Rethinking Cybersecurity

Rethinking Cybersecurity: Practical Steps for Everyday Users

In today’s digital era, our lives are intertwined with technology more than ever before. From online banking to social media interactions, the convenience of the digital world is undeniable. But with this convenience comes the ever-growing need for robust cybersecurity measures. As we navigate the online realm, it’s crucial to be aware of the pitfalls that can compromise our digital safety.

Take, for instance, my once-favoured “NewZealand123!” password strategy, I chose my favourite country, added some numbers and ended with a symbol. At first glance, it seems to combine the best of both worlds: the familiarity of a country name with the added complexity of numbers and a symbol, presumably making it harder for cyber attackers to guess. The rationale behind such strategies is often rooted in our quest for memorable and theoretically secure passwords. After all, “NewZealand” isn’t just any random word—it’s unique and holds a personal significance. Pairing it with a set of numbers, like the current year or a birthday, and an exclamation mark provides that additional layer of perceived security because it meets password complexity requirements… Or does it?

However, when you think about it, the predictability of this pattern becomes obvious. Cyber attackers, equipped with advanced tools and algorithms, can easily figure out such patterns, especially when a significant portion of users adopt similar strategies. By using a recognisable word followed by predictable number sequences and predictable punctuation at the end to meet complexity requirements, we inadvertently give hackers a head start, making their task of breaching our accounts that much simpler.

The Password Pattern Problem:

Passwords are the gatekeepers of our digital identities, acting as protective barriers for our personal emails, social media accounts, financial details, and more. In a bid to craft memorable yet secure passwords, many of us, me included, have been drawn to strategies like “NewZealand123!”

But if a hacker has access to my online personas (and they do) and perhaps has access to breached websites where my password has appeared (they do), then does my password follow a predictable pattern? When I was using passwords like “NewZealand123!” they did. A discussion with a buddy a few years ago triggered a change in my password management methodology and, at the same time, triggered my curiosity into Cybersecurity and started the chain reaction that has led to me now completing my Master’s degree.

The Password Manager Revolution:

My buddy said that if “NewZealand” appears in more than one breach, then it’s trivial to program using something like Python (he showed me how) to write a script
that can test all the likely iterations. Suddenly, a password with 1028 possibilities had gone down to 32,000 possibilities, taking just milliseconds to crack!

My enlightenment about password vulnerabilities steered me towards password managers, and it was a game-changer. Here’s how they transform the password experience:

  • Enhanced Security: Password managers can generate passwords that are both long and complex, consisting of a random combination of letters, numbers, and symbols. This randomness is virtually impossible for attackers to predict. As mentioned above. A 14-character random password has 1028 possibilities.
  • Avoiding Phishing Attacks: One underrated feature of password managers is their ability to match stored passwords with specific websites. If you’re on a site pretending to be your bank, the password manager won’t autofill your credentials, acting as a red flag that something’s amiss.
  • Convenience and Efficiency: While the initial setup requires effort, inputting all your credentials into the manager, the long-term benefits are substantial. The manager auto-fills login details on recognised sites, making the process of entering passwords faster and more seamless than manual entry.

After my transition to a password manager, my digital security posture improved, and the entire process of logging into sites became more streamlined. I no longer had to recall which variation of my “NewZealand123” strategy I used for each site. Instead, with a single master password, I gained access to a vault of unique, strong passwords tailored to a specific account.

Taking Security Up a Notch with Two-Factor Authentication (2FA):

While strong, unique passwords are a crucial defence, adding another layer of security can make a world of difference. Business systems get breached all the time, and research by IBM suggests that breaches remain undetected for up to 280 days. That’s 280 days for someone to figure out your password and attempt to access your account before someone notices it and does something to stop it!

Enter two-factor authentication. 2FA requires a password and a second piece of evidence – like a code sent to your phone or an authentication app response – before granting access. Even if a hacker manages to steal your password, without this second piece, they’re locked out. It’s akin to having a deadbolt on your front door in addition to the regular lock. 280 days is still a long time, but at least during that time, your data and account on that site is safe. And if you’re using a randomised unique password, you also don’t need to worry about your other accounts.

