Learn what you can do to feel more empowered in your digital life. It can be challenging to fully understand the tools you use every day—web browsers, email, websites, phones, apps—but knowing how to stay safe in the digital world will give you the peace of mind that you are in control of your experience online.
Remember, you don't have to do do everything in a day. Take breaks and don’t get discouraged if you set this project down for a while. It’ll be there waiting for you.
What is cybersecurity?
The term “cybersecurity” can be broad and overwhelming, and honestly, a little scary. These resources and tips can help you learn more about your digital presence on the internet and will help you feel more secure when using the internet. Remember, security is not a project you do once and then are finished. It is an ongoing process of maintenance.
If you’re trying to upgrade your personal cybersecurity, how the heck do you begin? In the same way that you can’t budget without knowing what you spend and where, get a handle on your digital life by collecting all your accounts and their passwords in one heap/pile/file. If you’re a parent or caregiver, you might consider also adding the accounts of the folks in your care.
Now that you have all your passwords gathered, it's time to organize them. A password manager is a program that remembers passwords for you, and often logs you in to accounts without you remembering, entering, or even knowing the password for that specific website. Password managers make using complex unique passwords easy, because a computer is doing the remembering.
What's the downside? It's easier to lose all your passwords if you become unable to access your password manager. There are many articles about why the benefits of password managers outweigh the risks, but you must decide what’s right for you. Regardless if you choose a computer program or another method, pick a password memory system.
There are pros and cons (and price differences) for every service, making this another personal choice. If you use a work-provided password manager, remember that if you leave your employer, your access to your personal information stored inside a work service will end!
If you need help doing research, a good starting point is to ask yourself the following questions:
- How many people are in your household?
- How many devices, and what kind do you use (mobile, iOS, Android)?
- Is your favorite browser supported?
- Do you want something free?
- Are there other features you’d like (e.g. storing a credit card for online shopping)?
Once you’ve chosen your password manager, you must import your gathered information into it. This is pretty standard across every platform, and while it is a boring and tedious cybersecurity chore, once the setup is done, it becomes easy to add new accounts one at a time.
Most password managers will tell you when you reuse passwords. Now it's time to create complex, unique passwords. In an ideal world, we only have to remember a handful of passwords: a work password, a phone code, maybe an email or most frequently used website, and the password to our password manager, which handles everything else. All our other passwords are complex and unique, making them hard to guess AND if they are exposed in a leak or breach, we're not reusing them anywhere.
For sensitive accounts, like email (which can be used to impersonate you if compromised), banking, health, and legal information, an extra security step is to enable multi-factor authentication (MFA). This means you use a password (remembered by your password manager) plus a one-time code. These codes can be delivered via text, a phone call, email, or an app on your phone, and what you choose depends on what the service offers. Your doctor’s office patient portal might call or text you a code, and your bank likely does a form of multi-factor authentication as well.
MFA isn’t risk free; if you lose access to the device or phone number you’re using for MFA, it can be a headache to resolve issues, especially if you buy a new phone or change numbers. If you can set up a recovery account (sometimes a secondary email address or an additional phone number), that’s a good idea.
A few steps to take are:
- Ask yourself what accounts are truly vital to you. What accounts, if you lost access to them, would cause a lot of stress and grief in your life?
- Start with one or two (banking is a great place).
- If you’re confused about the setup process, ask your bank’s support (chat, call, etc.). As you get more comfortable with MFA, you can turn it on for other accounts.
- Set up a recovery account if possible.
If you’re feeling confident and comfortable with accessing your online accounts, congratulations! Give yourself a pat on the back for doing this hard work. You are in an awesome spot and taking control over your digital life.
Maybe you’re a password pro already and you’ve heard most of this advice before. Now it's time to jump into the other side of security. In addition to not wanting unauthorized people to access our accounts and do nefarious things, we also want to know what’s happening with all the data we’re generating as we live our lives online. This leads us to privacy.
Privacy and security go together like salad and dressing. Good security gives us better privacy, but having strong passwords isn’t enough. We can protect our activities online from third parties. Third parties are sometimes malicious and sometimes just nosy (there are many stories about targeted advertising and some companies defending their practice of data gathering to better advertise to consumers). The opposite of privacy is surveillance, and most of us are likely being surveilled online. What can you do to reclaim your privacy? The good news is lots!
Some broad recommendations are:
- Choose a browser and email provider that respects your privacy
- Use privacy enhancing extensions in your browser of choice (privacy badger, opens a new window by the Electronic Frontier Foundation is a favorite)
- Be wary of apps on your phone requesting permissions they don’t need (why does Maps need access to your camera? Or contacts?)
- Only keep the apps on your phone you actually use
Remember the beginning of this post: cybersecurity isn’t a chore we do once and we’re done. It’s more like maintenance. Try keeping privacy in mind the next time you download something and see if your perspective has changed.
- This 11-point list, opens a new window is a great place to start.
- Cybersecurity Blue Team Toolkit is a practical handbook to cybersecurity for both tech and non-tech professionals.
- Set a rock-solid foundation for your network, users and data by learning about the basics of cybersecurity in this Lynda.com course, opens a new window.
- In this Google Education Course, Explore a Topic: Technology, Ethics, and Security, opens a new window, you'll explore technology risks and dangers and come up with solutions to keep others safe.
- Create and Safeguard Passwords, opens a new window: Practice creating a strong password and keeping it safe using a spreadsheet.
- Electronic Frontier Foundation Resources, opens a new window- all their tools or “Surveillance Self-Defense, opens a new window"
- If you like podcasts, check out The Privacy Paradox, opens a new window
- For tech savvy readers, you will find something new to learn at these places; the resources are incredibly vast! Reset the Net Privacy Pack, opens a new window and EPIC Online Guide to Practical Privacy Tools, opens a new window.