cyber-hygiene

title graphic for Cyber Security Hygiene

Background

For several years now I have routinely presented a series of cyber security tips to help people be safer both in their work and personal lives. Several colleagues and associations have suggested the tips are so useful that I should create an online version (perhaps even videos) for them. This series takes each of the tips from my presentation and attempts to recreate the information in article form. 

Please Note: There are quite a few individual tips. Most people will not do all of these things and that is not only ok but expected. The important thing to remember is that each and every one of these things you implement will make you more secure. Even just starting to do one of them will make you more secure. So I recommend that you look through, find things that are easy for you to do, and try them out. 

There are two types of tips: Proactive and Reactive, see below for details about each type of tip and how to interpret the info-graphic that accompanies each.

Proactive Tips

Example of an empty proactive infographic

Proactive tips help you be more secure before anything goes wrong. These are things you can do in advance and will reduce the risk of bad things happening.

Proactive slides have several parts. On the left is the title and a description of the action. It includes the tools, tactics and techniques you can employ.

On the top right are three meters. Implementation shows how difficult it will be start doing this. The interference meter estimates how much of an impact this action might have on your day-to-day activities. Finally the improvement meter suggests just how much more secure you will be after implementing the action.

There is also sometimes a bonus tip on the bottom right.

 

Reactive Tips

Example of a blank Proactive Tip Infographic

Reactive tips are things you can do when something bad has happened. These tips can help you work through and/or recover from a cyber security incident.

Reactive slides have three main parts. On the left is a brief description of the situation and on the right is a set of actions you can consider to deal with that situation. There is also the "Geek-o-meter" at the top-right that indicates how much technical background and knowledge you should expect to require in order to accomplish the suggested actions without assistance. 

 

Cyber Security Hygiene Articles:

Screenshot of the infographic for Think before you scan that QR code - Summary of content is in the article
Cybersecurity

Cyber Security Hygiene (Proactive) Think before you scan that QR code

QR codes have become mainstream (finally) and so we see them everywhere. Unfortunately, cyber-criminals are also looking to abuse QR codes to take advantage of placing too much trust in them. QR codes, by their nature encode information. This may be a link to a web site but it also may be code that joins you to a WiFi network, downloading an app, verifying information, creating a contact, sending an email or message, or dialing a phone number. Blindly scanning a QR code can be dangerous - think before you scan!
Screenshot of the infographic for MFA Fatigue - Summary of content is in the article
Cybersecurity

Cyber Security Hygiene (Reactive) MFA Fatigue

Imagine this situation, you're in the middle of something important... perhaps a meeting or a lunch out and your phone just keeps constantly sending you "push" notifications asking you to approve a login. (Push notifications typically come from some sort of app on your phone like Duo or your banking app) It's becoming really annoying because they just won't stop! The only problem is, you're not trying to login to anything right now. What do you do now?
Screenshot of the infographic for multifactor authentication methods - Summary of content is in the article
Cybersecurity

Cyber Security Hygiene (Proactive) Multi Factor Authentication

The benefit of enabling multi-factor authentication is that even if someone manages to get your username (which in many cases is your email address) and your password, they still don't have enough information to access your account and since the 2nd factor is ideally something that you have in your possession or are (a bio-metric) such things are very difficult from a criminal to get!
Screenshot of the infographic for protecting other authentication methods - Summary of content in the article
Cybersecurity

Cyber Security Hygiene (Proactive) Protect Other Authentication Methods

For the most part we can all easily understand the importance of securing our usernames and passwords. However it can be easy to overlook all the other information that can sometimes be used to access our accounts. From your email and birth date to sometimes seemingly innocent reference numbers. It's just as important to secure this information as it is to secure your password.
Information page about password vaults/managers (details include in article content)
Cybersecurity

Cyber Security Hygiene (Proactive) Password Managers

If you follow the rather important good practice of having a unique password for every account. You will immediately be challenged by the sheer number of different credentials that will be needed to authenticate with all these accounts. With these many hundreds of credentials (passwords etc...) you wind up with in our modern lives, password vaults/managers are effectively an essential. They also provide a host of other useful features. In fact, once you get used to having one it will usually save you so much time, you'll wonder how you ever lived without one.
Information page about unique passwords/passphrases
Cybersecurity

Cyber Security Hygiene (Proactive) Unique Passphrases and Passwords

One of the single most important good cybersecurity habits is to use a unique password for every different account. While the concept is simple, the idea of using a unique password for every single account may seem daunting if you have never done it before. Keep reading for more information about why this is so important and how to do it without breaking your brain!
Information page about the Stop, Assess, Plan, Proceed protocol
Cybersecurity

Cyber Security Hygiene (Reactive) SAPP

Knowing what to do when something goes wrong can be just as important as working to prevent it. Anyone who has ever worked in any sort of first responder role (medical, fire fighting, or in my case Search and Rescue) will be familiar with the idea of following a well practiced protocol as a means to take appropriate action when an incident occurs. One of these protocols called SAPP (Stop Assess Plan Proceed) is just as applicable to a cyber security incident as it might be in the search and rescue context.
cyber-hygiene