Cybersecurity 101: A Guide to Personal Cybersecurity

What

Freeze your credit at the 4 credit bureaus and check your credit rating annually at each. 

Why 
Freezing your credit is the most important thing you can do to protect your identity. Freezing your credit makes it very hard for cybercriminals to take out credit in your name and steal your identity. 

If you have not frozen your credit, someone can walk into a car dealer, say they are you, present a fraudulent driver license, give them your social security number, and drive out in a new car that you are financially responsible for.

If you’ve frozen your credit, the car dealer won’t be able to pull a credit report. Without a credit report, the dealer won’t sell the car to the criminal. 

How

Credit freezes are free thanks to Federal law. You can selectively unfreeze for new credit needs from new creditors; then refreeze when their needs are satisfied. With the Equifax and other breaches, it becomes imperative to take steps to protect your identity, especially when it touches your financial resources. You do this by freezing your credit. 

Equifax: Go to www.equifax.com, scroll down and click on Place or Manage a Freeze. then follow the instructions. 

Experian: Go to www.experian.com, scroll down, click on Security Freeze, and follow instructions. TransUnion: Go to www.transunion.com, click on Resources, click on Credit Freeze, and follow instructions. 

Innovis™: Go to www.innovis.com, scroll down, click on Security Freeze, and follow instructions. 

You'll receive a PIN to credit freeze/unfreeze your credit. Be sure to store it securely. 

Credit Freeze vs Fraud Alert

Note that a credit freeze is different from a fraud alert (which doesn’t prevent identity theft) and won't impact your personal credit cards. 

Each of these companies may try to upsell protection services that don’t include freezing your credit. We strongly recommend prioritizing the credit freeze. 

For added caution, consider freezing at the National Consumer Telecommunications and Utilities Exchange (www.nctue.com) by calling 866-349-5355. 

Check your credit at least annually. 

Obtain free reports each year from all four major bureaus at AnnualCreditReport.com. Risk averse consumers can spread these out to check their credit every three months.

Also known as 2FA, Multi-Factor Authentication, MFA, and other similar terms. Don’t be confused by similar terms indicating the same thing.

What

Set up Two-Factor Authentication (2FA/MFA) at all your important online accounts 

including email, your banks, credit card accounts, investment accounts, government accounts, social media accounts, etc. 

If you’re given the option, choose something other than text messaging, as text message 2FA is easier to hack than the others. 

Why

2FA is a Powerful Defense. 

Microsoft says their studies show that email is more than 99.9% less likely to be hacked if you use 2FA. 

If a hacker has the password to your bank account, there may be little stopping them from getting in and stealing your money. 

Two Factor Authentication takes care of this. With 2FA, in addition to your password, your bank will also ask you to enter a special one-time code (the second factor). 

How

Visit the website of every account that you want to protect and determine if the account offers 2FA. This is often in the user-profile settings. If you can’tfind it, reach out to customer service. You may also find it valuable to make a list of sites you want protected with 2FA,and indicate the sites on which it is set up. This will make using 2FA easier to manage. 

There are several different ways to get this code. Your bank may text it to you, use an authenticator app on your smartphone that generates a new code every minute, or use the bank’s smartphone app combined with photo recognition. There are also 3rd-party applications such as Duo and Symantec’s VIP-access that manage 2FA. 

Always use 2FA if it’s available when accessing important online accounts. These include your email accounts, financial accounts (e.g. investments, banking, credit cards), social media accounts (e.g., Facebook, LinkedIn, Twitter), and government-related accounts (e.g. DMV, IRS, Social Security). 

When you have a choice, use an authenticator app instead of receiving text message

What 

Always be suspicious when receiving unexpected emails, texts, or phone calls, especially when accompanied by requests for personal information or money. 

Be vigilant. Pay attention. Always on guard. Don't hurry. ... Just like safe driving.

Why 
Cybercriminals succeed in large part because people are too trusting or in too big a hurry.

Email is a hacker’s best friend. As many as 90% of cyber attacks begin with a phishing email or text. 

That email from a friend with a cartoon attached? Maybe it’s from a hacker and not your friend. Open the attachment and your computer is infected. You’ve been hacked. 

That email from the IRS, asking you to open an attachment about a possible tax penalty? It could be from a hacker. Open the attachment, and you’ve been hacked. 

That text message from your favorite nonprofit asking for a donation? Maybe it’s not from the nonprofit but from a hacker who’s set up a fake website for your donation. 

The email from your escrow company with wiring instructions to close on that house you’re buying? Maybe it’s not from your escrow company. Maybe it’s a hacker hoping you’ll wire your bank loan to them. 

