Best Practices for Personal Cybersecurity

#tech - 8 Minute Read

Desk and coffee cup

Like home security, computer security involves tradeoffs between convenience and protection. Getting the best security for you will depend on how you use your devices and the internet. But in general, there are a few best practices that everyone should know.

Use this guide to keep everyday cybercrimes like identity theft and malware from throwing you off track.

Passwords

Make your passwords strong and unique.

Strong passwords are still our first line of defense on the web. A password's strength is a factor of the time it would take for a hacker to systematically guess or "crack" it. A password is "strong enough" when this amount of time is measured in months or years—an amount of time long enough to be a deterrent. Currently, a password like this is at least 10-12 characters long, is not based on dictionary words, and uses numbers or special characters. It would take years for a computer to guess all the possible combinations of all those character sets combined, so it's not worth the trouble.

Password complexity is okay, but really, length is strength. Let's take for example the password b@seba11. It's eight characters long, uses 1's for L's, and has a special character. Many websites and apps would accept a password like this with no problem. However, it's not very long, and is based on a single dictionary word. It would take a hacker with the right access and tools only about 20 minutes to crack this password (all the common leet spellings of words are widely known and can be generated programmatically). If you'd like to see how strong your passwords are, head over to howsecureismypassword.net.

"Unique" passwords are unique in that they aren't reused for multiple accounts. Of course, a strong password used for multiple accounts is better than a weak password. But if that one password is ever compromised, it's easy for someone to access multiple accounts of yours and not just one. In essence, resuing a password multiplies risk.

To improve your password security, you can lock things down in three easy steps. First, make your email account's password strong and unique. Then, enable two-factor authentication (2FA), which requires that you verify your login with a phone call or text message. Lastly, consider using a password manager to help you with your password security. Password managers are considered to be an essential solution for everyday cybersecurity and are well worth their fees.

Connected apps

It's the nature of online services to share information. This helps make the complexity of the web easier for people to manage. For example, you may have allowed a third-party app (perhaps Yelp) to access your Facebook profile, to make posting reviews faster.

Companies like Facebook have increasingly stringent policies for developers of applications that will use your data. Still, some risks come with connecting your accounts. It may be a good time to see which of your apps have enabled connections.

Below are the authorized applications settings for Facebook, Twitter, and Instagram. If you see any third-party applications connected to your accounts, but no longer have use for the connection, it's a good time to revoke access.

Home networks

Your home WiFi router is a small device with a big job. It is not only your gateway to the internet, but it is also typically the only firewall that protects your devices from all that exists out there on the web. Most routers today ship with modern security technology, but it's up to you to make sure it's configured correctly.

First, routers have a master device password or access code, which is different from the WiFi password. This is intended to protect the router settings from being changed without authorization. Unfortunately, this is often left as the factory default (typically admin or 000000). Be sure to change this password when setting up your router. After connecting to your WiFi, visit the IP address printed on the back of your router to change these settings. This will likely begin with http://192.168. After updating the password, keep it in a safe place.

Another way to protect your home WiFi network from intruders is to simply limit the range that it covers. Most people today are looking for maximum signal strength in every room of the home. This makes sense from a convenience standpoint. But if you live in a small house or apartment and your WiFi signal already reaches outside of the home, say, into your car parked on the street, this kind of range may not be necessary. It may even make it possible for a potential intruder to sit in their car outside and try tapping into your network. To limit your router's range, look for a setting called transmit power and change it from 100% to something lower. Some say that curbing the output power of your electronic devices can have health benefits as well.

Public networks

Generally, avoid any public (hotel/coffee shop) WiFi network which doesn’t require a password or signup process to log on. These networks are open, and anyone with the right software can read the data that you send and receive. At least, avoid signing into your email or bank account and avoid making purchases on these networks.

Fraud and scams

Fraud and scams are prevalent online, especially since criminals are better able to do their homework and find background information on their targets. Especially because of social media, it's possible to receive messages from someone who knows a fair amount of information about you, yet has never met you before.

If you receive an email, voicemail, or see a web popup requesting payment or personal information, always verify whether it is legitimate. For example, the IRS and the Franchise Tax Board do not ask taxpayers for personal information via email.

If at work, you receive a call from someone who claims to need information or authorization urgently but could not go through the proper channels first, be suspicious. Similarly, if you receive an unexpected email from someone asking you to "please open and print this file", be sure to confirm that the person was really the sender.

Backups, screen locks, and encryption

If any of your data is lost for whatever reason, the solution is having a backup. Your device's operating system certainly has an easy backup solution available, most likely even a cloud-based (online) solution with a flexible, pay-as-you-go amount of space.

Your last line of defense is to keep your physical devices themselves safe. But in case your laptop or cell phone is lost or stolen, how can you be sure no one will gain access to the information stored there? First, be sure to use your cell phone's screen lock feature and set it to lock within a few minutes of being left alone. Next, check if your device has a full-disk encryption feature available. If someone were to gain access to your laptop and remove the hard disk, full-disk encryption can prevent someone from opening the files.

Resources


Updated May 22, 2020.