Today the news is full of stories about data breaches from various businesses, and chances are you’ve had personal information leaked. We are living in a challenging time when keeping our private information safe online has never been so tricky.
It doesn’t have to be that tricky, though, and in this article, I’m going to outline 14 tips to keep yourself and your family safe.
Before we get into the actual methods of keeping yourself safe, I want to write a few short words on why you should care about cybersecurity, and how it affects you and those you care for.
If you’ve never experienced a hack, it may be hard to justify trying to ramp up your cybersecurity. However, as technology progresses and as we create more and more accounts, the likelihood that you will experience such an attack increases at a staggering rate. Therefore, it’s better to prepare for a potential attack rather than wait to clean up after it’s already happened.
Additionally, you are not the only person you’re putting at risk by settling for lackluster cybersecurity. By leaving your account wide open for potential compromise, you risk a hacker using your account to message loved ones. Phishing and other social engineering attacks are much easier to complete when they come from a “trusted” source, such as a family member.
Using a password manager is crucial for account security. The easiest way hackers break into accounts is through password stuffing. Essentially, a hacker will find a password through a leak, then “stuff” the password into any account they can find of yours to see where you’ve used the password before. If you use one “main” password, you are at high risk of this kind of attack.
So how does a password manager work? It’s very straightforward. The password manager will create unique, strong passwords for all of your accounts. You protect these passwords with one master password of your choosing or, ideally, a passphrase.
A passphrase is precisely what it sounds like. Instead of a single word with a few numbers tacked on to the end, you choose a sentence (with various numbers and symbols) to represent your password. An example of this would be choosing @YouShouldTakeCyberSecurityM0reSeriously! vs cybersecurity101. Remember, this passphrase protects all of your passwords. You want to ensure it’s as unbreakable as possible.
But why should you store all of your passwords in one place? Wouldn’t that mean if someone broke into your password manager, they’d have access to all of your accounts? Or what if a rouge employee decided to take a peek into your account at the password manager HQ? Well, not so fast. Password managers use military-grade encryption protocols and zero-knowledge architecture, meaning there is virtually no way that the passwords stored in the manager are leakable.
Let’s say you forget to use a password manager on an account, and someone uses a leaked password of yours to log in. In most cases, this is the end of that account. The hacker has full reign of your credentials and personal information stored in that account. What if this wasn’t the case, though?
Most social networks and online accounts worth their salt support a two-factor verification feature. What is two-factor verification? Again, precisely what it sounds like, a second factor for logging in to your account. This second factor can be an email address, a phone number, or an authenticator app (more on those later).
Even if a hacker has your password, they’ll need access to your email or phone number to log in. This makes the process incredibly difficult, especially considering many email providers require 2FA as default.
Wherever 2FA is available, enable it. It only takes a few extra seconds to log in and will protect you from hours or days of hardship down the line.
So your passwords and accounts are secure, but what about your phone or computer? The simplest way to keep your devices secure from compromise is to enable automatic updates.
While it can be annoying when your phone or computer gets a significant update, changing everything from what you’re used to. These updates often contain integral security updates that secure the phone or computer from vulnerabilities.
No update is perfect, though, and zero-day vulnerabilities will always exist. However, these vulnerabilities are typically only used by sophisticated hackers targeting high-net-worth or highly influential people. Not something that most need to worry about.
Have you ever received a message from your banking institution or online account saying your account was compromised? Only to have them then ask for your email and password for “security” reasons? This is a common form of attack called phishing. Using a similar domain and website layout to entice individuals into putting their password and 2FA information directly into the hacker’s hands.
There’s no way to avoid altogether getting phished except to be aware of the red flags. The main things to look for are as follows:
Again, there’s no way to avoid receiving phishing scams, only to be aware of them so you can report and delete them. If you are still unsure, reach out to someone familiar with cybersecurity or call the account to which the potential phishing scam is related to confirm that they sent a link to you.
We all want our friends, family, and colleagues to be able to reach us when they need to. But this doesn’t mean you should give out your email or phone number for free online.
The most common example of this cybersecurity misstep is on professional social accounts such as LinkedIn or Instagram Business accounts that allow you to publish contact information publically. Getting your email or phone number is a hacker’s first step in securing the rest of your identity. In the digital age, you should protect your email and phone number like you protect your SSN, only giving it out to institutions with which you have the utmost trust.
Of course, you still want people to be able to contact you. If you have to protect your email and phone number like an SSN, how is someone supposed to reach me? The answer is simple, two emails, one for contact, one for protected information. And for those at higher risk of attack, two phone numbers, one for communication and one for protected information. Luckily, emails are free, and you can easily port your current phone number to Google Voice to keep in contact, using your carrier phone number only for protected information such as bank accounts.
Check your social media channels for PII that you may be broadcasting out into the world for free. If you are, privatize it or remove it. Only disclose an email or phone number that you don’t use for other accounts.