That phone call from an unknown caller claiming to be from your bank, the IRS, the Social Security Administration is a RED FLAG. Assume it’s a scam and don’t pick up. 

How

When it comes to protecting yourself from email, text and phone message attacks, the rule is simple: Don’t trust. Always verify. 

Don't click on links or attachments unless you KNOW they're safe. Don’t trust. Always verify. 

Call your friend. Go to the nonprofit’s website and make your donation there. 

Ignore the fake IRS email along with similar emails designed to look like they’re from your bank or other businesses. Check the “From” to make sure the address ( the 

[email protected]) is correct. 

Always make that phone call to double-check the authenticity of a request to wire money. New AI-based trickery makes this a must! 

Here are tips to help manage dangerous emails or texts. Keep in mind that AI is making these texts and emails perfect.

Look for misspellings in words or links. Hover your mouse over links and usually, a pop-up will display the actual website or email address you’re being lured to.

When sharing a link or file, add a personal touch so the recipient knows it’s from you

Forward any phishing emails to [email protected]

Copy and paste phony texts to 7726 to alert your cell phone provider 

What 

Keep software up to date on all your devices. This includes your Windows or Mac operating system, your web browsers, your word processors, your spreadsheet programs, your PDF readers, iTunes, Zoom, and all the other applications on your computer and smartphone. 

Why 
As we know so well when our computers and smartphones freeze up, the programs we run on our computers are not perfect. This makes them the “hacker’s playground.” 

Cybercriminals look for bugs in programs. Bugs are mistakes in the code that the programmers made when writing the software. Often, the software will look and work just fine to you and me, but cybercriminals know how to use bugs to affect security. When cybercriminals find bugs, they write other programs to “exploit” these bugs. It is these exploits they use to hack your computers and smartphones. 

How

When software companies discover a bug in their programs, they “patch” the program, fixing the bug, and release an update that is no longer vulnerable to the hacker’s exploit. Software companies fixed 28,000 vulnerabilities in 2021.This is 50% greater than the 18,000 vulnerabilities in 2020 and double the 14,000 in 2017. This is why it’s so important to keep all the software on your computers and smartphones updated with the latest versions of the programs you’re using. 

Some software is designed to automatically update. Microsoft, for example, is designed to update automatically when updates are released on the 2nd Tuesday of each month. Firefox and Chrome also update automatically when you shut them down and restart them. They may not update though if you don’t restart them. 

You can update the programs on your iPhone by going to the App Store and checking for “available updates.” The Android offers similar update management.

SecureTheVillage publishes our Weekend Patch Report every Sunday to help residents and small businesses keep their computer updated. We publish it on our website and on our LinkedIn and Twitter accounts. It’s also available by email bundled with our Cybersecurity News of the Week. Simply visit securethevillage.org, scroll down and page and select “Join Our Email List.” 

What 

Encryption is the method by which information is converted into secret code that hides the information’s true meaning. Encrypt files on your computers, smart devices, portable storage, and the cloud. 

Why

When you encrypt your files, you make them unreadable to anyone who doesn’t have the encryption key. Encrypting your files prevents someone from learning your personal secrets, financial information, and the like. Encrypting your files keeps this sensitive information secret were a hacker to steal your device. 

It's particularly important to encrypt your smartphones, tablets, laptops, and even USB-drives. All of these are easily lost or stolen. If they're not encrypted, then whoever gets the device will be able to see everything on it.

A recent story tells of a government worker who had the personal information of an entire city’s population on an unencrypted flash drive. The worker planned to take the flash drive home to work on it. Before going home, however, he stopped in a bar where he apparently had too much to drink. Several hours later he woke up. The flash drive was gone, putting the entire city's population at risk of identity theft. 

How

Both major personal computer flavors – Windows and Mac – support file encryption on fixed and external disks (e.g. flash drives). Use BitLocker® (for Windows) or FileVault® (for macOS). Make sure you safeguard the encryption key. Write it down, describe what it’s for, and store it someplace that’s physically secure.

Once you have passwords set on them, the iPhone and Android smartphones will encrypt your smartphone data by default.

Many cloud storage providers also encrypt your data by default. You will want to make sure that encryption is enabled in the cloud.

What

Maintain a remote, multi-version backup of personal computer and smartphone files. 

Why

We have a friend whose smart phone was stolen while she was shopping. Her phone was not backed up and she lost over 5,000 photos of her grandchildren. It was heart-breaking. 

Backing up your files means you can get them back if something happens to the originals. This includes device theft or loss, hard drive failures, earthquakes, ransomware attacks, and data overflow.