The Email Attachment Dilemma:

Let’s talk about emails; they play a big role in our lives, helping us communicate and stay informed. But while most emails are harmless, some are phishing attempts designed to trick us into making mistakes and doing something we shouldn’t.

Phishing emails try to catch us off guard and get us to use our quick, automatic reactions. They might make us feel rushed, like we must act now or use familiar names to get us to click without thinking. This could be a surprise invoice, a message from a ‘friend,’ or an exciting offer. Their aim? To get us to act without thinking it through.

So, how do we protect ourselves? The key is slowing down and thinking more about what we see. Taking a moment to think can help us see if something doesn’t feel right. Think “about” the email, not just think about what the email wants. Does it “feel right”?

Here are some things to think about:

  • Expectation Check: Did you expect this email? It could appear to be from a friend, an unfamiliar person, or even a reputable business like a bank or payment service, but is it expected? Does it encourage you to click on a link, open an attachment, or press a button to find out more?
  • Content Analysis: Is the email trying to rush you? Be careful of urgent requests or offers that seem too good to be true.
  • Action Relevance: Ensure the action you’re prompted to take aligns with the email’s message. On a computer, you can hover over links with your mouse to see where they lead. On an iPhone, you can hold down on the link to preview its destination; on Android, you can long-press the link to view its URL.

A Personal Brush with Phishing:

I once received an email that seemed to be from a trusted contact, someone I had worked with on a project a few months back. The subject was innocuous enough, “Project Follow-up,” and the body of the email was professionally worded. But what caught my eye was a link urging me to view ‘essential feedback’ on a shared document. I found it odd since our project had concluded and all feedback had been previously shared. Instead of clicking impulsively, I decided to check where the link led. Hovering over it, I noticed the URL led to a computer in Thailand, which had nothing to do with the project. This small discrepancy was a huge red flag. I reached out to my contact directly, and sure enough, they hadn’t sent the email. Someone was impersonating them, hoping I’d give away sensitive information or download malicious content.

By getting into the habit of pausing and thinking, we can make better decisions and avoid falling for phishing emails.

social media, connections, networking

Smart Sharing on Social Media:

Social media platforms have weaved their way into the fabric of our daily lives. They’re where we share updates, celebrate milestones, and connect with friends and family. But with the ease of sharing comes the risk of oversharing, sometimes to the detriment of our own safety.

Consider this: when we post about our daily routines, vacation plans, or even our favourite cafe, we’re unwittingly creating a pattern, a digital footprint. Those with ill intentions can easily pick this pattern up. They don’t necessarily have to be expert hackers; they’re just keen observers.

The Subtle Dangers of Oversharing:

Every post we share is like adding a piece to our personal jigsaw puzzle. Mentioning a day trip or a pet’s name might seem innocent, but it can offer more information than we might realise. Importantly, we should remember that not everyone on social media has our best interests at heart. While many users engage in conversations genuinely, some might have ulterior motives, steering chats to gather information or subtly manipulate us.

Pause Before Posting:

Before sharing, it’s a good idea to think about who’s on the receiving end. Setting up groups based on how well we know people can be helpful. For instance, have groups for close friends, family, acquaintances, people we only know online and don’t interact with often, and so on. By default, it’s wise to share with smaller, more familiar groups unless we’re sure we want to broadcast something to everyone.

Rethinking Sharing:

It’s not about quitting social media or even drastically reducing our posts. It’s about being mindful of the audience and the information we’re putting out there. Here are a few things to consider:

  • Audience Segmentation: Instead of sharing with everyone, consider creating groups like ‘Family,’ ‘Close Friends,’ or ‘Acquaintances.’ Tailor your posts to the audience. That beach vacation photo might be best kept within the ‘Family’ group.
  • Delaying Posts: If you’re on vacation or away from home, consider posting your photos and updates after you’ve returned. This way, you’re not broadcasting your absence in real time.
  • Checking in Wisely: Love checking in at your favourite spots? It’s fun but think about doing it as you’re leaving rather than when you arrive.

