Many people think personal cybersecurity is complex, technical, and requires a background in IT.

In reality - it’s much easier than you think.

Personal security posture isn’t about being perfect, it’s about making yourself a harder target than the person next to you.

But it can get overwhelming with the different tools, apps, and scattered advice - often leading to inaction.

The classic “Paralysis by Analysis.”

I’m here to prove that through education and small efforts that you can keep yourself off the radar of malicious actors out there.

Key 1: Master the Basics

As I mentioned above, personal security posture is all about making yourself a more difficult target than everyone else.

Make yourself a target that’s not worth the time or effort.

Attackers go after the low-hanging fruit. I’m sure you’ve seen those phishing emails that left you thinking, “Who the hell would ever fall for this?”

Well then you’re not the kind of target they’re going after.

They’re going after the people who don’t think that. After all, if you were an attacker - why take time going after a target who requires three times the effort when you could compromise three low-effort targets in that same amount of time?

In order to not be that easy target, you need to master the Core Basic skills:

1. Behaviors

2. Password Hygiene

Practicing secure Behaviors means taking that extra second to think before you click that random link, before you download that file, before you login to your account on a strange new site.

If you can get into the habit of asking yourself:

• Is it too good to be true? - It probably is.

• Is this message trying to rush me into something? - They probably want something out of me.

Then you’ll be in good shape.

The second category is commonly overlooked but extremely powerful - Password Hygiene. This encompasses two main practices:

• Use Different Passwords for All Accounts: While mildly inconvenient, using different passwords everywhere limits the blast radius if an account of yours ever does get hacked into.

• Use MFA Whenever Possible: This is easy to set up, and will solve 99% of problems if an unauthorized actor tries to access your account. Just don’t click on the MFA approval unless you’re expecting it.

Password hygiene is the easiest way to ensure you keep control over your accounts.

Key 2: Leverage the Essential Tools

Tools will take your security to the next level after you’ve mastered the basics.

Using a basic suite of tools can automate a lot of security protections, simultaneously increasing your personal security posture and making your life easier.

But they’re only effective if set up and used correctly.

Must Haves

• Password Manager: Password management tools are essential for practicing proper password hygiene. Not only do they let you store your passwords securely, but will also auto-input them for you on sign in pages. They can also help you auto-generate passwords using random strings to decrease the odds of your password getting brute forced. Avoid writing passwords in notes, apps, notebooks, or excel sheets.

• Endpoint Antivirus: Machines generally ship with free options, but premium antivirus options are the way to go if they fit in your budget. Not only will you protect yourself against malicious downloads and ransomware, but the premium price is worth the peace of mind.

• MFA Apps: On theme again with password hygiene, MFA Apps will allow you to receive a push notification to verify your access. Opt for free options like Authy, Google Authenticator, or Microsoft Authenticator when supported. SMS MFA isn’t considered as secure as these apps due to the rise of SIM swapping attacks.

Nice to Haves

• VPN: A Virtual Private Network (VPN) encrypts your internet traffic to protect you against snooping. Use this when traveling or connecting to public networks. Or, just avoid unfamiliar networks in general and opt to use your personal hotspot.

• Secure Browsers: While not essential, you can opt for a more privacy focused browser like Brave, Firefox, or Tor. Whatever you choose to use, still be weary of extensions you install.

• Ad Blockers: Not only will you enjoy surfing the web in an Ad-Free fashion, but you’ll also protect yourself from potentially malicious ads.

Leverage tooling to make your life easier, and to secure your digital footprint.

- Today’s Sponsor -

Navigating personal digital security can feel overwhelming. SecuriBeat makes it easy by breaking down complex security practices into simple, actionable steps so you can build confidence in your cybersecurtiy decisions. Use the Security Dashboard to visualize your footprint over 15+ categories, understand your risk level, and track your progress over time. Take control of your digital footprint today.

Learn More

Key 3: Become Familiar with Common Social Engineering Attacks

Social Engineering attacks are the primary attack vector malicious actors will use to exploit you.

Make sure you’re aware of these popular attacks so you can recognize them before they happen:

• Vishing (Phone Calls)

  • What It Looks Like: Someone calling you pretending to be your bank, asking you to verify your information.

