Cybersecurity Advice for your Mom
This advice is based on the economic factors driving cybercrime, if you are interested you can read about this in more depth here. What you will find below are steps you can take to make yourself or your loved ones more secure as they use the internet.
Freeze your Credit
Difficulty: Easy
Impact: High
Time: 10 Minutes
Reason: Our credit system is open by default, meaning anyone is able to do a credit check on you or open an account in your name at any time. This is the cornerstone of identity theft and fraud. Fortunately, most of us don’t open credit cards, buy cars and houses frequently. This means we can freeze our credit without too much inconvenience. Freezing our credit means that whenever we do have an event requiring a credit check we have to either provide explicit permission for the company doing the check, or open our credit for a short period of time — both relatively easy tasks!
What to do:
You need to freeze your credit at all three credit tracking agencies (a pain!) however you can do this pretty quickly with the following links. Be careful, these companies will certainly try to get you to pay for some service as you do so — it is not necessary to buy anything to freeze your credit!
When you freeze your credit you will be required to either create an account or manage a secret personal identification number (PIN). I would highly recommend to use a password manager to store this information (see below)
Use your Credit Card
Difficulty: Easy
Time: Ongoing
Reason: For now, the credit card industry has taken on a lot of the responsibility for fraud. Use this to your advantage, whenever possible use your credit card for daily transactions, bill pay, etc. Use this over a check or ACH transfer (what happens when you put your routing & bank account number into a website) whenever possible — even in the real world!
What to do:
Well, it is pretty easy — use the plastic thing in your pocket. You get bonus points for using the new contactless payments such as Apple Pay or Google Pay as they are even more secure than traditional credit cards.
Use Checkout Services
Difficulty: Easy
Time: Ongoing
Reason: You do not need to share your personal details with every website you purchase from online. You also do not need to trust every one of those website to handle your information securely. Using a major checkout service such as shopify, apple pay, buy with amazon, paypal reduces the sprawl of your personal information and trusts a well-established service with a history of security.
What to do:
Choose a service you want to use most frequently and stick with it, when you see the button use it!
Turn on Auto-update
Difficulty: Easy
Time: 10–20 Minutes
Reason: Updates are not just there to make your life miserable, most often they include fixes for security problems in the software. Staying on the latest version means that the cybercriminals need to know about vulnerabilities that the makers of the software do not know about yet — meaning you are far more difficult to target.
What to do:
On many modern systems this is already enabled but it is important to do this for both the operating system and the apps installed. Click on the links below for instructions for your system:
- Windows — modern versions enabled by default so no work to do! If you are not on windows 10 perhaps something to consider…
- Windows Apps
- Mac OS X
- Mac OS X Apps
- Mac OS X Microsoft Office
- iPhone / iPad Apps
- Android Apps
Use a Password Manager
Difficulty: Medium / Hard
Time: Ongoing
Reason: Unfortunately we still rely on passwords throughout the internet to secure our accounts. Passwords are are a pain and the number we need to navigate the internet is crazy. Using a password manager makes it easy to use unique passwords that are extremely difficult to guess. The important reason here is to make sure that you are never using simple passwords even for unimportant websites
What to do:
Pick a password manager and set it up across all your devices. These days it is pretty seamless but it does require a bit of setup. The two most popular and easiest to use are:
Turn on Two Step Verification at your Bank
Difficulty: Medium
Time: 10 Minutes
Reason: In particular you want to make sure that the account for your bank’s website is secure. It is often targeted and enabling two step verification drastically improves its security.
What to do:
Follow the instructions for your bank. I would recommend to use a text message (or in-app notification) for simplicity sake — the use of an authentication token is often too cumbersome for most!
- WellsFargo
- Chase — enabled by default! Good for them …
- Bank of America
Links to instructions for other banks can be found here
Use a Web-based Email Service
Difficulty: Medium
Time: Ongoing
Reason: Most desktop clients make it really easy to open attachments — sometimes without even meaning to. Web-based email services provide two benefits for you. First, they aggressively filter SPAM and scan attachments for known exploits. But more importantly clients like gmail use their built-in tools (like google docs) to preview the attachments. The exploits in these attachments are crafted to target software on your computer — like Microsoft word. Even a malicious attachment opened with google docs will act benign.
What to do:
Use either Gmail or Microsoft for your email service. These services provide free email and make it easy to use.
Use a Mac, iPad or Chromebook
Difficulty: Medium
Time: a few days …
Reason: Most attacks are targeting to the broader population. The trick is to look different to the hackers. Most people use windows so choose something else!
What to do:
When you are browsing the web or reading email make your primary device a Mac, an iPad or a google Chromebook. All of these devices are not only more secure by default but they are not often the targets of major attacks. With the Chromebook or entry level iPad’s as an option this is also something that does not need to cost too much money…
Use a two-tiered banking system
Difficulty: Hard
Time: a few days …
Reason: Our daily life requires us to use our ATM card, checks, etc. all over the place. Use of these tools provides access to the associated bank accounts. If abused this means that the money in that account could be stolen.
What to do:
Set up a ‘daily use’ account with money to fund a few weeks or month of living expenses. Keep your savings / investment accounts at another bank with a recurring transfer to fund the ‘daily use’ account. If that is not feasible then call your bank and ensure that there is no way for an automatic transfer from your savings accounts into your daily use account to occur.
Some reading this may question the lack of some commonly recommended steps missing from the list (like using two step verification everywhere). I tried to keep this focused with an eye on the tradeoff between effort and impact. Following all of these suggestion would provide for a pretty secure existence on the internet. But short of that any of these steps is an improvement!