Mike King

Personal Cyber Security and Privacy Practices

For your personal security and privacy, here’s what I recommend people prioritize (among the many things you can do to reduce your risk):

  1. Focus on the Big Stuff: Focus on protecting your most valuable technology instead of getting overwhelmed — your primary email address (where password reset emails would go), your financial services (banks, credit cards, investing accounts) are the crown jewels to protect with the best security ASAP
  2. Passwords: Set your devices to have secure passwords (Don’t use “12345” or leave default passwords in place) and have devices auto-lock after not being used for a few minutes
  3. Be suspicious when you are contacted:
    • Social Engineering: Be suspicious when someone calls you and asks for information or money — it’s easy for a bad guy to make his phone number look like a legit one
    • Phishing: Be suspicious when emails or texts you and asks for information or money — it’s easy for a bad guy to make his phone number look like a legit one. Don’t click on links or open attachments unless you trust the sender and double-checked it’s from their actual email address.
  4. Use a Password Manager (See Wirecutter’s recommended ones here) and do NOT reuse your passwords — you should use a different password on every website, and different password reset questions
  5. Use Multi-Factor Authentication (MFA) everywhere you can! MFA is using more than one way to prove it’s you (in addition to username and password, such as text message, authenticator app, or biometric):
    • When possible, use an authenticator app (Wirecutter recommends Duo Mobile or Authy) and NOT Text Message/SMS MFA (because of SIM swapping attacks, where the bad guys trick your cell phone company into sending them a new SIM, and then they can get MFA codes to login into your bank)
    • If an authenticator app isn’t an option, consider using a secondary phone for MFA text messages, such as a Burner, Google Fi, Google Voice, or Dialpad
  6. Configure your devices to auto-update software versions when you can, including your computer, smartphone, tablet, and smart devices (e.g., wireless router, smart house sensors), as those updates often resolve security vulnerabilities (ways bad guys can attack your devices)
  7. Freeze your Credit report (for free) with all three credit reporting agencies (see this US Government website for details). This is less convenient when you’re applying for a loan or credit card, but well worth the inconvenience (you can, for free, temporarily unfreeze your credit report when you need someone to be able to run a check) to reduce the risk of identity theft.
    • In addition, you can review your credit reports for free annually (see https://www.usa.gov/credit-reports) to make sure there isn’t incorrect or malicious activity on there. For near-real-time alerts, you could look at getting free alerts through a credit card or bank you already have, or using a service like CreditKarma.
    • If you have children, consider freezing their credit too (even if they’re minors)
  8. A few additional tactical tips:
    • For iPhone users, use Face ID and not your iPhone PIN in public (see WSJ’s video on iPhone Passcode Problem)
    • Don’t plug your devices into public charging USB ports, as that can be a way for bad guys to push malware onto your device
    • Regarding your web browser privacy, consider installing some privacy-focused browser plug-ins such as uBlock Origin, Privacy Badger, and Decentraleyes
    • Don’t truthfully answer password reset questions — instead, make up obviously wrong answers and store them in your password manager (unique answers for each site). For example, if your bank has a password reset question of “What is your mother’s maiden name?”, you could answer it with “Whiteboard” or even better, you could treat it like a password and have the answer be “Wh1t3b0rd28303()%” (though some services want you to say the password reset answers over the phone, which makes that more annoying)
  9. Some things you DON’T need:
    • You don’t need a Virtual Private Network (VPN), as so much modern technology automatically enforces encrypted transmission. If you use Apple products, you can use their free Private Relay service as a free VPN for Safari browsing. Or you can use a trustworthy VPN provider, such as Mullvad VPN if you want to ensure all your network traffic is hidden.
    • You don’t need identity monitoring services like Lifelock, instead see #7 Freeze your Credit above
  10. If you’re looking for advanced personal cybersecurity practices, check out Caleb Sima‘s great Personal Privacy and Security for CISOs blog post!

Discover more from Mike King

Subscribe to get the latest posts sent to your email.

One comment

Leave a comment