Six Cybersecurity Best Practices For All Online Users

Use Strong Passwords

Utilizing strong, unique passwords is the essential building block of cybersecurity best practices -- and it is free and easy! Be sure to use a different password for every website login and on each device. This adds a layer of protection to you in the event that a malicious actor gains access to one of your logins -- if you had used the same username or email and password combination for all of your accounts, a hacker who breaches one company's data now has access to all of your data. Bonus tip: It can be intimidating trying to keep track of all of the unique passwords we create, which often deters people from veering too far from their favorite alphanumeric combination; however, there are free password databases out there that you can download to your device and store your unique passwords within. This way, the only password you must remember is the one associated with the password database.

Only Connect To Secure Networks

Be sure to only connect your devices to secure, trusted WiFi networks so that you can prevent creating a wide open door for a malicious actor to come in through. A major security vulnerability is presented to a user when they connect to public WiFi at a store or a restaurant -- while it is a nice gesture of the business to offer such a service, the password is likely plastered all over the walls and anyone in the shop could connect. Though we all would like to live in a world where a hacker isn't lurking in the same coffee shop as us, we have to protect ourselves by not even remotely exposing ourselves to the potential of another person gaining access to our devices. If you have a phone which has a hot spot on it, you can turn this on as your own personal WiFi hub wherever you go. Be sure to create a unique password for this login so that no other patrons of a local bookstore or restaurant can guess your password and use your secure network.

Utilize Multi-Factor Authentication Whenever Possible

As mentioned previously, password hygiene -- or the use of strong passwords -- is an essential building block of being and staying cybersecure. To add onto this even further, most sites today also offer the use of two-factor or multi-factor authentication; multi-factor authentication is when you use your username and password login, as you traditionally would, but you also get another means by which to verify that you are the legitimate user of the account which you are trying to login to. This is typically a 4-6 digit code sent to either your associated phone number or email address that you likely used when creating the account. This helps to prevent a cybercriminal from gaining access to your account even if they have somehow obtained the password to it. When they try to login using your account information, they will be prevented from doing so because you will receive a message containing the code that you would use to login - when you realize you did not try to login, you can stop the malicious actor in their tracks.

Backup Your Essential Data

In the unfortunate event that you potentially are affected by a cyber attack, it is important to have your essential data saved somewhere separate from your devices so that you do not lose your vital information, precious memories, and more. A good way to do this as an individual is to have an external hard drive which you can connect to your laptop to update with new data and then disconnect and store somewhere safe. This adds an additional layer of protection so that your data, if compromised, is not lost forever. It also can be a good rule of thumb to do this in case your device is stolen, breaks, or something else happens to it. If you would regret losing it, it is best to save that data twice.

Update Your Devices

Devices have been mentioned a lot so far -- we use our laptops, phones, work computers, VR headsets, gaming consoles, tablets, and more every single day. These devices hold on them some of our most personal information that we would prefer to keep private. Manufacturers of our devices will often put out new software updates as they improve their device security approaches or find flaws in old software that they want to update and protect users against. It can seem tedious, but be sure to read the high-level description of what a update will provide for you and update your devices accordingly once a new update is available. This will ensure that you are as protected on your devices as is possible for the given device.

Beware Phishing Scams

You can have the most up-to-date devices with the best passwords possible, but if you click a link in a phishing email, all of that is for naught. Phishing scams are messages from malicious actors who are pretending to be reputable, legitimate people -- either friends, family, companies, etc. -- where the cyber crook has the goal of duping the recipient of the message into clicking a link or providing private information. These emails are fairly easy to spot, but cybercriminals are constantly working to make their scams more and more deceiving. Typically though, there are three major areas where the phishing emails differ from a legitimate communication: (1) sender's email, (2) odd or poor grammar, and (3) an immediate demand or quick timeframe to do something. The email in the from section will often be close to whomever the cybercriminal is trying to pose as, but not quite the right email. For example, if a person is trying to look like a Walmart executive they might pose as Joe Smith whose email is joesmith@walmart.com, but the cybercriminal's email address is joesmith@wallmart.com or joesmith@walmart.net. Close, but not quite right. Because phishing scams are often poorly put together or sometimes sent but individuals who do not speak fluent English, grammar is often poor or the phrasing of things is odd for the context of the email. Lastly, a phishing email will typically have a link with it that has an immediate need for you to click on it based on the content within the email. This threat or demand to either send information or to click the embedded link within the email is a clear indicator of a phishing scam. If you are unsure if an email is a phishing scam or not, try to use the logic of the multi-factor authentication tip from before and contact that individual in a different manner -- phone call is usually best if you can do that. Confirm with them that they actually sent an email with the content of the email verified before clicking a link; it may seem like extra work, but it is minimal compared to the stress of trying to clean up the mess that follows falling for a phishing scam.

Image by Racool_studio for Freepik.