Personal Cyber Security

Last Friday on NPR’s Science Friday, the host discussed how to keep ourselves secure with our technology.  And the other day, I attended a talk by Chris Benson, a local security expert and owner of Always on IT, about security for individuals as well as small businesses.  Both of these discussions reiterated the things I tell you.

One of the things I really liked about Mr. Benson’s talk was that he kept reminding us that security and convenience are at odds with each other.  The more secure you make it the more inconvenient it is.  The more convenient it is, the less secure it is.  Everyone has to make their own decisions as to how to balance these two factors.  How everyone chooses to do this will be different.

The NPR discussion extended this idea and said that these balances could be different depending on what you were securing.  Meaning you can have different balances for different technologies in your life. Your bank account and email are really important to you, so you turn on two-factor authentication, change the passwords frequently, and make complex and unique passwords. Your Netflix account may not be that important to you, so you use your generic password and hardly ever change it.  You need to decide what is important to you and identify how you want to protect it.

We are going to discuss six things you can do to help keep yourself secure. This not a complete list of things you could or may want to do, but it is a good place to start.

1. Do your (legitimate) updates.  I repeat this over and over to people.  I know that they are annoying and frustrating.  But most of the time, the updates are patching security holes.  Mr. Benson added the word legitimate to my mantra.  How do you know if they are legitimate?  Here is an article to help you identify fake updates.  The Equifax hack was due to not updating.
2. Have a password management system. You need some sort of system to help you remember all your usernames and passwords. There are password management programs you can sign up for like DashLane, LastPass or 1Password. Or you can have a notebook, address book, Rolodex, recipe notecards, whatever you have on hand.  If you keep a paper password management system, I recommend that you don’t drag it around with you and leave it at home.   If you have a password that you reuse, don’t use that password for financial accounts or your main email account. Make those accounts unique.
3. Have two backups: cloud and local.  You need to back up all of your devices to the cloud and to an external device.  New mobile devices are automatically set up to back up to the cloud.  Apple devices back up to iCloud and Android devices back up to Google Drive.  For computers, you can buy a back up hard drive with back up software to back up the computer.  You need to decide how often to back up.  If you have done a huge import of photos from your digital camera, you may want to back up that day.  Test to make sure your backups work. Meaning, can you open a file from your backup?
4. Use an antivirus program.  Each antivirus program is unique, but one is not necessarily better than another.  The free versions of antivirus software are ok, but paying for a premium version will be better. You get what you pay for. Be very careful when downloading antivirus from online.  Downloading antivirus software is a common way to get a virus.  If you are wary of downloading, then you can go to an electronics store and buy a copy there.
5. Require passwords to get on your devices.  I get a lot of pushback on this one.  People tell me that they have nothing on it and it is annoying to do. However, your email is probably on there and probably logged in.  Your email is a pathway to all of your other accounts. If someone gains access to your email, they can get into your other accounts.  If your device is lost or stolen, then you have someone can get in. Once again you have to decide your comfort level between security and convenience.
6. Use two-factor authentication.  Two-factor authentication requires a password as well as something else the user has access to like a fob, badge or code that gets texted to you via your smartphone. You don’t have to use two-factor authentication on everything just the important stuff like email and financials.