When you start practicing this stuff you are going to realize how easy it was to practice good Cyber Security all along and have peace of mind that doing a few things makes all the difference.
Seven Habits Cyber Secure People
HABIT # 1: Keep your devices physically secure and refrain from letting others access your devices
Anyone who knows a thing or two about Cyber Security can tell you that physical security is where Cyber Security starts. What most people don’t seem to know is how important this is and why they should care. If you permit others to have physical access to any of your devices, chances are that they can gain access to your personal information. Without describing specifically how this is done on a particular platform we will discuss the overall concept.
Most systems have either a Password Recovery feature or a boot sequence with a special program on a disk. These are intended to permit yourself to recover access to your system and its information in case you forgot your password or somehow locked yourself out of your computer. When an attacker uses these tools they can gain access to your machine and most of the time and all the information that is on it. Given enough time they can run specialized programs that crack passwords and get access to everything on your machine.There are a few strategies to curtail someone from having access to your valuable information.
First, consider keeping your valuable information on a laptop for which you keep strict control over. Laptops are portable, and easier to keep secure. You can take a laptop anywhere with you or you can lock it up in a safe or in a closet of your home. Use it for storing your valuable information, such as financial records, copies of deeds, copies of personal information, applications, and other information about your assets.
Second, if you keep your valuable information on a desktop computer, rather than having your desktop computer in your living room out in the open for anyone to access, keep your computer in a separate room of your home or designated office, and keep that room under lock and key. In addition consider purchasing a desk where the computer itself can be locked inside a cabinet of the desk. If you want to provide Internet access to people who visit your home, consider having a guest computer out in the open for them to use. Do not use this computer for storing your valuable information.
Third, for greater portability of your information consider using either cloud or network storage for which you maintain strict access to yourself. Set up a ridiculously difficult password on the storage, or enable 2 factor authentication if it is available. Store all of your valuable information on this storage encrypted and do not store local copies of these records on any of your machines. From time to time run backups and store your backups offline in a safe place.
Habit # 2: Have unique and strong passwords for each email, financial, and social account
We can’t seem to beat this drum loud enough, we have written about this in other guides and its worth repeating. Passwords are your first line of defense for protecting your information. One could say that your Cyber Security is only as good as your passwords, and you would be mostly right. The problem is that many people choose easy-to-guess passwords. Most people choose a passwords that are either extraordinarily easy to type or something easy to remember that is personal in nature to themselves. For instance the most popular password used by people is “123456”. Its also popular to use keyboard walks such as “qwerty” or “qazwsx”. If you are using a password similar to this in nature or one that has your loved ones name, child’s name, or family pet’s name you are asking someone to steal your information. I could go into extraordinary detail on how people crack your passwords with time and energy, but I wont, instead I am going to jump to the point and tell what you should be doing.
Select passwords that are 15 characters contain 3 uppercase letter, 3 lowercase letters, 3 numbers, and 3 special characters. The password should be unrelated to you personally and if you can avoid it don’t use any actual words in your password. Instead memorize a phrase, and use the first letter from each word in the phrase to make your password from using the rules stated above. In addition have a unique same password for each bank account, email, and social account. Finally, never share your password with anyone, keep your passwords private. There’s so much information about password security we wrote a guide on that all by itself if you would like to learn more.
Finally, consider using a password management program such as e-Wallet or similar program where you can store your passwords in a program that encrypts your passwords. The downside is that if you don’t set a sufficiently strong enough password for the program, if someone were to guess what that password was then you have compromised all of your passwords. With so many passwords for different kinds of accounts you will need a strategy for keeping your passwords safe.
HABIT # 3: Update your software immediately when updates become available
Seemingly every day there is a new software bug or security vulnerability discovered. These vary in severity, but all stem from an unintended flaw of using the software. When these vulnerabilities are discovered the chances are its too late to implement a fix before hackers take advantage of the flaw. Often times the vulnerabilities are discovered because someone has already started to exploit the flaw, but they may not have reached your computer yet.
You want to update your software immediately when patches are made available, so you can avoid becoming a victim of an exploit that is known to exist. These updates happen on a regular basis and if you are annoyed by them its understandable, they annoy most people. However, what is more annoying? Doing the updates or having your identity stolen and finances in ruin? A method for making this less of a chore is to get in the habit of closing all your windows at the end of the day and have your computer set up to automatically install the updates. If the updates require you to manually run them and restart your computer, you can either do this at the end of your day or the next time you log into your computer, since you have already closed all of your windows.
HABIT # 4: Spot email cyber scams and delete the emails without opening them
What many people do not know is that many cyber threats can be thwarted if you can recognize them. Often times cyber threats require you to do something in order for the attack to work. The hacker has devised a scheme aimed at tricking you somehow. If you fall for the trap then they have you in their clutches. The best thing you can do is to be paranoid about your activities when it comes to email, and web surfing.
