Protect Yourself at all Times: A Starter-Kit for Personal Cybersecurity
Freefolk of the interwebs, put your tin-foil hats on and indulge my paranoia for the length of this article, for what I am about to share with you might matter. A close friend of mine recently bought a $100 dollar bike lock for his $400 dollar bike, which he never leaves in un-surveilled public spaces. The irony is that to get a good deal on this bike lock, he used an ‘indie’ website, where he signed up with his usual all-purpose password. Of course this was done with the free wifi provided by the local coffee shop, from where he frequently broadcasts his location in exchange for dopamine-inducing emojis. Honest admission, I have fabricated most of the above to set the right context for this article. For one, programmers don’t have close friends. Having said that, the picture that I’m painting is not too far removed from reality for most of us. What I just described is a cybercriminal’s Disneyland, and by the end of this article, I hope any such behaviour will ring alarm bells in your conscience. Regardless of how unlikely a target you might consider yourself to be, it doesn’t hurt to err on the side of caution. Allow me to walk you through some basic personal cybersecurity practices that can minimize your chances of becoming a victim of cybercrime.
Password Management
My hypothetical close friend’s first mistake was to buy a bike. Biking is hard and there are lazier options to get around. His second mistake was to use the same password everywhere. While I am all in favour of recycling, passwords have an insignificant carbon footprint, and as such, you can lavishly create new ones every time you sign up somewhere. To create a strong password, I recommend gently rolling your head from side to side on your keyboard until you have a sizeable number of characters. Random and meaningless passwords are much harder to crack. Once you have such a password, there is the question of how to remember or store it. Unless you have access to radioactive arthropods that can infect you with long-term memory superpowers, try using a well-known password manager. Password managers offer secure solutions to store and backup your passwords. While there are many great premium options, I’d recommend KeePassX as a free and open source alternative. KeePassX is essentially just a layer of abstraction built atop an encrypted database file which is entirely in your possession. If you do use it, I recommend storing it on a secure cloud and syncing it to your local devices. I also suggest using a key-file and password to secure the database itself.
Virtual Private Networks (VPNs)
If you don’t know much about programming or cybersecurity but want to call yourself a hacker anyway, VPNs are the way to go. In layman’s terms, VPNs create a secure tunnel between you and a proxy server somewhere else in the world. This tunnel is then used to encrypt and redirect all your traffic. Let’s say you’re sitting in a cafe in Montreal and you use a secure VPN to connect to a server in India, any website you visit will now think you’re visiting their page from India, and any prying eyes trying to monitor your traffic via the cafe’s wifi network, or via your internet service provider’s logs, will have to work very hard to collect any meaningful data about your internet activities. This is a great way to stream what the rest of the world calls hockey, the kind played with balls on a field, without risking deportation.
Note that VPNs offer you anonymity and protection from passive surveillance, but they are by no means foolproof. I would recommend it as a first line of defence to deter passive surveillance and malicious entities intercepting your network, but it may not be enough to anonymize you entirely. For example, if a website stores cookies on your browser, it may still be able to identify you despite your VPN. There are ways to get around this, such as using incognito mode or a computer that has none of your personal data. In most cases however, it’s actually more convenient that your cookies and other local storage objects function as expected, even though your network traffic remains private.
When it comes to choosing a good VPN, I don’t suggest going with a free option. If you are receiving a service online for free, it is very likely that you are the product and not the customer. In the case of VPNs, this is especially important because your VPN provider will have full visibility of all your online activity, and it’s important that you trust both their intent and competence. While I won’t recommend any particular products, a quick search will unveil many great options at reasonable prices.
Two-Factor Authentication (2FA)
Two-factor authentication is a bit like flossing, everyone agrees that it’s a great idea and yet very few people actually do it. Revisiting my introductory example, while my ‘friend’ was logging in to his bike helmet retailer’s website, let’s assume that some ill-intentioned entity secretly videotaped him while he typed in his username and password. This entity can now go home, re-watch the video, zoom in and slow down on the bit when the credentials were being typed, and voilà! The sheer simplicity of executing such a cyber-attack makes 2FA all the more important. In essence, 2FA is a system by which your entry into a system requires two steps of validation. This could entail the combination of a password and temporary single-use code, fingerprint scan, or some combination of the sort. Fortunately, two-factor authentication is usually fairly easy to set up, and the service you are using will likely provide a free and secure way of doing it. Natt Garun on The Verge recently published a comprehensive guide to setting up 2FA for most major online services.
Software Updates
Let’s run through a hypothetical situation which happens more often than you’d expect. Say that the developers of your operating system are alerted of a critical security vulnerability on an online forum. Given the public nature of the alert, they know full well that it’s a race against the clock. The company puts together a task force of several selfless engineers, who sacrifice their weekend and drown the last vestiges of their sanity in energy drinks and coffee, just so that you and millions of other users are protected from malevolent hackers, who are probably working just as fast to exploit the vulnerability at hand. By Monday morning, they are able to push an update with a patch that neutralizes the vulnerability. This update then reaches your computer as a large pop-up notification, granting you the opportunity to protect yourself at no added cost. And what do you do? Rather than clicking the easily available ‘confirm’ button, you go out of your way to find the ‘remind me later’ button, while secretly hoping that the computer will forget to remind you. After all, you’ve become quite attached to the 26 incoherent tabs open on your web browser, along with all the other windows that are conveniently minimized for highly improbable future use.
The next time you find yourself in such a situation, I hope you will click ‘confirm’ immediately. If not for the sheer utility and time-sensitivity of software updates, do it for the poor engineers, who’d probably take it personally if they found out you skipped their update because you didn’t want to restart your computer during an internet meme binge.
Conclusion
Everything I have shared in this article can be considered baby steps in the right direction. If done properly, this can improve your chances of staying safe on the internet. While my advice may not be sufficient to protect you from organized cyber attacks targeted specifically at you, it will be enough to deter the digital equivalent of a common cold. If you intend on goading Anonymous or posting your political opinions on deep web forums, I’d suggest doing a wee bit more research. However, if you haven’t done any of what I’ve outlined so far, your first boss battle in personal cybersecurity will be against your own crippling laziness. To help you get started, I’ll summarize all my hyperbole and boil it down to four chores: use a password manager, install a VPN, setup 2FA everywhere, and update your software regularly.
*All XKCD comics on this page are published under a Creative Commons Attribution-NonCommercial 2.5 License.
Editorial reviews by Catherine Heim & Liela Touré
Want to work with us? Click here to see all open positions at SSENSE!