Remember, every post we make is a piece of a larger puzzle. By being intentional and thoughtful with our shares, we can enjoy social media while also safeguarding our privacy.

Guiding Safe Sharing Among Our Circle:

Being watchful of our online behaviour also means looking out for our friends and family. If we see someone sharing something that seems a bit too personal or risky, it’s kind to drop them a message. A simple “Hey, did you mean to share that with everyone?” can make all the difference.

Being proactive and thoughtful about our online interactions helps ensure that our social media experience remains enjoyable and safe. 

online shopping, credit card, online

Financial Vigilance:

Most of us have grown accustomed to handling our finances online. The digital world offers unmatched convenience, from checking our bank balances to paying bills or making investments. But with this convenience also comes the need for increased watchfulness.

The Hidden Costs of Not Checking:

Every line on our statement tells a tale. While many are routine purchases, sometimes there’s one that just doesn’t fit. These little discrepancies might be early signs of unauthorised activity, even if just a small amount.

A Personal Wake-Up Call:

I remember a time when I was going through my credit card statement and almost overlooked a small charge to an online vendor I didn’t recognise. It was a small amount that I initially thought of ignoring. However, I hadn’t made that purchase; this small charge, which might seem insignificant to many, was a common trick fraudsters use.

By making such tiny transactions, they try to see if the card or account is active and if the owner notices. If this little charge goes through smoothly and isn’t flagged, it gives them the confidence to make bigger, unauthorised purchases or even to sell the card details to others. For me, spotting this early sign stopped what could have been a series of unauthorised charges.

Protecting Our Elders:

It’s worth noting that our older family members might be more susceptible to these tactics. They may not be as tech-savvy or as vigilant in monitoring their financial activities. As such, maybe we can help by taking responsibility to help safeguard their financial well-being. Setting up checks, alerts, and even restrictions on large transfers from their accounts can be a proactive step. With their permission, we can ensure that significant transactions require additional authorisation, adding an extra layer of protection.

Staying Proactive:

It’s not just about spotting big, unexpected purchases. It’s about recognising patterns, repeated charges, or even services you no longer use but are still billed for. Here’s how to stay ahead:

  • Regular Checks: Dedicate a specific time each week or month to review your statements. This habit ensures you’re always in the know.
  • Set Alerts: Many banks allow setting up transaction alerts, notifying you of large transactions, foreign charges, or if your balance drops below a set amount.
  • Question Recurrences: Dig deeper if you spot a recurring charge you don’t recognise. It might be a subscription you’ve forgotten about or someone slowly taking funds.

By understanding the subtle tricks and tactics used by those with ill intentions and ensuring the safety of all family members, we can better guard our collective financial health.

data carrier, pendrive, memory

The Backup Blindspot:

Backing up data is one of those tasks that often gets pushed to the back burner. We know it’s crucial, but between our daily responsibilities and the hustle and bustle of life, it’s easy to think, “I’ll do it tomorrow.” But what happens when tomorrow is too late?

The True Value of Our Data:

Take a moment and think about the devices you use daily—your smartphone, laptop, or tablet. What would you miss the most if they were suddenly gone? Precious family photos, critical work documents, or years of music collection? Identifying the importance of our data is the first step in understanding the need to back it up.

One of the best ways to realise the importance of backups is to ask yourself: “If my device was stolen or crashed today, what would I regret losing the most?” For many, the answer is often more sentimental than practical, like photos of loved ones or important milestones.

Accessible Backup Options:

  • External Hard Drives: These are physical devices that you can connect to your computer to transfer and store data. They come in various sizes and are a one-time investment. Doing a monthly backup of your most crucial files to an external drive is a good idea.
  • Cloud Storage: Services like Google Drive, Dropbox, and iCloud offer a certain amount of storage for free, with options to upgrade for more space. They automatically sync your files to the cloud, ensuring you always have a recent backup. Weekly or even daily backups can be scheduled, depending on how frequently you update or add new data.
  • USB Flash Drives: Flash drives can be handy for smaller, critical files or documents. They’re portable and can be used to transfer files between devices.
  • Frequency Matters: Consider daily backups for essential work documents or projects you’re currently working on. For general data, a weekly or bi-weekly backup might suffice. Remember, the more frequently you back up, the less data you risk losing.

