like email, banking, and social media.

3. Keep systems updated and use anti-malware software

Keeping the operating system and applications up-to-date is among the most critical but unimplemented practice to maximize protection.

Updates patch vulnerabilities. Software updates often include security patches that fix known vulnerabilities. Cybercriminals actively exploit these weaknesses in outdated systems. Regularly update your:

• Operating system
• Web browsers
• Applications, especially those handling sensitive data

Use anti-malware software. Install reputable anti-malware software and keep it updated. This software helps detect and prevent various types of malicious software, including:

• Viruses
• Trojans
• Ransomware
• Spyware

Remember that no anti-malware solution is 100% effective, so combine it with other security practices for best protection.

4. Backup your data regularly and securely

Reality check: your data is not secure until you have reliable backups in place.

Implement the 3-2-1 rule. Create three copies of your data, store them on two different types of media, and keep one copy offsite. This strategy protects against various scenarios, including hardware failure, malware attacks, and physical disasters.

Backup options:

• Local backups: External hard drives, network-attached storage (NAS)
• Cloud storage: Services like Dropbox, Google Drive, or dedicated backup solutions

Secure your backups. Encrypt sensitive data before backing it up, especially when using cloud storage. Regularly test your backups to ensure they can be restored when needed.

Automate the process. Set up automatic backups to ensure consistent protection without relying on manual intervention.

5. Be cautious of phishing and social engineering attacks

Social engineering is using human psychology to manipulate people into doing something they may not have done otherwise.

Recognize phishing attempts. Phishing emails often:

• Create a sense of urgency
• Contain grammatical errors
• Use generic greetings
• Request sensitive information
• Have suspicious links or attachments

Verify before acting. If an email seems suspicious:

• Don't click on links or download attachments
• Contact the supposed sender through a known, trusted method
• Check the email header for inconsistencies

Be wary of social engineering tactics:

• Pretexting: Creating a false scenario to obtain information
• Baiting: Offering something enticing to trick you
• Tailgating: Following an authorized person into a restricted area

Remember, legitimate organizations won't ask for sensitive information via email or unsolicited phone calls.

6. Secure your home network and Internet of Things (IoT) devices

Because increasing your security and privacy is what this book's about, this is a heads up. A basic understanding of cryptocurrency is also helpful when we later discuss a fairly new form of malware called cryptojacking.

Secure your router:

• Change default administrator credentials
• Use strong encryption (WPA3 or WPA2)
• Enable the firewall
• Keep firmware updated

Protect IoT devices:

• Change default passwords
• Regularly update firmware
• Disable unnecessary features
• Use a separate network for IoT devices when possible

Be cautious with smart devices. Consider the privacy implications of devices with microphones or cameras. Review and adjust privacy settings accordingly.

7. Protect your identity and monitor for fraud

Identity theft occurs when someone else pretends to be someone they are not.

Monitor your credit. Regularly check your credit reports for suspicious activity. U.S. residents are entitled to one free credit report annually from each of the three major credit bureaus at AnnualCreditReport.com.

Consider a credit freeze. A credit freeze prevents new accounts from being opened in your name. It's free and can be lifted when you need to apply for credit.

Watch for warning signs:

• Unexpected bills or credit card charges
• Calls about debts you don't recognize
• Denial of credit for no apparent reason

Act quickly if you suspect fraud:

• Contact affected companies to close fraudulent accounts
• File a report with the Federal Trade Commission at IdentityTheft.gov
• Consider filing a police report for cases of criminal identity theft

8. Safeguard your physical documents and digital assets

Securing PII is comparable to preparing for a possible emergency, which, in the context of this book, is to protect against identity theft.

Secure physical documents:

• Use a locked filing cabinet or safe for sensitive documents
• Shred documents containing personal information before disposal

Protect digital assets:

• Encrypt sensitive files on your devices
• Use strong passwords and two-factor authentication for online accounts
• Consider using a password manager to securely store login information

Plan for the unexpected:

• Create a list of your digital assets (accounts, passwords, etc.)
• Store this information securely and share access with a trusted individual for emergencies

9. Educate your family on online safety and privacy

Children need to know you have the option at any time to view the contents of whatever device they are using—and which you have provided and/or pay for.

Start early. Teach children about online safety as soon as they begin using the internet. Topics should include:

• Not sharing personal information online
• Being cautious of strangers on the internet
• Recognizing and reporting cyberbullying

Set guidelines:

• Establish rules for internet and device usage
• Use parental controls and monitoring software when appropriate
• Keep computers in common areas of the home

Lead by example. Demonstrate good cybersecurity habits in your own online activities.

10. Stay informed about data privacy laws and regulations

From 2016 through 2018, "more than 11.7 billion records and over 11 Terabytes of data were leaked or stolen in publicly disclosed incidents."

Understand your rights. Familiarize yourself with data privacy laws like the General Data Protection Regulation (GDPR) in the EU and the California Consumer Privacy Act (CCPA) in the US. These laws give individuals more control over their personal data.

Key rights under GDPR:

• Right to access your data
• Right to be forgotten (data deletion)
• Right to data portability
• Right to be informed about data collection and use

Take action:

• Review privacy policies of services you use
• Opt out of data collection when possible
• Request deletion of your data from services you no longer use

Stay informed about new privacy laws and regulations as they develop, and take advantage of the protections they offer.

Last updated: July 31, 2024