MyTop5 - Tips to Improving Your Personal Security

Security - isn't convenient, but then it's certainly not convenient when your identity is stolen, or when you become the victim of a hack and your information, pictures, videos are exposed. Or how about when your financial information has been compromised and now you must fight your financial institution and credit bureaus to prove those chargers were fraudulent. The bad possibilities are endless unfortunately, if you aren't careful.

I'm here to give you some tips on how you can start to protect yourself from these threats.

All you simply have to do, is educate yourself by reading posts like these, listening to the advice, and - Become Aware and Take Action.

#1 - Use Password Managers & Strong/Random Passwords

For starters the first thing you should be doing to improve your Personal Security is to start creating Stronger Passwords and making sure you have a Unique Password for every single Login that you have.

Why is that Important?

Well, let's say you use your same Google email Password for your Bank, for Facebook, or any other Social Media sites. Let's say your Facebook account got hacked - well, chances are they now got your Facebook Password, and that also means they now have the other Accounts that you've used the same password with. Not good. If one site has a Data Breach, and Passwords/Login information of their users were stolen, and you're using that same information across all your other Services, you are totally compromised. If you have a Unique Password for every site, service you use - then when your Facebook account is hacked, or there's a Breach, rest assured - it'll only be the breached account that is compromised and not your entire livelihood. The risk is minimized.

So how are you going to remember these super long, complex passwords for every single site?

Great Question!

The Truth? You're not. Unless you're a Robot, and then in that case you are probably fine.

You will need a Password Manager to help.

There are quite of few of them out there on the Market now, but not all of them are created equal.

A simple Google search of what the top Password Managers are these days can get you started if you want to know more and research this solution for yourself.

I will go ahead and give you the top 3 that I think are pretty good, as I've tried about 10 of them for extended periods of time. This is strictly my opinion at this current time.

Keep in mind... what might be Secure, Private, and Good Today, may not be Good 1, 4, 10 months from now.

• 1Password

• NordPass

• Dashlane

I'm not going to dive in on their Features or Pricing, some of them are Free, or have Free base level tiers, but it changes constantly.

So just do your own research, try different ones till you find the one you like.

Some other Tips With Regards to Password Etiquette

• Use Random Generators to come up with your Passwords. Most of the Password Managers have Random Password Generator features included to help with this. If you don't use Random, then most certainly DO NOT use ANY personal information in your passwords. For example, your Name, your Kids Names, Birth Dates, your Pets Names, your favorite things, the love of your life's name - no, not your husband/wife - the other person. I wonder how many passwords I just guessed with just that general strategy? ZERO, ZILCH, no personal information in your Passwords. Consider how much intimate information we put out there and probably don't even think about because we think it's so general. On your Social Media sites, or those "private" details we share in Text Messages or Chats, or the details we are required to fill in when Applying to Jobs - consider the possibility that information ends up in the wrong hands, and here you are using that information as the basis for your Password Security because well, it's easy to remember. Not Good. Stop doing that.

• Be sure to make your Passwords COMPLEX and Long. The general rule, depending on who you ask or where you read it - I think right now is minimum 12 characters long. Using your Password Manager though, there's no reason why you can't just extend that out to about 14 to 25 characters long or more. Make them complex, not just letters or numbers, but use special characters when allowed. Also use upper and lower case as well. A Password that's atleast 12 Characters long, with a combination of Upper/Lower Case letters, with some numbers and Special Characters would give a little over 3 sextillion possible combinations. Hackers have tools that allow them to cross reference gobs of Password data and funnel them through a Dictionary and crack simple passwords with ease, in seconds. However, the more complex the password is, the longer it will take for them to crack it - if at all.

• The Last Password Tip for now would be to Turn OFF the "Save Password" Feature that comes with your Web Browser. Most of the top Web Browsers have them, and they're all bad. If you listened to the first Tip - getting a Password Manager, then you don't need your Browser to remember your passwords anyways. Your Browser is generally vulnerable, no matter how "Secure" or "Private" the Browser claims to be. Those Passwords are generally easy pickens for hackers, so don't use that. If you have been using it, or you have listened to me so far and got a Password Manager - then don't forget to go CLEAR the Passwords you have in there with that Save Password Feature in your Browser.