When checking your email, pay attention to the email addresses of the emails you are getting. If it looks like a friend emailed you, inspect the email address to make certain that the email is coming from a reputable source you have heard of before. When you receive forwarded emails be cautious of opening them and if forwarded email looks like spam just delete it without reading it. Send the friend a message back asking whether they actually intended for you to get the email. If you notice that there is an attachment to an email, ensure that the email is coming from a reputable source before opening it. If you can’t recognize the source delete the email without opening it. If you open the email and subsequently download the attachment, ensure to virus scan the attachment before running it on your computer. Don’t download games such as “Elf Bowling” if people send these to you in email. Don’t open gimmicky games, pictures, video clips, and other stuff not needed. and When you open your emails and read them be cautious of opening links links in the emails, again if it looks suspicious then be paranoid and don’t open them.
HABIT # 5: Spot harmful websites and take your business elsewhere
When it comes to browsing the internet there are a few things to be cautious of while surfing. You should be cautious of site that aren’t practicing the best security practices. Be cautious of sites with popup windows pretending to be warnings to update your computer or antivirus somehow. Be cautious of creating accounts on sites that are not well known.
Websites are not practicing best security practices if padlock in your browser is ever not locked. If the padlock is open, it means that the site is not properly configured for security, do not log into the website, and don’t share you personal information on that site. The best security practice web developers are following today is to make everything https and redirect any http traffic into https. When visiting a website properly configured for security, every page should have the padlock locked.
Be extremely paranoid of random popup windows asking you to do anything like change a setting or download a program. There are many sites out there that trick people in this way. They claim a security setting is preventing you from viewing the page properly and ask you to change it. Or another site might say they have detected a virus on your system, and they have the tool to remove it for a fee. Yet there are others that claim your internet connection isn’t optimized and you need their program to speed things up. Theses sites are not being truthful and they can not access this information on your computer to know in the first place if your computer is setting are incorrect, infected, or slow. Don’t fall for these traps, a great deal of them are scams, and once you do download their program after paying money, their software will report that your computer is beyond fixing and that you need to pay even more money for their staff to fix your computer for you over the internet. These scams are actually infecting your computer with their own virus, and once you run their program they own you computer and its information.
Be cautious of creating accounts for sites you never heard of or that are not well known. You don’t know whether the site is storing your passwords in clear text or encrypted. If you find reason not to trust a site, create an account with a unique username and password, and also an alternate email that is not your primary email. This will limit their ability to cause you harm. If they have a social login capability use that instead because your personal username and passwords wont be shared with the website, it also means that the website is a little more trustworthy, because their site is tied to a specific person on a social media.
HABIT # 6: Don’t trust WIFI, not even your own.
WIFI has been found to not be secure. All of the standards for WIFI at the time of this writing have been found to be flawed and cant be trusted. People who care about their Internet security didn’t trust WIFI before it was known to be broken, so this is a mute point for them. Even using https over WIFI is not secure as https is also not as secure as once thought. It too has been found not be secure and there are man-in-the-middle hacks to read all of your traffic.
When out in the public you should think twice before connecting to WIFI because it is free. There is no way for you to know if someone is capturing traffic and reading your information. Your email, financial, and social login information can all be read in the clear, and there could be someone connected to these hotspots taking your information.
While you may feel safe in your home, you shouldn’t feel so safe on your personal WIFI. Even though there is less chance that someone is parked outside your home or apartment accessing your WIFI, they don’t really even need to access your network. They can read the traffic coming in and out of your WIFI router, and you won’t know there is someone taking your information.
It might be ok to connect to WIFI if you are checking the weather and the news, but not ok if you are logging in to personal accounts without a VPN.
HABIT # 7: Use a VPN to encrypt all your traffic all the time.
One of the most serious threats people face is someone eavesdropping your connection to the Internet. These attacks are normally close to you in proximity, either on the same WIFI or wired Internet connection. Because they place themselves between you and your connection to the Internet its easy for them to perform a variety of attacks against you for which you wont be able to recognize or detect. When you use your VPN to to encrypt all of your traffic all of the time, you can make this attack ineffective. Instead of your Internet connection starting at the WIFI router, your internet connection starts at the VPN service. All of your traffic is VPN encrypted until it gets to the VPN server, where your traffic then leaves to the Internet.
When your traffic leaves the VPN server your traffic is no longer encrypted by the VPN and your traffic routes from the VPN to the website you were visiting. This makes it extraordinarily difficult at this point for someone to capture your traffic with the man-in-the-middle attack unless the VPN provider were doing it themselves, which unfortunately is often times the case. This requires some trust on your behalf to trust your VPN provider to ensure they are not logging or capturing your traffic. Be aware that it was found by numerous independent reviews that 90% of VPN providers are either logging your traffic or involved with less than honest practices. Here is an independent review of VPN providers that is so clean the most paranoid of people can trust. https://thatoneprivacysite.net/simple-vpn-comparison-chart/
When you start practicing this stuff you are going to realize how easy it was to practice good Cyber Security all along and have peace of mind that doing a few things makes all the difference. We hope that by adopting these seven habits it makes your Internet and computing more secure.