Zero trust security basics
Personal Digital Security 101: A Guide to Online Security and Privacy
Digital security and privacy best practices
Digital security and privacy is critical for businesses and their employees, but it’s also extremely important for individuals in their daily lives outside of work.
You should follow digital security best practices on all of your personal accounts and devices, and whenever you go online, you should do so with the recommended safety precautions in mind. Cyber risk management only adds a few steps and considerations to your Internet usage, and it’s well worth it to prevent the emotional and financial toll of cyber attacks.
In order to feel confident every time you log on, you should educate yourself and everyone in your household on the basics of personal digital security. Here’s what you need to know about staying safe online.
What is cyber security?
The U.S. Cybersecurity and Infrastructure Agency (CISA) defines cyber security as “the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information.”
A vast majority of modern life relies on computers, smartphones, and the Internet, including communication, work, medicine, transportation, entertainment, and shopping. On top of that, a lot of our personal data is stored on our devices and online, from bank accounts to medical records to Social Security numbers.
This digitization of daily life has increased rapidly in the last few years since the beginning of the COVID-19 global pandemic, as have cyber threats. Cyber criminals are discovering more and more ways to exploit vulnerabilities and attack businesses and individuals, which is why it’s more important than ever to equip yourself with knowledge and stay one step ahead with protecting yourself.
Risks of poor digital security
While it’s appealing to think, “A cyber attack could never happen to me,” and take a passive role in your security — the truth is that anyone can be targeted by a cyber criminal. It doesn’t matter your financial situation. If a hacker sees a weak point in your digital footprint, they can and will exploit it.
The costs of poor digital security can be high. Your identity or credit card could be stolen, or you could lose money, have personal files or information stolen, have malware installed on your devices, have personal details leaked, or have an attacker use your accounts or devices to commit other attacks.
No matter what a criminal targets, a cyber attack can cost you in time and emotional energy if not money as well. Additionally, it can rob you of your peace of mind and can undermine your confidence in using the Internet, an increasingly necessary tool in our digital era.
Main digital security threats facing individuals
Here’s some good news: cyber attackers most often target individuals in known ways, meaning there are common ways to prevent them and warning signs to look out for.
Here are some of the primary digital threats facing individuals and how to prevent and spot them:
- Phishing and smishing: These types of attacks are commonly leveraged against individuals. “Phishing” refers to when criminals use emails or malicious website links to steal personal information. An attacker may send emails that appear to come from a reputable financial institution and that prompt the recipient to log in or provide account information, typically suggesting that there is some sort of problem with the account that the user needs to address. When the victim responds with their login or personal information, the attacker can use it to gain access to accounts and commit identity or credit card fraud. “Smishing” is a similar type of attack, but it’s carried out via SMS or text message rather than email.
- Malware: Sometimes, instead of trying to gain account access, cyber criminals perpetrating phishing or smishing attacks will send malicious web links that appear legitimate but that install malware when clicked. There are many types of malware — this umbrella term refers to any type of malicious software — but attackers typically use it to steal personal data that they can leverage over their victims for financial gain.
- SIM swap attacks: SIM swapping happens when criminals use one of a few methods to trick a victim’s cell phone provider into switching their number to a SIM card in their possession. Once they’ve done this, the criminal can then easily access any account that uses phone call or SMS verification.
- Credit card fraud: Credit card fraud occurs when criminals fraudulently access an individual’s credit card information to make purchases or steal funds. Cyber criminals can steal credit card information without physical access to the card, and they typically do this when information is leaked in data breaches or when people access their accounts on public or unsecured Wi-Fi networks.
Internet safety tips
The good news is that it actually doesn’t take too much effort to increase your digital security. It’s mainly just about being informed and aware. Following are the top tips for individuals to stay safe when they go online:
Be smart with your digital wallet
You should protect your digital wallet in the same way you do your physical one, but the threats are slightly different and more complex when it comes to digital credit cards and online bank accounts.