Don't just backup your files. Also make sure you know how to get your files back from your backups.

How

There are three different ways to back-up your files. These are listed as good, better, best.

• Back up your files by hard drive: A simple way to back up the files on your PC is to connect a USB-drive or auxiliary hard drive to it. Both Windows and Mac provide built-in tools for doing this. While this kind of backup is a good start, it is of no value if the backup drive becomes inoperable. This can happen in an earthquake or if the computer gets attacked with ransomware. 

• Back up your files to the cloud: A better solution is to back up to the cloud. There are numerous synchronization programs, including Office 365, that can synch files between your device and the cloud. These synchronous cloud backup programs, however, don’t protect you against attacks like ransomware. As the ransomware encrypts files on your hard drive, these encrypted files now overwrite their cloud copies.

• Multi-version cloud backup: The best backup programs are both remote and maintain multi-versions of your files. These include offerings like Apple’s iCloud and Microsoft’s OneDrive, as well as commercial offerings like Carbonite™ which may also offer easier to use recovery options. Your smartphone’s tools can be set to back up to the cloud or to your computer. 

What

Install antivirus on personal computer(s) and smartphone(s), and run it continuously. 

Why

Hackers create and use computer viruses to hack computers and smartphones. Once a virus infects your device, the hacker has control. Computer viruses and other kinds of malware (malicious software) enable the hacker to steal your information, destroy your data, and turn your computer into a “bot” under his control. 

Modern antivirus programs are designed to block viruses and other kinds of malware from running on your devices. They can also search your hard drive for the telltale signs of a virus intrusion, removing what it finds. 

An important caveat: While antivirus software is necessary, it is not sufficient. Antivirus programs work by comparing a file against a database of known malware, much the way law enforcement might compare a suspect against a photo gallery of known criminals. This only works if the malware is in the “gallery of known malware.” With 500,000 new malware variants being created every day, it’s not hard to see that antivirus programs are playing from behind. 

How

How to Get an Antivirus Program.

Most modern personal computer operating systems offer, as standard, a suite of security and privacy functions, including an antivirus program. In addition to the antivirus program Defender, the Windows® suite includes features such as access control, firewall, backup, parental control and storage/disk tune-up. The MacOS® offers XProtect for antivirus together with access control, backup (Time Machine), firewall, storage tuneup, and location control. 

Apple provides a basic antivirus program as part of iOS for the iPhone and iPad. Google provides a modicum of antivirus protection on Androids. Android users should also be cautious to only install programs from the Google Store and to run Google Play Protect. There are also numerous commercial offerings from companies such as Norton, McAfee and Bitdefender. Some commercial suites include additional functions, such as a password manager and a VPN. 

How to Use Your Antivirus Program

Run your antivirus software continuously. Run a full scan at least weekly on your computer. This may be set by default. If not, you can initiate the scan manually. Check the help system. 

You should also initiate a manual scan if a virus infection is suspected. Keep in mind though that the antivirus program is best at identifying known viruses. If it identifies a virus, it will likely be able to remove it. Just because it doesn’t identify a virus, though, doesn’t mean you don’t have one. 

What

Use long, unique, memorable passwords for all online accounts and use a password manager to manage them. 

Why 

Your passwords are the “Keys to the Kingdom."

Short, guessable passwords are an open door for hackers. Hackers are way too sophisticated to sit at their computer trying to guess your password, one guess at a time. Hackers have lists of common passwords that people use, like “password” and “123456.” They have dictionary lists of every word in several different languages. And they have access to more than ten billion passwords stolen in other data breaches. Hackers run programs that try every password on their lists, knowing that in many cases, they will be successful in finding your password and taking over your account. 

Once the hacker knows your password to an account, the hacker can take over the account if it isn’t protected with Two-Factor Authentication (See Rule 2). If that same password is used on other sites, then the hacker can take over these other sites. If a hacker knows the password to your favorite shopping site and that password is the same as the password to your bank, then the hacker knows the password to your bank. 

How 

Modern password recommendations advise users to create long complex “passphrases.”  This means 12 or more characters and at least three of the following: lower case letters, upper case letters, numbers, and special characters. 

Here are some examples of long complex passphrases: 

1Hate$Passwords 

Hello7Goodby$% 

AP8745-9125ky

Passwords on accounts having 2FA only need to be changed when a breach of that site occurs, not on any regular schedule. 

Passwords on accounts with information you care about that don’t have 2FA should be changed at least annually or anytime a breach is announced. Be especially careful with passwords for your financial accounts, particularly those that don’t have 2FA. Make certain these are long, complex, unique.

Storing your passwords. 