#2 - Use Two-Factor Authentication (2FA)

I think of Security, or Personal Security in Layers.

To Protect Yourself, you generally don't just use 1 tool, or 1 Layer, you use Multiple, you have backup.

The more Layers protecting you from Threats, the better.

Your first Layer of Protection between your accounts and someone else from accessing your personal information is your Password, which we covered in Tip #1.

Your second Layer of Protection is a feature called "Two-Factor Authentication" (2FA).

2FA is, at its most basic, an identity verification software. If you (or the threat actor) enter the correct password to your account, 2FA will kick in (if it's enabled) and require you to verify your identity, most often by entering a series of random numbers or letters sent to you via SMS (cellphone texts) or by a 2FA App.

Think of your Security Layers like this:

• Something You Know = Your Password (Usually)

• Something You Are = Biometric Fingerprint readers, Facial Recognition, identifies WHO you are.

• Something You Have = Your Phone that gives you the 2FA Key, a 2FA physical Key or App where it generates the 2FA random Code when you need it and requires it to be inputted to complete Authentication.

When available, you should ALWAYS be using it to add an extra blanket of security to your accounts. I say ALWAYS because yep, even that very basic, silly Magic the Gathering Website that really does absolutely nothing but help you nerd out on your hobby has it, so USE IT, Enable it!!!

2FA can be a pain, but it absolutely makes your accounts more secure.

Remember what I said at the very beginning of this Article. Security is inconvenient, but having your information stolen is much much worse, so do this extra Layer.

When it comes to 2FA, there are a few Options out there that I like.

• Authy: It's a good app, syncs with multiple devices, and stores all your 2FA in once place. Very handy.

• Google Authenticator: Can't deny it's a good 2FA App.

• YubiKeys: They have a 2FA App to go along with the physical Security Key, but I'd say this is a bit more of an advanced option. YubiKeys are a physical Security Key that you stick into your Device and it's a 100% Offline 2FA solution, and it's a great solution IMO, I love them. More on this solution though in a later article.

#3 - Backup Your Data Regularly

Let's say you find yourself a victim of Malware, such as Ransomware, you might not be able to get your data back, or you can get it back if you Pay Up (Sometimes...). That is, unless you’ve backed up your data.

When you back up your data, you can make certain kinds of security breaches less problematic. If a hacker encrypts your data and demands a Ransom to unencrypt it, it’s not going to be that big of a deal if you backed it up a week ago.

A Note on Ransomware:

At this point, everyone has most likely heard of Ransomware. It's becoming more and more problematic, and the criminals who conduct these types of attacks are being caught less than 1% of the time.

A True Backup of your information is having it stored Offline, Off Site, Off Cloud.

I don't view Cloud Solutions as Backup Solutions either.

I think Cloud Storage is the best way to look at it, and the best feature for Cloud Storage is that you can access your Information wherever you are, with multiple devices, and it's super convenient. I think having a Cloud Storage solution is a great idea, but I digress, this is not what I consider to be a "Backup" solution, although in a way it does serve that purpose too.

What if your Cloud Solution of choice suddenly goes down, for an extended period, or has a breach and all your data is gone? That was your Only Backup Solution? Dang, I'm sorry. Hopefully the Cloud Provider kept good backups.

The reason I don't consider Cloud as a "Backup" solution quite as much and I recommend having an Offline Backup is because even the Cloud Services that are out there aren't immune to the attacks. Though, there are also drawbacks to having physical Offline media for your Backups as well. What if you can't get to your Backup media, there's a Fire where it was destroyed, or natural disaster and your Backups are gone, or your Backup drive was stolen, so keep that in mind as well.

Just like with your Login Security needing Multiple Layers of security, it's good to have Multiple Layers with regards to your Backup strategy as well. When 1 Layer fails, you still have backups and additional Security/Protection in place.

Whether it's a USB Stick that has all your Important Documents on it, or a portable Hard Drive, doesn't matter. I think it's important to have a backup like this handy, especially as we head into the future where the Threats are rising, Data is being breached and constantly compromised, and Ransomware attacks are becoming norms.

#4 - Keep your Apps and Devices Updated

Who doesn't love it when their Xbox, PlayStation or other game console gets an update for some cool new features, or when your favorite games gets an update to add new missions and content, I know I do.

