There are no dumb questions in cybersecurity
It’s easy for us to assume protection so we can feel safe enough to move on with our lives, instead of questioning everything and being paranoid. We generally trust and don’t question:
- our banks to lock their vaults
- our car alarm to go off if someone tries to steal our car and
- our police departments to catch bad guys before they break into our houses.
There’s a lot of trust we put in others to keep us safe. But, we all know that we can't fully rely on others to protect what we care about - we have to do our part too. I think many of us forget all the steps WE take to keep ourselves safe and confident every day. We:
- safeguard our checkbooks and debit cards from our bank so people can’t steal them and access our accounts
- lock our cars and safeguard our keys and
- we lock our doors and windows and turn on our security systems before we leave our houses.
These are routine things we do every day to keep what we care about safe - almost like security hygiene. We understand that there isn’t one app we can install or one lock we can turn to keep us safe, just like there isn’t a toothpaste we can use once to protect our teeth forever - we know it’s routinely doing the right things that keep us protected.
So how did we learn these things?
Many of our parents, friends, and colleagues knew it was important enough to help us understand how to protect ourselves. They also knew that by helping to protect you, they were keeping themselves safer too, since you’re associated with them.
Ok, well who is going to teach us how to protect ourselves online - in cyberspace?
Unfortunately, most of our parents can’t pass down that knowledge and the media only gives it to us in little soundbites which is not exactly helpful when you’re worried about protecting a laptop, desktop, phone, tablet, 4 social media accounts, 2 emails, and 1 bank account.
And it’s not enough to trust institutions like Facebook to guard our data on their servers; Equifax to guard the information they collect and store on us; or our banks to block access attempts on our accounts via their websites - they’re trying to protect all of their users’ data and no one will ever care more about your own information than you.
Luckily, cybersecurity for our everyday lives or our small businesses is EXACTLY the same as protecting our physical lives, like we talked about earlier - security hygiene. There’s no one technology, no one tool, no one action that will secure everything - in the same way you can’t rely on one lock to secure your entire house. It’s doing the basic cybersecurity things routinely, like the concept of security hygiene we talked about earlier.
So if the cavalry isn’t coming to save us, and we have to learn to do the “basic cybersecurity things” where do we start?
Since you can’t secure everything at once, we recommend prioritizing by selecting the device or account you care about the most.
What should I care about the most?
List all of the accounts and devices you have and think about the data you store or transmit on them.
Then score each device/account with two scores added together - how much you’d care if:
A. You lost access to the data on your device/account
(1 = I don’t care, 2 = I’d care but I’d get over it, 3 = I’d be devastated)
B. The data on your device/account was exposed
(1 = I don’t care, 2 = I’d care but I’d get over it, 3 = I’d be devastated).
Add those two scores together for your accounts and devices - the highest number is where you should start.
What if I don’t have time to do all that?
Pick one device or account that you know if you lost access to the data on it or if it were exposed, would devastate you. It can be an email account with VIP contacts on it (that hackers can spam), a laptop with family photos on it (that hackers can ransom for money), or your bank account.
Now that we’ve got our most prized account or device, how do we go about actually securing it?
We’re developing a full cyber self defense checklist that you’ll be able to download, but in the meantime, these are the top 4 steps you can take on almost any account or device to protect your data:
1. Long, strong, unique password - stored securely.
Why “long?” Because the longer it is, the longer it takes a hacker to crack. Strong? Just avoid anything obvious - obvious means hackers will know to guess it. Unique? Not any of your other passwords. Why? Because if a hacker gets a hold of it, they’ll try it on all of your other accounts - it’s Hacking 101.
Stored securely? I recommend a password manager not only because they store them encrypted on your phone, which you take with you almost everywhere, but they also generate long, strong, unique passwords for you instantly, so you don’t have to think of it on your own. You’ll be able to shop for them soon at enabldsecurity.com.
2. Use two (or multi)-factor authentication (2FA).
How does this work? It’s like in the movies when Arnold Schwarzenegger has to show an ID and provide a verbal password - it’s two ways to gain access with something you have and something you know. For online accounts, it starts with a password (something you know) and the 2FA part is usually an app on your phone that you download and sync with your account; when you login, the app gives you a code to enter, in addition to your password, to grant access and lock down your account. But it’s an extra step! Yes, but they’ve made the process easy and it makes your account nearly unhackable. Find 2FA for your account here.
3. Backup your data.
Why? Hackers go after your data either because they know it has street value (aka selling your credit card info or social security number on the Dark Web) or because you value it (they don’t care about your family photos, but they know you do). So they encrypt it and hold it ransom. If you routinely backup your data, then you have nothing to worry about. Consider using a cloud backup and storage like Box, Sookasa, or Dropbox.
4. Update the software on your devices.
Why? Hackers, like the ones who try and get you to click on a link in a spam email, take advantage of vulnerabilities in software - like your Windows or Mac operating systems (basically your desktop and how you interact with your computer) - in order to weasel their way in. By updating this software, you close those doors.
Our goal is to help you understand how steps like these and the tools you use to accomplish them protect. Then, you’ll know how they fit into your overall protection and make you safer as a whole - otherwise, you might never trust these tips or tools. It’s the same way that you understand if you have a security system in your house, you know that to protect against break-ins, you can’t just put an alarm on one door to be secure - you have to put an alarm on every door (and window) to help you feel safe.
We asked a lot of questions in this blog so you didn’t have to, because we think you’ve wanted to ask those same questions but didn’t know how or who to ask. Now, we hope you’ll feel comfortable asking us, knowing that others have the same concerns.
Help us help you - let us know what you cyber self defense info you want to learn by emailing us at firstname.lastname@example.org. We’ll cover it in our blog or our site and let you know when we post it.
We need your input in order to build something that helps you defend yourself. Sign up for our beta (trial) and be the first to check out our site as well as being an integral part in creating a free resource so that others can protect themselves too.
What is ENABLD?
ENABLD (enabldsecurity.com) is a free site that organizes cyber self-defense tools so that you can understand how they keep you safe and find the ones you need to protect what you care about.
We’d love to have you. Our motto is “empower the unprotected” - but we truly think that we all empower each other to us all keep safe.