Don't store your passwords in a file on your computer or smartphone, even if you think it's protected. If you must write down your passwords, be sure to store them as safely as you would your wallet.

Storing multiple passwords with a password manager (download our Guide to Password Managers)

If you have more than just a few passwords, you will want to use a password manager to keep track of them. 

Choose a password manager that is independent of your Web browser, supports 2FA and protect it with a password of at least 16 characters.

For more information, see our Guide to Password Managers.

What

Use Public Wi-Fi only with a secure VPN. Avoid online financial transactions on public Wi-Fi. 

Why 

There are too many eavesdroppers on a public Wi-Fi network. When away from home, there are two primary choices: connecting your smartphone or laptop to public Wi-Fi - as is commonly available in an airport, an AirBnB or, for example, a Starbucks™ restaurant - or using your smartphone’s cellular data capability. 

Public Wi-Fi is insecure, even with password access, and should never be used for financial transactions, unless a Virtual Private Network (VPN) service can be employed (see discussion below). 

Cellular data transmission is generally considered to be secure. On a typical 4G (4th Generation as supplied by vendors like AT&T® or Verizon®) cellular network connection, data is encrypted and the user’s identity is authenticated and protected. Happily, the next generation, 5G, offers improved security in terms of encryption and identity protection. 

“When you connect to a VPN, it creates an encrypted connection, which keeps your internet traffic in a ‘tunnel’ that hides all of your internet activity, DNS requests included. No one can see what you’re up to - not your ISP, the government or your (un)friendly neighborhood hacker.” A Virtual Private Network (VPN) protects and secures your identity and information. 

How

If you travel frequently, use public Wi-Fi services, access a friend’s or relative’s network or want to add additional privacy to your home network, you can purchase VPN service from several quality vendors. Top rated choices from Consumer Reports include Mullvad, IVPN, Mozilla VPN, and TunnelBear. Check out the trial period when making your selection – longest is best. 

If you believe that you are the target of a serious internet criminal, investment in a VPN may be warranted to allow your activities to be truly private on the internet. 

Note that a VPN, whether on your personal computer or smartphone, ONLY protects (encrypts, re-routes) your web browsing, social media and email activities over the internet. Voice calls and texting operate on the cellular data network, separate from the internet. 

What 

Set up non-Administrator accounts for yourself and other users on your PC or Mac. 

Why

Your computer has two different types of accounts. Each type has different "privileges."

Administrator accounts are unlimited in what they can do on your computer. By contrast, limited accounts are limited in their activities.

For example, a limited account won't be able to see the files of other users whereas an administrator account can see everyone's files.

Cybercriminals love to hack administrative accounts. Making matters worse, it's actually easier for them to hack an administrator account without detection.

How

Your initial account on your PC, whether Windows or Mac, will typically be an Administrator account, allowing you to create additional users and control their access.

Create a separate, personal account for your daily use, distinct from your Administrator account, and create separate accounts for all family members on your computer, as follows: 

In Windows: 

Open Settings → Accounts 

→ Family & Other People 

→ Add a Family Member 

Follow remaining steps 

On a Mac: 

Select System Preferences → Users & Groups Click the Lock icon 

Enter administrative password 

Click Unlock button 

Click the “+” button at bottom of user list → New Account 

Select account type of choice (If parent setting up for child, select Managed with Parental Controls) 

→ Full name 

→ Account name 

→ Create User 

What 

Limit sharing of your personal information on social media and across the Internet to protect your security and privacy. 

Why 

Think of your digital space as your home. Just as you wouldn't allow strangers to listen to your conversations or watch your every move at home, you shouldn't permit companies to invade your online personal space. Security safeguards your data, but privacy relies on both technical measures and legal regulations. 

While privacy laws have been sparse historically, recent developments like the GDPR in the EU and CCPA in California highlight the growing importance of data protection. Companies are working on improving privacy features, including controls for location sharing, data deletion, and secure sign-ins. 

The New York Times emphasizes the need for clear consent when collecting personal information, shifting the burden from opt-out to opt-in. To learn more about privacy rights and regulations, visit www.security.org. 

How

To safeguard your information: 

Browser Privacy: Use DuckDuckGo for web searches, which shows relevant ads without collecting your data. Also, enable private or incognito mode in browsers like Chrome™ and Safari® to reduce data tracking. 

Browser Extensions: Install Ghostery to block ad trackers and categorize them. For enhanced privacy, consider using the Ghostery browser. Add uBlockOrigin to block ads and their data collection. Complement it with Privacy Badger from the Electronic Frontier Foundation to reduce tracking ads. 