It’s incredible how many people still use debit cards for everyday transactions. Not only are you not racking up sweet rewards points (a topic for another day), but you are potentially giving hackers a one-way ticket to your bank account.
Hackers can quickly drain your bank account if they access your debit card. In contrast, they only have access to the lending institution’s credit line with a credit card. Of course, banks have ways of refunding fraudulent charges, but as a rule, they are much more difficult to process than credit card transactions.
You should only use your debit cards at ATMs, and even then, wiggle the card reader to ensure it’s not a fake reader setup to steal your information. Credit cards should be used for all other transactions, online and offline.
Leaks are just a fact of life. There’s no way to avoid them except to go ghost and live off the grid. Most don’t want to do that, though. And for most of us, the best way to protect ourselves from leaks is to know when they happen.
Now that doesn’t mean you have to watch the news 24/7, waiting for the next major leak to happen. There are monitoring services that will do this for you. Two of the foremost providers of such services are Mozilla and haveibeenpwned.com. These services will track your account information, such as emails, scanning the most recent leaks for instances of your data. They will then send you an email notification notifying you of the leak so you can take charge and change your password for that service.
This has the additional benefit of exposing which accounts may be insecure to begin with, possibly persuading you to leave that platform or service entirely.
The final step in the bare necessities of cybersecurity is installing AdBlock on your browser. Not only will AdBlock make your internet browsing experience faster and ad-free, but it will also protect you from trackers and shady websites.
The most popular AdBlocker (and the one I use) is UBlock Origin, available on many of the most popular internet browsers. Unfortunately, Chrome plans to drop support for these adblockers, so I’ve switched to Firefox for my internet use. If you want the safest possible internet browsing experience, I recommend doing the same. Firefox makes importing all your Chrome information easy while being a more secure and open-source browser overall.
VPN stands for Virtual Private Network. It’s essentially a tunnel through the internet, hiding your computer from potential hackers. VPNs are essential for hiding your IP address. If a leak happens, your stored IP address within the leak will be false, not leading to your actual location.
Additionally, most VPNs route your internet browsing through an encryption algorithm, rendering your internet searches, account logins, and more as garbled text.
There are many more benefits to VPN use even beyond cybersecurity, but that could be its own separate article.
An email relay is a pass-through forwarding service to hide your actual email address from online accounts. Instead of giving out your actual email, the account will receive a randomly generated email address unique to that account. All emails will be sent to the random relay address and then forwarded to your inbox.
Two providers of this service are Mozilla and Apple. I use Apple’s service because it is included in my iCloud subscription, but there are no apparent benefits to picking one over the other unless you primarily use Apple products.
Email is a primary method of communication for most of us. Often, it’s a communication method that we send some of our most sensitive information for work and personal reasons. This is why for those of you that want to take your cybersecurity to the next level, I recommend using an encrypted email service such as Protonmail.
Encrypted email services keep your emails safe from hackers, garbling text and PII as it flows through the internet, making it impossible to intercept legibly.
Additionally, suppose you store sensitive information using cloud services. In that case, you may want to consider using one of Proton’s other services, encrypted cloud storage. This works the same way as an encrypted email, garbling documents in the cloud and translating them to actual information, given you have the proper authentication.
Virtual credit cards are set-limit or one-use cards stored online, so you never have to reveal your credit card number to whatever provider you purchase from. Instead, your account is connected directly to your bank account, so the money will be withdrawn as if you were using a debit card, but instead of giving out your debit or credit card information, you’re giving out a virtual credit card number that you can delete at any time.
The provider of this virtual credit card service that I use is privacy.com. An excellent choice for anyone worried about giving their credit card information out online.
While using 2FA is exceptionally effective at deterring would-be hackers, there are still ways hackers worm their way through. For example, suppose a hacker gains access to your email or phone number (through sim-swapping). In that case, they can easily change your password and access your account. How can we avoid this? By using an authenticator app.
Authenticator apps like Microsoft or Google Authenticator connect to your accounts and generate random keys. These keys act as your 2FA to gain access to your accounts. That way, a hacker would need access to your physical, unlocked phone to access your account, a rare scenario.
There’s no way to completely protect yourself from hacking. But, if you follow the steps in this article, you will make yourself a much more difficult target for a hacker.
I like to describe cybersecurity as locking up your bike: if you have no lock whatsoever on your bike, then you better not care about it because someone will steal it. If you have a cheap bike lock, you’re bettering the odds, but even a low-skilled attacker can cut the cable. If you have a beefy chain on your lock, the attacker will have an even harder time trying to steal your bike and may not even bother.
This means that the harder you make yourself to hack, the more likely a hacker will give up and try for an easier target. Most of us aren’t targeted by mastermind hacking groups or governments, so having the bare necessities covered will, in most cases, be more than enough to keep you, your friends and family, and your accounts safe.
But we can't help you if you don't say "Hello." No pressure. Really.