Ok, so maybe some of you aren't gamers... what about when your Phone gets an update, or how about your Smart Watch? Your Tablet? How about your favorite Services like Spotify, Microsoft 365, or your Windows Operating System?

We are all usually excited when we get that prompt to do an update on our devices or our services because usually that means we're getting some cool new features.

I want to point out though, that's not the only reason Updates are important. Often, it's not just to add new features but Updates are to patch Security vulnerabilities, or to improve security features on your devices to be up to date for new threats.

How many of you turn off Updates? I'm not saying there isn't a good reason sometimes to delay accepting a certain update for your Device, sure... sometimes there are acceptable reasons. However, often, I'd argue it's best not to get into that practice. More importantly don't just turn Updates off completely and then, forget that you've turned them off - leaving yourself open to vulnerabilities and new threats that are being regularly exploited by hackers.

Update your Devices and Services, regularly, don't ignore them!

#5 - Privacy/Security Awareness

When you are surfing the web, or browsing Web Stores or what not, how can you be sure the Website is Secure? Well, that's a great question and I'm going to try and help explain it.

While viewing a Webpage, you have an Address Bar at the top of your Web Browser.

Looking at that Address Bar, there are several ways you can verify to see if you're on a Secure Website or not.

1. First, look for the Address, check to see if it has a "http://" or a "https://". If you see the "https://" then you know you are on a Website that has some built in Encryption & Security. If you are on a "http://" Website, tread lightly. Do not share your Personal Information, do not use a Checkout, or give your financial information, that Website is unsecured and is vulnerable. I'd go so far to say just don't goto any unsecured Websites, but that's not always possible. So just knowing this, being aware of where your web surfing, being able to spot this will improve your security because you will know whether it's safe to share information or not.

2. Sometimes, your Address bar is hidden, or truncated and you can't see the Address - that's ok, there are still other ways you can verify if you are on a Secure site or not. Look for the trusted Security Lock symbol, it should be towards the top of your Browser, either next to or within your Address Bar. Sometimes it can also be in the bottom left Corner in your Browser Status Bar. It can be tricky to find at times, as depending upon the Browser you're using it can be in different locations to spot.

Even More Awareness...

• Avoid Phishing Scams: Phishing is one of the most common forms of Cyber Attack. Phishing scams use a variety of methods to obtain your personal/private information with the goal of compromising your accounts or to do other bad things with it. There are many different Phishing Scams out there, but they can be avoided by being aware and being careful with your privacy. To avoid being the victim of a Phishing Scam never open Emails or Attachments or click on Links from people you don't know. Sometimes even if you do know the person, it's good to be skeptical because you never know maybe the person who you know was compromised or hacked and the message can't be trusted. I will even sometimes ask and double check with a known person before I click the link or download the file they sent me. Additionally, avoid anyone offering money, unfamiliar job opportunities or requests for donations to charities as this might be a plot to obtain your personal information and online identity. Most of the time, if you just stop, and use your logical thinking - you know the IRS wouldn't be sending you some weird sketchy text or email to try and collect money from you. You know that your Credit Card company isn't sending you an email that has a sketchy looking company logo or spelling errors in it. Don't be so quick to just Accept what you receive from folks, Screen It. It's better to be safe than sorry.

• Mobile Device Security - Always use a Passcode Lock, or Pattern Lock, or Security Lock to open your phones or tablets to prevent threat actors from accessing them if they're stolen. It’s also a good idea to never store any information you don’t want to be exposed to the public on your mobile devices, this includes passwords, personal information, and sensitive photos/videos. It's also recommended that you install a “Lojack” service or app on your Devices if you can. There are also services/apps that you can Enable called "Self-Destruct" mode, it won't blow up your device like in the Mission Impossible movies, but it will wipe your device of all data to prevent that information from being compromised. Cyberattacks don't always happen on the other side of Computer Screens, sometimes it can be as simple as your phone or tablet being stolen, or they find your lost device where your personal information is accessible.

Don't just take my word for it, please.

The whole point of this Article is to give you the info, enough so that you might also take the initiative to dig a little further and do some additional research.

I encourage you all to do just that!

I hope all this information is helpful to anyone who reads it.