  • Tip: If someone calls you asking for information, it’s 99/100 times going to be malicious. Ask to call back instead, look up the number for the organization online, and call back. This should be no problem if it is legitimate. Never give out MFA codes, security questions, balance amounts, or your social security number over the phone.

• Job Scams

  • What It Looks Like: Scammers contact you with a too-good-to-be-true job offer.

  • Tip: If it’s too good to be true - it probably is! Be weary of jobs offering high weekly/monthly pay after requiring you to transfer money for training materials or for an initial investment.

• Phishing (Email) / Smishing (Text)

  • What It Looks Like: Messages urging you to click a link to fix an issue or to take immediate action.

  • Tip: Always verify the sender and avoid clicking links. If you truly believe it’s urgent, navigate to the website directly before logging in.

Recognition of a social engineering attack is the easiest way to defend against them. Always be overly cautious in scenarios regarding money or your personal information.

Key 4: Understand Your Digital Footprint

Your digital footprint refers to the information you’ve shared about yourself online.

Attackers can leverage Open-Source Intelligence (OSINT) techniques to learn about you and tailor attacks directly to you.

Understanding your digital footprint boils down to one key practice: Think before you post.

Oversharing is how attackers can learn more about you in order to tailor a social engineering attack directly to you. Be weary about who you let follow you, and be intentional about the information you share online.

Avoid any sensitive information.

This includes your location! Refrain from live posting where you are as it can be used to target you.

It’s good practice to regularly review your account privacy settings to ensure they align with your intentions (Public vs Private profile) and to check for any potentially new features available to you.

Key 5: High Value Targets

While this Key is tailored toward readers who are at higher risk of being targeted (executives, journalists, activists, public figures), it can still be utilized by people looking to take their personal security to that elite level.

People who hold high ranking positions that deal with sensitive data will be more appealing to attackers.

How will they figure this out? Well, that’s easier than you would think - LinkedIn.

High ranking professionally generally have public facing profiles, making assessing their attack surface much easier for malicious actors.

In order to protect yourself even more, here are some recommended advanced steps you should take:

• Use a Yubikey: A Yubikey functions as hardware-based MFA. They require possession of a physical device, and some also require additional biometric verification - making access to your accounts from a remote location nearly impossible.

• Use Advanced Monitoring Services: Services like HaveIBeenPwned and Delete me can help you monitor your accounts for data breaches and to remove your PII from data broker sites. This can both inform you about what information of yours is out there, and also facilitate the deletion of your data being sold.

• Be Extra Cautious of Whaling: Like most things in cybersecurity, education is the most effective weapon against attacks. Knowing that you’re a target for attacks that could be tailored specifically towards you is the first step to preventing them.

Just because you don’t consider yourself a target for spear phishing, doesn’t mean you shouldn’t take that extra step to be more secure.

—-

Remember, Security is a journey, not a destination.

It’s not about achieving perfection, it’s about reducing your risk over time.

Start small - lock in the basics, leverage recommended tools, and stay vigilant against social engineering.

I wanted to find an easy way to help people with monitoring and improving their personal security posture, which is why I created SecuriBeat - the sponsor of this article.

SecuriBeat is a tool that will break down security practices into simple, actionable steps. The priority rankings will help you clearly understand what actions will have the highest impact.

You’ll be able to visualize your personal security posture and track how you improve over time using the SecuriBeat Dashboard.

Plus, there’s a curated list of software recommendations (unsponsored, based on my own preferences and research) to meet any budget - including free.

Security doesn’t have to be overwhelming. Small steps over time can make a big difference.

Stay proactive and stay secure!

Securely Yours,

The Cybersec Cafe

Just a heads up, The Cybersec Cafe's got a pretty cool weekly cadence.

Every week, expect to dive into the hacker’s mindset in our Methodology Walkthroughs or explore Deep Dive articles on various cybersecurity topics.

. . .

Oh, and if you want even more content and updates, hop over to Ryan G. Cox on Twitter/X or my Website. Can't wait to keep sharing and learning together!