SECURITY BY OBSCURITY: You are not a security expert. Any knowledgeable hacker, if they wanted to, can exploit anything they wanted to that is on the internet. Your defense can be defined as ‘Security by Obscurity‘. What this means is you are safe because you are not someone that is targetable such as a popular public official or government representative. To further prove this point, say you routinely walk down the same street every day, you are also vulnerable to a professional UFC fighter or martial arts expert, they could basically take you down and take full advantage of the average person by force. But how probable do you think this is? Not very. Likewise, a skilled hacker is probably not targeting you either, so there is no reason to fear a physical or digital attack.
DON’T FEAR THE UNKNOWN – Many things CAN happen to you at anytime, at any place, in any way in the physical world, but there is no reason to fear or walk around scared because you have realized by experience that you are safe doing these activities and the probability/risk of danger is quite low, so you continue with your life as normal. This scenario is similar to hacking attempts in the digital world, you still use Facebook, buy things online, and even read this website with a certain level of comfort knowing that the risk is low. So with this in mind, do not fear the internet.
COMPUTER/PHONE UPDATES AND ANTI-VIRUS – Do NOT install 3rd party anti-virus programs on Windows 10, the preinstalled anti-virus program is more than adequate. In fact, security experts agree that installing these apps will just make your machine LESS secure by opening up vulnerabilities that were not meant to be there. With that said, all you have to do is keep your device updated, this goes for Windows, Mac, Android, or iOS. Anytime hackers (both good and bad) find issues and vulnerabilities in software, it eventually becomes known to the maintainers of that software, such as Microsoft, Google, or Apple. Then they push updates to all their devices to fix these vulnerabilities. This is why you need to make sure you are checking for these updates frequently, at least once a month. To update your devices: For Windows, every so often, hit the Windows button, then search ‘Check for Updates’. This is tell you if you need security updates or not, at least check once a month. For MacOS, you go to the AppStore and check for updates there. For Android phones, go to the Settings, then Update, or just search updates. For iPhones, go to Settings, then General, the Software Updates.
PHISHING ATTEMPTS – The most common reason computers and networks get infected with malware is by clicking links or downloading attachments from email recipients you are unfamiliar with. These emails are usually masked to make them look like a legitimate email from a shipping company, job application, or tech company. Other examples of this are random popups that appear while surfing the web that scare you into believing there is something wrong with your computer or you did something wrong and you must immediately call a number to fix the issue. These are just phishing attempts to get you to act before thinking prompting you to call a number and give out your credit card information to ‘fix’ the issue. Remember, Microsoft does NOT offer this kind of support, in addition, there are NO reputable companies that offer support like this. So watch out and pay attention! For more examples of this, check out the FTC website.
ENCRYPTION – This is how computers scramble data so that only THE intended recipient sees your email, text message, picture, or anything else. Websites that use encryption have ‘https’ or a small lock icon in the URL bar at the top. Password managers use encryption to safe guard your passwords. VPNs use encryption to secure your internet browsing traffic. See an image below of what this looks like. Even bad guys use encryption for evil when they use what is called Ransomware to encrypt important data on computers so you cannot access it and charge you a ‘ransom’ to unlock it. The solution to this is data backup, explained in #10.
PASSWORD MANAGERS – DON’T use the same password on every site. There is no way anyone can remember tons of different passwords, so store your vast array of internet passwords in a notebook or use a password manager app like EnPass, LastPass, or 1Pass. The worst thing you can do is use the same password everywhere, doing this makes your accounts easily hackable. Hackers simply have to find your email address and use sophisticated software to quickly determine if you have a weak password at a specific website and exploit it at every other site you use that password. If you want to know how bad this is, check this article explaining the 20 Most Hacked Passwords on the Internet. Do yourself a favor and DONT USE ANY OF THESE PASSWORDS, or anything like this for that matter.
PERSONAL INFORMATION (PII) – Never give out Personally Identifiable Information (PII) through email or phone calls. When you get an email asking for things like birth dates, addresses, social security numbers, credit card information, or banking information, always call that business directly by going directly to their website through a Google Search, not found from a random email received. Likewise, always call a business directly to give out information, never accept a call from a business and give out info, no matter how trustworthy they might sound. You never know who is actually on the other line.
2 FACTOR AUTHENTICATION (2FA) – This is a 2nd layer of security setup to tell a website or app that you are who you say you are by providing another piece of information like an additional password, pin, or fingerprint. If you truly care about the data a particular website is storing for you, it is extremely recommended to set up 2nd factor authentication, also called multi factor authentication. Once setup, that website will ask you for your user name and password, then you will have to provide an additional piece of information such as, something you know like another pin, another password, a string of numbers from your phone, or answers to security questions. They could also ask you for something you have like a credit card ID, a smartphone Pin or a hardware security key. Another example of 2FA would be something you are like a fingerprint, a face match, iris scan, or voice match. Bottom line, if you care about the data on that site is holding onto for you, then you ABSOLUTELY NEED to setup 2FA with that site. Check out this video for more information.
PUBLIC WIFI – Avoid using any public WIFI networks such as in coffee houses, cyber cafes, airports, or hotels. You never know who is snooping on that network and what they can get access to on your device that connects to that network. Recommend setting up your cell phone as a hotspot (also called WIFI tethering) and use that connection. That way you know only YOU are connected to it. Here are some instructions for an Android device and an iPhone. If you have to use Public WIFI, consider using a VPN.
VPN – Virtual Private Networks are encrypted tunnels for your internet traffic that essentially masks or anonymizes your internet identity from the rest of the world. These make your internet traffic much more safe and some even have the added benefit of allowing you to look like you are coming from anywhere in the world. These are not essential when you are on a secure network like your home router or phone hotspot, but these are an absolute must if you are using public WIFI networks as explained in #8.
DATA BACKUPS – Many things can happen to your computer or phone, it is wise to have good backups of your data. Consider an automatic backup service like Sync, Google Drive, or OneDrive. These services will automatically backup files on your computer to the Cloud, so if your computer is ever lost, stolen, or breaks, you will be covered. Referenced above, in the event of a situation where your computer(s) are compromised with Ransomware, you simply have to wipe your machines and reload your files from your data backups and you will be back up and running in no time.