First off, any device on which you can access your e-wallet should have multiple layers of strong authentication — ideally at least one of which is based on biometrics.
Beyond that, never leave your smartphone unattended and never use your digital wallet, make online purchases, or log into bank accounts on public or unsecured Wi-Fi. On all mobile apps or sites on which you save your card information, use unique passwords and implement multiple layers of authentication when possible. Take a look at the permissions on your social media accounts, which may — unknown to you — have access to your financial information.
Finally, keep an eye out for data breaches, especially those that affect companies that may have your credit card details stored digitally. If a business that has your financial information is hacked, then your credit card information could be leaked, so it’s worth your while to stay informed as well as to change your passwords and monitor your account activity any time you become aware of a breach.
Implement strong authentication on accounts
In addition to protecting your digital wallet, you should implement multiple layers of strong authentication on all accounts and devices you use.
But keep in mind: Not all authentication is created equal. Whenever you have the option, choose biometric or app-based authentication, and always use strong, unique passwords. Avoid phone- and SMS-based authentication, as these can easily be targeted by SIM swap fraud. If you choose to add security questions on an account, be sure that you don’t post any revealing information online that could help criminals guess the answers.
Use good password hygiene
Strong and unique passwords are important. While it may seem over-the-top to use different, complicated passwords for every single account, especially with the many accounts most people have, it’s a worthwhile precaution to take. Reusing passwords makes it all too easy for cyber criminals to access multiple accounts if they target you, making it that much more likely that they’ll make away with money or personal information.
While it may be tempting to save all those unique, complex passwords on your device or browser so that you don’t have to remember them, this is also not a great idea, because devices can be stolen. You’re better off using a password manager — but even these have their own vulnerabilities, which is why always adding multiple layers of authentication is so important.
Finally, always change passwords when notified of a breach, and make a habit of updating passwords every few months. Digital security is all about being proactive, and these up-front investments in digital protection will pay off in the long run.
Think twice before you post online
Be careful what types of personal info you post on social media. Make sure you’re never posting information that could compromise any of your accounts — such as information that may help a cyber criminal answer your security questions. Even if your accounts are private, the internet is a public domain, and hackers have been known to access social media accounts through a variety of means.
Beware of scams
Be careful what you click on.
If a message seems too good to be true — like an alert that you’ve won sweepstakes you didn’t enter, an offer for a free vacation, or an easy-money scheme — it’s likely a scam. Even clicking a fraudulent link can be dangerous due to malware, so exercise caution. Better safe than sorry.
Additionally, look out for the warning signs of phishing and smishing, in which cyber criminals pose as a legitimate organization. Pay attention to the email addresses you receive messages from, the grammar in messages you receive, the URLs of links sent, and other similar details. If anything seems off, do not click links. And if you want to be as cautious as possible, then make a habit of always logging onto all accounts by going directly to the website you want to access rather than clicking through and logging on via links sent through email or text.
Look out for malware
Know the warning signs of malware so you can spot it if any of your devices are compromised. Here’s what to watch for:
- Your device slows down significantly or freezes
- Your device crashes or restarts itself abnormally
- You get locked out from logging on
- Your device suddenly has less available storage space
- Your antivirus software is disabled
- Your email or social media accounts are sending strange messages to contacts
- You receive unusual error messages
- You’re interrupted by frequent pop-ups
- You notice new icons or apps that you didn’t download
Back up data
Back up all of your data to the cloud to protect it in case of an attack. This way, if you are the victim of malware or if your device or accounts are otherwise compromised, you will still have access to your files and personal information. Take note: all backed-up data should be encrypted, and ideally stored in a decentralized network.
Monitor online accounts
Even if you’re taking all the above precautions, you should keep an eye on all account activity and credit reports, just in case. In the case that you are the victim of a cyber attack, the sooner you realize it, the sooner you can take action to protect yourself.