Cybersecurity, as with cyberanything, can be an intimidating topic simply because all of that “cyber” stuff gets in the way. Cybersecurity is often treated as a technical support issue so advice on cybersecurity gets pigeonholed into the “if you have problem x, perform procedure y” format. This format necessarily leads to a very large collection of documents for all kinds of weird and highly specific topics, ultimately leading to topics that look like a card from Trivial Pursuit: Pointless Minutia Edition.
It’s been said for a while now that security is a process, not a product. So let’s focus on the process for bit.
1. Develop an Inventory
You can’t protect your assets if you don’t know what you’re protecting. If you’re worried about your health, you inventory your symptoms and key stats about how you live. If you’re worried about personal safety, you inventory your surrounding area and avoid the places where you don’t feel safe. If you’re worried about theft of online accounts, then, you should start by figuring out what accounts you have.
This may sound obvious but I’m willing to bet that a lot of people who got an email from LinkedIn to change their password likely forgot they even had a LinkedIn account to begin with.
Also, as with credit cards, you should also consider deleting accounts you don’t use. Sometimes (and rather unfortunately), some times won’t let you delete an account. In those cases, you should think about orphaning them – filling them with junk data (fake name, fake email address, fake everything) and then changing the password one last time to gobbledygook.
2. Monitor and Detect
This is still an area where service providers need to do some work so we’ll have to make do with what we have. For most folks, this is a double-edged sword: to monitor your accounts properly, you need to look through more information but going through the information you already have is tough enough as it is.
Services like Mint can help you stay on top of financial transactions and give you a fighting chance of catching fraudulent transactions. Credit monitoring remains an old standby to look for more general cases of identity theft. Some services like Gmail and Facebook can keep track of where you’ve been logging in from so you can look for suspicious activity. Like credit reports, the information can be hard to parse but it’s a step in the right direction.
Above all, though, the best way to stay on top of how your accounts are being used (or misused) is to use them frequently or, at least, make sure those accounts have a current email address (that you check) so you can stay informed about security issues.
3. Mitigate and Contain
Remember when I said you should have at least three passwords? This is why. It’s worth applying some logic to this process. For example, while it is definitely good to have a different password for every account where you have credit card information stored, at the end of the day, if one of those accounts gets hacked, you need to cancel your credit cards and re-enter your information on all of those sites anyway.
But, on the other hand, if someone hacks your Amazon account, it doesn’t make sense that they should also get access to your Facebook page, or your personal backups on iCloud, or all of your email. Grouping your accounts broadly and thinking of them as “zones” that you need to keep separate is a good way to approach this issue – e.g., shopping, bills & utilities, communication with friends, communication with coworkers, etc.
Also on the table: consider limiting the amount of data you put online. For example, you might have multiple credit cards but consider only using one for online purchases.
Security is a process (he said, as his audience groaned in disappointment). While I’d love to end this by saying “and now you’re done!”, all that would do is leave you with a false sense of security that is not only disingenuous but potentially dangerous.
Bad security is worse than no security. Bad security can lull you into complacency, which breaks the single most important component of cybersecurity: your own decision making. It may be frustrating to hear, but keeping in the back your head the idea that you are never truly “done” with cybersecurity is probably the single best thing you can do to make yourself safer online.