Before you hit the classroom this fall and ramp up your online studies and social interactions, there are things you should be doing to protect yourself against cyber threats. Here is a 60-minute digital security checkup designed to empower you with tips and resources to improve your personal digital security.
Although there is no single solution that will prevent security compromises 100 percent of the time, the following tips represent the top five ways users can protect themselves online.
1. Choose a password manager.
Creating strong passwords and using a unique password for each account sounds great in theory, but in reality doing that has become unsustainable today. In fact, on average, respondents to McAfee’s “2018 World Password Survey” reported they have 23 accounts that require a password but only 13 unique passwords.
Is it realistic to expect someone to remember 23 unique alphanumeric passwords including uppercase and special characters? NO!
A better approach is to use a password manager to create and store strong passwords—ones that are difficult to guess—for your accounts. Many people assume these management tools are cost prohibitive, but there are affordable options on the market. Here are three low-cost services to evaluate:
- LastPass (www.lastpass.com)
- $4/month for family of 5
- Multi-factor authentication protects password vault
- Excellent Chrome extension for frequent password generation during job searches
- 1Password (www.1password.com)
- $4.99/month for family of 5
- Sync across unlimited devices and operating systems
- Bug bounty participant (pays researchers to find security flaws)
- Sticky Password (www.stickypassword.com)
- Offers $149 lifetime license
- Supports fingerprint authentication
- Multi-factor authentication protects password vault
For additional options and reviews, check out Neil Rubenking’s list of the best password managers for 2018 on www.pcmag.com.
- Reset all passwords with stronger credentials.
This is perhaps the most time-consuming part of the checkup.
Now that you’ve chosen a more secure way to manage all your credentials, find out how many different accounts and passwords you have. Do you have a list of all your online accounts stored in a spreadsheet, on your browser’s favorites list, or under your keyboard?
If not, now is a good time to put them all in one place.
If you’re not sure where to start, use the steps below to catalog and categorize your online accounts according to their criticality:
- Step 1: Email accounts
- Step 2: Banking/investment/retirement accounts
- Step 3: Online bill pay accounts (utilities, insurance, wireless)
- Step 4: Health care/childcare reimbursement accounts
- Step 5: Shopping accounts
- Step 6: Social media and messaging apps
- Step 7: Blogs/websites
- Step 8: Online document storage
- Step 9: Educational accounts
- Step 10: Entertainment accounts
- Step 11: Rewards/mileage accounts
- Step 12: Miscellaneous accounts
After you’ve documented your accounts, begin securing them—starting with your email accounts. Improving email protection with strong credentials is listed first because it:
- Continues to be a top attack vector.
- Is frequently used for authentication and account recovery.
- Is used for official communications for almost every category.
Note that some accounts will have limitations on the password length and complexity allowed. If you use social media accounts to verify your identity to other sites, you will have to visit those sites to update the password to the stronger credentials you get from the password manager.
3. Add two-factor authentication to eligible accounts.
Two-factor authentication (2FA) requires users to have a one-time passcode in addition to the password. Unlike a password (something you know even if it is in your password manager), the 2FA passcode is generated on something you have that is external to your credential vault such as your phone or an RSA token.
Most major platforms offer 2FA as an additional layer of security and integrate with these popular free options:
- Authy
- Google authenticator
I am an advocate of understanding the difference between tools to help make educated decisions. Here is a comparison of Authy and Google Authenticator.
All your accounts may not require 2FA. However, if your credit card, banking info, personal/professional reputation, or finances could be impacted by a compromise, you should take the time to set it up. At the very least, consider adding another layer of protection to accounts in these categories:
- Email accounts
- Banking/investment/retirement accounts
- Online bill pay accounts (utilities, insurance, wireless)
- Shopping accounts
- Social media
- Blogs/websites
- Online document storage
4. Review security and privacy settings.
Many mobile devices are sold with security and privacy on the lowest settings available. Mobile apps are then downloaded with excessive permissions to access data and features on devices. Some of these apps go as far as using third-party integrations to mine data for targeted advertising. Therefore, consumers must educate themselves and configure settings to best protect themselves and their data.
To security and privacy settings, tap on Settings on your device to audit how security and privacy are configured.
Android Users:
Security and privacy should be reviewed separately. Google features Security Checkup, Privacy Checkup, Ads Settings, Activity Controls, and other ways to protect your device. You can click here to update your settings from one location.
If you need guidance on which settings to choose, click here to read Android journalist JR Raphael’s 11-step security audit.
Apple Users:
If you are an apple user, click here to access Apple’s guide to security and privacy protections.
You should also review the security and privacy settings of every social media app on your phone.
5. Communicate securely and privately.
Millions of people rely on free public Wi-Fi to conduct their online activities. To reduce the risks associated with sensitive data being intercepted, consider using a Virtual Private Network (VPN), an encrypted tunnel that encrypts your web traffic. Using a VPN allows you to protect your Internet activities and prevent your browsing habits from being sold by Internet service providers.
Low cost options include:
- TunnelBear (Tunnelbear.com)
- Windscribe (windscribe.com)
- ProtonVPN (account.protonvpn.com/signup)
If you’re looking for comparisons and questions to ask to help decide, see Techradar’s article “The best free VPN 2018”.
Ways to Encrypt Other Communications
- Encrypt outgoing emails using built in provider features.
- Use email apps like Protonmail for maximum privacy.
- Send encrypted instant messages using apps like Wire.
- Have secure video conferences using apps like Jitsi Meet.
Congratulations if you made it to the end of this checkup! Proactively protecting yourself can seem daunting, but it is an important investment of time. The bottom line is that you can improve your online security by performing regular digital security checkups. Your first security and privacy hygiene checkup might be time-consuming, but it will get easier each time you go through it. I highly recommend performing checkups at least quarterly.
