Personal Cybersecurity
Why is personal cybersecurity so important? That’s easy, because of the people we love. They count on us to keep ourselves and them safe.
I strongly believe that if I can teach family and business leaders to be more aware of cybersecurity in their personal lives, it will naturally and necessarily change the way their organizations and families perceive cybersecurity.
In my last blog, I asked the question: is affordable cybersecurity a myth? I don’t believe it is, and I’m out to prove it. We’re going to focus on cybersecurity in your personal life in this article, and none of it cost a dime.
Consider this: good habits are cybersecurity, and habits have no direct cost. That makes them accessible to everyone.
Or, more accurately put, no direct monetary cost. I will admit there are indirect costs to habit formation. Forming habits requires an investment of time and effort. If you want to short-circuit the time investment, for about $20 bucks, go buy yourself James Clear’s “Atomic Habits”. His system for habit-forming and longevity is a game-changer.
The effort, on the other hand, I have no hack for. You’re either going to be willing to invest the effort or you’re not.
But I digress. Let’s talk about applying a personal cybersecurity mindset to your life.
Make Personal Social Media Posts As Private As Possible
Information is the new currency. In this digital era, personal information about who you are, what you like, and what you may do in the future is highly valuable. It’s why companies like Meta, Twitter, and Google let you use their platforms for free. The unseen charge is that they are gathering and analyzing as much information on you as they can get their hands on.
So how does that apply to a post on Instagram or Facebook? Well, cybercriminals are pretty smart. If you post publicly, they know that reading a few of your posts will produce information about you. Like your dog’s name, or what city you met your spouse in.
…So What?
You may be thinking, “who cares if they know my dog’s name?”. It seems like a trivial piece of information, but it’s not. Many online platforms, including banks, have self-service password reset tools. These self-service tools ask you security questions to verify your identity or reset your password.
Think about the questions they ask: “What’s your favorite pet’s name?” and “What city did you meet your significant other in?”.
If you recently shared a picture of your dog, their name, and why we humans don’t deserve them, or you wrote a long gushy post for your anniversary describing the first time you met your significant other, that information is now readily available to the public.
This information alone is not enough to cause a cybersecurity incident in most cases. However, it could be the last piece of information needed to perpetrate an attack against you. If you remember the last article in this series, I touched briefly on how most modern hacking is a long play.
I’m Never Posting Personal Information on Social Media Again!
Good! Kidding.
Look, I’m not saying that you shouldn’t share things on social media, or that you should never post on social media platforms again. I am saying that you need to be a little smarter about what you share, and how you share it.
If you must share something personal, IG and FB have options to make your post only visible to those on your friend’s list, not the general public. And stop adding random people you don’t know to your friend’s list.
Do Not Take Quizzes
This sounds like a no-brainer but I see people do this all the time. Don’t take a quiz to find out what Disney princess you are, who you were in your past life, or what kind of pet lover you are. These quizzes will usually ask you things like what your first car was, what city you were born in, and other personal information.
These, again, are all examples of password reset question answers.
Sometimes, to get your results, they’ll ask you to share your email address. If you take that quiz your flat out giving away 3 answers to password reset questions, AND your email address, which combined can be used to access any number of your online accounts. That’s if, of course, they can access your email account.
What do you think they’re going to try to do next? Access your email account.
Do Not Reply To Posts With Information about Your Life
Scammers are always trying their best to bait you into commenting on their posts with personal information. I’m sure you’ve seen a post that has an image with a few lists on it and thousands of comments.
For example, let’s say the image has two lists:
- A list of colors and calendar months
- A list with the numbers 1 through 31 and a bunch of things that sound cool
The post will say something like, “Your rock band’s name is your birth month and your birth date combined”. You start looking at the thousands of comments on the post. One of them says, “Midnight Blue Dagger”. You think to yourself, “Man, that’s a sweet band name! I bet they’re a metal band.”.
You start feeling like a rockstar and wonder to yourself, “What would my band name be?”. After a quick review you see it’s “Purple Wombats”. Nice! Of course, you want to share and show everyone how cool it is. So you add another comment to the post.
Guess who now has your birth date? The threat actors. Your personal cybersecurity just took a major hit. So pretty please, knock it off. If you must know your band’s name, write it on a post-it, think about how cool or lame it is, then ball it up and throw it in the trash.
Use MFA to Boost Personal Cybersecurity
Let’s say you gave up some personal information online and someone gathered enough of it to perpetrate an attack on your bank, email, and social media accounts. Do you know what will stop them dead in their tracks? Multi-factor Authentication.
Also known as MFA.
Also known as that thing we all despise, act like is a huge hassle, and don’t use.
MFA adds a critical layer of protection. MFA requires that you provide a special 6-8 digit numeric code that is sent to your email account or an app on your smartphone. You can also use text messages to receive these codes in many cases, but I highly recommend against it. In fact, we’re phasing it out for all our partners. SMS has a number of it’s own cybersecurity challenges.
Authentication Apps
Alternatively, you can use an MFA app to further secure your accounts, which I highly recommend. I like to use an app called Authy because it allows you to leverage TOTP, which stands for Time-based One-time Password.
TOTP stands for Time-based One-Time Passwords and is a common form of two factor authentication (2FA). Unique numeric passwords are generated with a standardized algorithm that uses the current time as an input. The time-based passwords are available offline and provide user friendly, increased account security when used as a second factor.
Twilio.com
Did I mention it’s free? Sometimes waiting for an email to arrive isn’t ideal, and I’m fairly impatient with my technology. Because of this, I love using an app like Authy. My TOTPs are always available, even if my device is offline.
Enable MFA On Your Social Media Accounts
All the major social media platforms have MFA available, you just have to look up how to turn it on. I would do so IMMEDIATELY.
I’ll even gather 3 links to official MFA how-to documents for you:
Seriously. Open up a tab and start securing your social media accounts with MFA..
Use Unique, Generated Passwords
Let’s talk about generated passwords. This is what my average password looks like:
x@3un2Jj3rtjSk4$7e
Every site that I access has a randomly generated, 18-character password that I’ve never actually looked at and could not recite to save my life. I’m going to take a wild guess that the majority of the passwords for folks reading this look like this:
Love123!
I’m also going to guess that you are reusing this password for your work email, your bank, and your Amazon account. Re-using passwords makes life easier for you, I get it. Unfortunately, it also makes life easier on cybercriminals that are trying to extort you. If they somehow determine your password for one site, they now have access to other sites which contain your personal, banking, and credit card information.
An Isolated Incident
Using unique, generated passwords ensures that if somehow someone gains access to your password, or sees it written on a sticky note, your security breach is an isolated incident. No other site is compromised. Also, you should stop writing your passwords on sticky notes.
The best way to implement generated passwords and MFA is through a password manager, like LastPass. Guess what? LastPass is free for personal use.
A password manager will store all of those very long, very hard-to-remember passwords in one place, and provide a system for randomly generating passwords. LastPass also happens to have a TOTP system built into it. Their mobile app is pretty sweet too.
The Myth Is Being Busted
Do you know the best part of literally everything I mentioned in this article? None of it costs a dime. That, my friends, is as affordable as it gets. Affordable cybersecurity is NOT a myth.
At the end of the day, it’s all about us, our habits, and how we can be smarter as we engage with the digital world. Thank you so much for taking the time to read this article. Our next topic will be “Making Cybersecurity a Habit in your Business Life”. Until then, be safe out there!