Social Media: Regularly review and adjust sharing and privacy settings on your social media accounts. 

Smartphone Contacts: Minimize contact sharing on your smartphone. On iPhones, navigate to Settings → Privacy → Contacts to manage app access. For Android, the Contacts app by Google offers control over contact sharing. 

Location Sharing: Be cautious with location sharing. Your location data can reveal your home or work address to the wrong people. Limit location services to essential apps, like GPS navigation (e.g., WAZE™). On iPhone with iOS 14, control app-specific location sharing preferences. 

Data Requests: If concerned about data misuse, request your collected personal data from the company's Privacy Compliance Officer. This right is currently supported by California state law but may be worth trying elsewhere. 

What 

Set up your home router securely. 

Why 

Even if you do everything right, your router can be vulnerable to hackers. Findings from a 2018 router firmware study found that 83% of the 186 home routers tested had firmware errors/vulnerabilities to hacking. The average number of vulnerabilities was 172. 

Some routers allow remote access to a router’s controls, enabling the manufacturer to provide technical support, as an option. 

Some routers support the UPnP home networking protocol which supports remote access for gamers. 

Never leave these remote management features enabled. Hackers can and will use them to get into your home network. 

How 

Setting up your home router securely is a one-time effort that should be done carefully. Consult a professional or a knowledgeable family member if you are unsure of the following steps: 

Choose a unique, memorable ID and STRONG, memorable password to manage the router’s settings. Next, following your router’s instructions, set up your home network by creating a unique, memorable Wi-Fi network name – also called an SSID – that offers NO personal or familial reference. This name is broadcast in your neighborhood, so it shouldn’t identify your family or home. 

You should also create a STRONG, memorable password to be used by each home-based device when seeking Wi-Fi access. 

Select a data encryption option for the Wi-Fi network – WPA2 should be selected, unless WPA3 is available. Wi Fi Protected Access (WPA) are data encryption standards for users of computing devices equipped with wireless internet connections. (Both offer superior data encryption to the original data encryption option, WEP, which should no longer be used) 

Next, ensure that your router’s firewall is enabled to protect your Wi-FI network from unwanted incoming data traffic. 

Plan on an occasional (at least annual) login to perform any needed maintenance; e.g. updating the router’s firmware from the router manufacturer’s website. If unsure how to do this, as it’s a very occasional and very important activity, consult a professional. 

What 

Set your devices to lock after a short time of inactivity. 

Why 

Inactive or stolen, hackers can invade your smart device. Physical access to your personal computer needs attention. If there is unauthorized access at home or away (e.g. your personal computer is stolen), the thieves can search the data on the hard drive (permanent storage) for personal information. Now, where did I leave my smartphone?Smartphones can be lost and stolen and your personal information may be accessed by criminals. 

How 

Follow our guidance on creating strong passwords (and sometimes pin numbers) on your personal computer’s and smartphone’s login screens: 

Most current devices offer fingerprint and/or facial recognition features to unlock access to your devices in Settings. 

Set your personal computer and smartphone to lock after a short time of inactivity – you will find these options in Settings. 

Close the lid of your laptop whenever leaving it.

You should also enable "device tracking" on your smartphone, tablets, and other computing devices supporting it. This way you can locate it if it's lost or stolen, and completely delete (wipe) the information from the phone should you need to.

• For an iPhone, go to Settings → [Your username] → Find My and turn on Find My iPhone. 

• For an Android, open Settings → Security & location and enable Find My Device. 

• After you've done this, you'll be able to login Apple's iCloud or your Android's website, locate your phone and, if necessary, wipe the contents. 

One final thing you may want to do is create a smartphone lock screen with alternate phone number and email to enable a good Samaritan to return your smartphone. Simply use a graphic editor such as Microsoft Paint on your lock screen photo to add the needed information.

• Cybercrime Support Network: Arm yourself with the information you need to recognize, report and recover from cybercrime.

• AARP Fraud Watch Network™ is a free resource for all. With AARP as your partner, you’ll learn how to proactively spot scams, get guidance from our fraud specialists if you’ve been targeted.

• Identity Theft Resource Center: The ITRC is a non-profit organization established to minimize risk and mitigate the impact of identity compromise.

• IdentityTheft.gov

• A Password Manager Guide for Families and Individuals

• CyberGuardian™: A SecureTheVillage Guide for Residents Paperback by Dr. Steve Krantz: A CyberGuardian has the knowledge, skills, and commitment needed to meet the ongoing challenges of cybercrime, computer privacy and information security. A safe electronic village is one where cybercrime is overwhelmingly prevented or readily mitigated when it occurs.