A quick guide to digital defense for the everyday person
A quick guide to digital defense for the everyday person
I was having dinner with a friend who travels often, going over some quick internet security tips. She’s not a technical person, and the more I tried to explain things, the more I realized how difficult it is for the everyday person to get a grasp on these digital dangers, not to mention the convoluted steps they have to take to defend themselves.
So I’ve assembled a quick guide to digital defense for her and the everyday person. I’ve tried to list them in order of ease and magnitude, so you can work them from the top down.
The two things you need to know before you start
Before you start, I need to explain two things. One is the difference between digital security and privacy.
Here’s a quick example: You can login securely to Facebook with an encrypted connection and 2FA. But then you reveal all of your innermost thoughts on Facebook and share your location in real-time wherever you go. That’s secure but not private.
On the other hand, you might have a Facebook account and not post anything at all. But you log into your account on public Wi-Fi over an unencrypted connection. That’s private, but not secure.
Knowing the difference will help you in your personal digital defense strategy. This guide focuses more on security than privacy, as digital privacy is another long discussion.
The second thing is that there is always a tug of war between convenience and security. An unlocked front door is the most convenient way to leave your home, but it’s also the most insecure. In the same vein, some of these tips will make your digital life a little more inconvenient. How much you’re willing to tolerate in order to protect your contacts, messages, files, photos, etc. is up to you.
A quick guide to digital defense
This is what I would suggest, in more or less this order.
1. Backup your devices
If you lose your smartphone, tablet or laptop to a disk failure, drop, malware or theft, you’ll want to have a backup of your files somewhere.
- Here’s how to backup macOS
- Here’s how to backup Windows
- Here’s how to backup iOS
- Here’s how to backup Android
2. Update everything
Update every digital device you own to the latest version of its operating system. That includes your smartphone, your laptop, your tablet, and your router. This isn’t so that you get the latest features, but because you’ll get the latest security updates.
If you’re running an old OS like Windows XP, seriously consider upgrading, as these older OSes are no longer officially supported. Plus, since you’re already at your router, encrypt your Wi-Fi with WPA2 if you don’t already.
- Here’s how to check for updates on macOS
- Here’s how to check for updates on Windows
- Here’s how to check for updates on iOS
- Here’s how to check for updates on Android
- Here’s how to check for updates on your router
- Here’s how to enable WPA2 on your router
3. Turn on 2-factor authentication everywhere
Turning on 2-factor authentication, or 2FA, requires you to enter both your password, plus a secret code sent to your smartphone, before you can log into a website. It’s more secure this way, because even if someone has managed to get your password, he or she won’t be able to log into your account without possessing your phone as well.
I suggest you enable 2FA wherever it’s offered, or at least for your key accounts.
If you’re savvier, enable 2FA on an authentication app like Google Authenticator, Authy, or 1Password instead of SMS, as SMS can be less secure. Frequent travelers might want to use apps for 2FA instead of SMS, as I’ve found that 2FA SMSes can get lost or delayed while overseas.
- Here’s how to set up 2FA on Amazon
- Here’s how to set up 2FA on Apple
- Here’s how to set up 2FA on Facebook
- Here’s how to set up 2FA on Google
- Here’s how to set up 2FA on Instagram
- Here’s how to set up 2FA on Outlook
- Here’s how to set up 2FA on Twitter
4. Create stronger passwords
Together with 2FA, create stronger passwords. And not just for your online logins, but for your devices as well. Ideally, I’d suggest you use a password manager like LastPass, because they can generate and keep very strong passwords, but using a password manager does require a learning curve.
5. Lock your devices
If you don’t already, please lock your smartphones, tablets, PCs and laptops with a PIN or passcode. The longer the passcode, the better. A four digit passcode has 10,000 possible combinations, a six digit passcode has one million.
- Here’s how to lock macOS
- Here’s how to lock Windows 10
- Here’s how to lock iOS
- Here’s how to lock Android
6. Install anti-virus
There are plenty of good paid and free anti-virus apps out there. Just remember to keep them running in the background so they can scan for constant threats, and be aware that even anti-virus software can’t protect you from everything.
- Here’s a guide to anti-virus apps for macOS
- Here’s a guide to anti-virus apps for Windows
- Here’s a guide to anti-virus apps for Android
7. Never click on links in email and messages
The main vector of attack is quickly switching from virus infections to phishing, where attackers send you links through email or messages, pretending to be an authority like Google or a friend whose account has been hacked.
By clicking on these links, you might be asked to enter your credentials and thus have them stolen. The worse kind of ‘drive-by’ attack doesn’t even involve any interaction, once you visit the site your device might be compromised.
Previously, I’d temper my suggestions to only ignore links that appear suspicious, but phishing attacks are so good these days that it’s hard to tell the difference between legitimate and malicious links. If the link and email look legit, you can always go to the site via your browser to.
8. Install the HTTPS Everywhere extension
The HTTPS Everywhere extension from the EFF forces your browser to connect securely to websites that support encrypted connections. You should know that this kind of security measure has been compromised before, but having the extension is still better than not.
9. Encrypt your portable devices
Encrypting your smartphones, tablets, laptops and portable hard drives make it incredibly difficult for thieves to simply copy your files over to their hard drives. However, you should also know that encryption is a double-edged sword. When you encrypt your device, you’ll need to remember your password and recovery codes, because if you lose those, there is no way you can recover your data.
- Here’s how to encrypt macOS
- Here’s how to encrypt Windows
- Apple devices running iOS 8 and above are encrypted by default
- Here’s how to encrypt Android
10. Use a Virtual Private Network (VPN) on public Wi-Fi
Since my friend travels a lot, I recommended that she use a Virtual Private Network (VPN) to connect to public and hotel Wi-Fi.
Whether or not to use a VPN is complicated. Websites and apps are getting better at sending encrypted data. WhatsApp, for example, does end-to-end encryption, so messages are protected by default. But you can’t be certain which sites and apps are sending data securely. On the other hand, it’s also true that you’re entrusting the VPN provider with your data, and it’s possible that they’re snooping on you.
Popular VPN providers include Private Internet Access and F-Secure Freedom. Big-name security companies like Norton also offer VPN. I use Cloak on iOS and macOS for its convenience; it automatically starts whenever it detects you’re on an unfamiliar network. If you still want to think about it, here’s a long and short answer as to whether or not you should use a VPN.
Lastly …
Never get complacent.
There is no perfect digital defense, and you can only become safer, but never 100% safe. Automate your backups, don’t wait too long before installing updates. Set up 2FA and passcodes, even if they delay your logins by a few seconds more. Avoid clicking on suspicious links, and don’t be lured by free Wi-Fi.
The unfortunate truth is that as technology becomes more intertwined with our lives, attacks also evolve and become more sophisticated. At the same time, the everyday person can’t be expected to keep up with the latest cyber attack news. I wish there were a better conclusion, but there really isn’t.