Someone asked me to give some basic things non-techie consumers can do to improve their cyber security – here’s my list:
1. Keep your devices and applications updated.
Keep your devices and applications updated. Yes, it is a pain to keep doing this, but it is necessary to make it harder for attackers to use old easier methods on you.
2. Start using a password manager
Start using a password manager – this is the only way to have a unique strong password on every account, meaning that even if one account is hacked, the damage is contained to that one account. In addition, the autofill and synchronization of passwords across devices that you get with good password managers means it’s easier to use everyday than trying to remember and type out your passwords.
3. Install and use a reputable anti-malware solution
Install and use a reputable anti-malware solution on your computers and mobile devices – everyone makes mistakes in installing or clicking the wrong thing, and software like this is essential to making those mistakes much less likely to result in harm to you.
4. Wherever you can, enable Multi-Factor Authentication
Wherever you can, enable Multi-Factor Authentication (MFA – you sometimes see it called 2FA). Especially on your most valuable accounts like your email. If possible, use an app like FreeOTP or a USB hardware device like Yubikey instead of your phone number with SMS. And save those backup codes in your password manager. If you can only do SMS, please still do that, it is better than nothing.
5. Consider what apps you install
Consider what apps you install – the less apps you have, the less places there are to attack you. You can always uninstall.
6. Consider what devices you allow into your home
Consider what devices you allow into your home and into the lives of the other people in your home and neighborhood who have not consented to be spied on. Just because a marketing person says the device is “smart” does not mean you need to believe them.
7. Try to learn about and understand how some basic scams work.
Try to learn about and understand how some basic scams work. Just like with malware, scammers are mostly recycling the same tricks in slightly different wrapping paper. A lot of avoiding scams comes down to taking a breath and pausing when you feel yourself being pressured or suddenly excited by a too-good-to-be-true opportunity. This applies to websites your visit, emails you receive, text messages, social media, phone calls, and even while outside face-to-face. Scammers find you where you are and try to use things that are familiar to you to gain your confidence.
8. Does it have to be the truth?
Beyond the basics above, consider whether you really need to give that website or shop your personal information. And if you do need to give something, does it have to be the truth? People cannot steal and use data that doesn’t exist or is false. Just like any therapist will tell you, maintaining your own firm boundaries is a hugely important life skill. Even if there may be a cost, you can always refuse.