I get frequent questions from non-tech folks on how a consumer can protect themselves, information security wise, in this “new” big, bad world of data thieves and online trickery. Here are some basics you can start with:
- Update!
Keeping devices updated is one of the most important steps period. If it’s a computer, smart device, thermostat, Firestick, internet of things, etc… always do the updates. If there are concerns about an update, search Google and check. Sometimes waiting a couple days after a major update, Windows for example, to let any kinks with the update get corrected before applying makes sense, but don’t wait too long! - Awareness
It’s a big, bad world. Remain aware that there are bad actors out there. Don’t click on everything, don’t download everything. If it wasn’t expected, don’t interact with it, even if it’s from someone known (their account may have been compromised). Call them and ask… “Did you send me this file (email, link) for a reason?” Stay alert! - Freeze credit reports FTC Credit Freeze FAQs
Credit agencies offer the ability to freeze or lock credit reports. Basically, this helps prevent a criminal from opening new credit in your name. There is a minor inconvenience when personally accessing credit (buying a house or car, opening a credit card, etc…) in that the reporting agency being used must temporarily be unlocked so that it can be accessed. Don’t unlock all three, ask the merchant which agency they use, and only unlock that one for as little time as needed. - Backup your data
Well, everyone is doing this already, right? If you don’t want to lose it, back it up! At a minimum use a portable hard drive to back up critical documents and store it securely. - Antivirus
Regardless of what’s running, Windows, Mac, etc… use an antivirus software. And no, Macs are not invulnerable. One of the largest botnets was more than 700,000 compromised Apple computers. - Change default logins
Any routers, wifi routers, thermostats, devices, etc… in the home or office should not be left with default logins. Change those passwords! - Strong passwords
The latest research suggests multi-word passphrases are the way to go. Length provides complexity, and random words are best. Consider a really long and random password that you can remember for a password manager, and allow the password manager to generate complex passwords for your logins. - Two factor authentication
Many systems now offer two factor authentication such as a confirmation text to a cell phone. Turn that on! Especially for email, banking, social media. - VPN (virtual private network)
When outside of a trusted network using a VPN is an extra step to protect data from local bad actors on the network being used (coffee shop, airport, airplane, hotel). But, even at home, it’s worth considering as the repeal of US broadband privacy rules allow ISPs (your internet providers) to collect, use and market any data from your activities online. The VPN provider is being trusted not to store or collect, and some do state that in their terms of use. - Personally Identifiable Information (PII) Wikipedia
There are laws designed to protect consumers from businesses sharing consumer PII in an unprotected fashion, but I frequently see people sharing their personal data without any thought at all. Think twice before emailing or posting your own information, or at least try and protect it first. This can be as simple as changing your birthday on sites that don’t really need to know, to not posting where you’re physically going to be at any time. Here’s an FTC article on keeping your personal information secure as well.
If you have a suggestion for a topic or any questions, contact me. I’m always happy to help.