As a cybersecurity professional I write about enterprise security on a daily basis. But with the start of National Cyber Security Awareness Month (NCSAM) I was inspired to switch gears and write about personal security given this week’s theme of simple steps to online safety for consumers. So, with pen in hand (a keyboard actually) here are some practical tips and best practices for protecting your personal information and identity online.
Obviously there are many things one can do to keep safe in today’s cyber world; however, many of them require deep knowledge of security and/or a significant level of effort.
Ideally you should select a different password for every site you use, and store them all in a secure password manager with two-factor authentication every time you open the password manager, but this is not practical for most people. For me personally—and I live and breathe security every day—I started this practice about three years ago and 174 out of my 403 passwords are still duplicated.
So, with “simple” being the operative word, the tips here are for everyone, not just cybersecurity pros, and shouldn’t take more than 10 minutes to implement (plus two minutes to read this blog post!).
Many times in life we need to focus on what matters most, and cybersecurity is no different. From an online security standpoint, the two things that matter most are your smartphone and your email accounts.
Our smartphones are the center of our online life and identity. We use them anywhere between dozens to hundreds of times a day. They hold our most personal data in emails, contacts, and even cherished memories—like pictures and digital assets, such as a chat from someone we care about or a video of grandchild. And they connect us to the many different services we use through apps.
That said, I’m not going to tell you to install an antivirus program for your smartphone, that would be maybe number 25 on my list and today I want to focus on the top two items. And those are to protect access to your most important accounts, which are:
The reason I recommend that everybody takes significant steps to protect these specific accounts is that they serve as the second factor for authentication into so many sites such as online banking, investment, shopping, healthcare, education, travel, you name it.
The steps to implement are simple. For your online mobile carrier account and your primary and second email accounts:
For those of you who have not set up two-factor authentication, most online businesses automatically assign your mobile device or a secondary email address as your second factor of authentication, that's why protecting them is so important. Take your mobile carrier account…if not well-secured adversaries can log into your account, request a new SIM card for your account, pop it into their phone, and voila…now they own your second factor authentication. That may sound far-fetched, but it’s not. Cybercrime is everywhere and consumers and businesses alike need to stay vigilant about protecting themselves.
With these 2-3 accounts extremely well protected you can easily boost your personal cybersecurity.
Overall, maintaining clean password hygiene is very time consuming and not everyone has the knowledge or resources to do it, but implementing these two best practices for those key accounts is something anyone can do. Even my grandparents!