Top 10 Cybersecurity Awareness Tips

 

  1. The first most valuable thing anyone can do for their personal security is to assess their own personal risk. If you aren't handling sensitive information that would be valuable to a government, or a corporate competitor, and if you aren't a terrorist or a dissident, you're unlikely to be a high-priority target for intelligence collection. This means that the approach to your own personal security posture doesn't need to be as paranoid as a spy may have to be.

  2. Even if you aren't a high-priority target, there are still some measures I recommend to all of my clients that make sense as a baseline level of personal security. For example, Always use Multi-Factor Authentication (MFA) for any service you log into.
  3. When you turn on MFA, you will be asked to store a backup copy of keys you can use to regain access to your services if you lose access to one of your trusted devices. These should be kept in a safe place, like an encrypted backup either in your home, or saved to a cloud service if one is available to you.

  4. Use password managers. Not only will a password manager make logins easier for you, but they will also make your passwords more secure in their formation. Although there have been high-profile compromises in the past of password management software and services, for the vast majority of users, this is a better option than having to remember dozens of high-complexity passwords, or committing to the dreaded practice of password reuse.

  5. Never reuse passwords! If you decide not to use a password manager, the most risky thing you can do is pick one password and use it on all of your devices and accounts. A diversity of high complexity passwords means that any attacker who may be trying to get access to your accounts won't have a 'master key' to all of them, which will make compromising your accounts much harder for them.

  6. Encrypted messages aren't just for spies anymore! Messaging apps which offer a high level of message transportation security are readily available and free for personal use. While some technologies for messaging are more convenient, they are also less secure in how they handle messages. Whenever you send a message to someone that you would not want to be read by anyone except the intended recipient, make sure to use a messaging application that offers end-to-end encryption for the best privacy.

  7. Set up email sorting. Is sorting your email a security practice? It could be! Spearphishing, or highly targeted attacks using email is a popular and effective method attackers use to gain a foothold on their victims. By doing something as simple as sorting your emails to identify which come from inside of your organization, and which come from outside, you give yourself an advantage in avoiding clicking a malicious link. Sorting your emails in this way will also make those pesky automated phishing tests easier to pass, which may save you from having to take additional security training!

  8. As AI voice replication, and text generation improve the appearance of legitimacy that scammers use to trick their victims, it's a good idea to fall back on older methods of identity verification. Sharing a challenge and response word with your most trusted relatives that can be used to verify their identity if you are called in desperation by someone who sounds like a loved one.

  9. Ransomware continues to be a major issue facing individuals and companies worldwide. Maintaining regular backups should be considered standard practice for everyone.

  10. Mobile device security has been a major topic in recent months, and will continue to be a point of interest for journalists and dissidents throughout the world. It's a good idea for individuals who have an elevated risk profile to regularly restart their mobile devices as a measure to remove malicious software that may be running in the device's memory.