Backup Isn’t Just “Set and Forget”:

While setting up automated backups is a step in the right direction, it’s not enough. Regularly checking that these backups are functioning and being able to restore data from them is equally crucial. It’s like testing the brakes on a car; you want to be sure they work before you find yourself in a situation where you need them most.

Seeking Support:

For those who find the idea of backups daunting or unsure where to start, seeking advice from tech-savvy friends or family can make a difference. They can introduce you to simple tools and practices that make the process straightforward and hassle-free.

Free WiFi signage on wooden post

Navigating Public Wi-Fi:

We’ve all been stranded without data at a café, airport, or hotel. The allure of free Wi-Fi beckons. But, as convenient as these networks can be, they come with risks.

Understanding the Need for a VPN:

Imagine sending a letter without an envelope so anyone can read it. That’s public Wi-Fi for you. A VPN, or Virtual Private Network, is like giving that letter a sealed envelope, protecting its contents from prying eyes. When you use a VPN, your online activities are encrypted, making it challenging for anyone to see what you’re up to.

How to Get and Use a VPN:

There are many VPN services available, both free and paid; personally, I use NordVPN but look for ones with good reviews and user recommendations. Once installed on your device, you can set up most VPNs to automatically activate when connecting to unfamiliar Wi-Fi networks. Though you’ll connect to the Wi-Fi first, your VPN will quickly encrypt your session, keeping your data safe.

Check for the Padlock – HTTPS:

When you’re browsing on public Wi-Fi, look for a small padlock symbol in your browser’s address bar. It indicates that the website you’re on is secure. Also, check if the website address starts with ‘https://’. The ‘s’ stands for secure, and it means the information you send to and from that site is encrypted.

Forgetting the Network:

After using a public Wi-Fi, it’s a good habit to make sure your device forgets that network. This stops your device from automatically reconnecting later without your knowledge.

  • On Windows: Go to ‘Network & Internet settings’, click on ‘Manage known networks’, find the network you want to forget, and click on ‘Forget’.
  • On MacOS: Go to ‘System Preferences’, then ‘Network’. Select the network and click the minus (-) button below.

A Personal Experience:

During one of my travels, I once connected to a free Wi-Fi network at an airport. Everything seemed fine until my device started behaving oddly. I wonder if I’d connected to a rogue hotspot, a fake Wi-Fi set up by someone with ill intentions. Thankfully, that didn’t matter; my VPN was on, acting like a protective shield and keeping my data safe.

space, cruiser, universe

Conclusion:

Navigating the digital world requires a blend of awareness, adaptability, and proactive measures. From rethinking our password strategies to slowing down and critically evaluating unexpected emails, it’s evident that a more mindful approach is the key to enhancing our online safety. Using tools like password managers not only eases the burden of remembering complex passwords but also offers an extra layer of protection against deceptive websites. Beyond this, recognising the subtle tactics employed in phishing attempts, understanding the importance of selective sharing on social platforms, ensuring our precious data is safely backed up, and utilising VPNs on public Wi-Fi are all crucial steps in creating a comprehensive defence against cyber threats.

Moreover, it’s not just about implementing measures but understanding the rationale behind them. We’ve seen that even conventional wisdom can sometimes fall short, and our personal experiences and insights often offer the most valuable lessons. Combining industry best practices with our unique experiences can create a cybersecurity strategy tailored to our individual needs.

In this digital age, where the line between our online and offline lives is increasingly blurred, it’s essential to remember that cybersecurity isn’t just a technical concern—it’s a personal one. By staying informed, questioning the status quo, and always being prepared to learn and adapt, we can ensure that we protect our digital selves and enrich our online experiences.

Mentoring

Coaching

Online Training