PERSONAL CYBERSECURITY

GOALS AND OBJECTIVES

To raise awareness among people about cybersecurity, empower them to be safe

online, and educate the next generation of the cyber workforce.

Objectives
● Increase awareness of cybersecurity.
● Encourage cyber security education and training.
● Encourage ‘cyber hygiene’ and personal responsibility
● Work with institutions and organizations in educating the people about
cybersecurity.
SOME GROUND RULES AND ASSUMPTIONS

● Everyone’s at a different place when it comes to security; start where you are.

● Personally, I’ve found a commitment to improving my personal security once

every year to be a helpful practice.

● Security decisions (sometimes) are a tradeoff with convenience. Your security /

convenience preference may be different than mine, and that’s okay. The
important thing is to make that choice consciously.

● What I’m sharing in this presentation is a security practice I’ve honed over the
past years or so. Doing this yourself may take time, but doing anything on this list
will help.
What is Cyber Security?

• Cyber Security is a set of principles and practices designed to

safeguard your computing assets and online information
against threats.
• Cyber Security is protecting yourself and others from attacks
that are carried out primarily with computers.
• The state of being protected against the criminal or
unauthorized used of data or the measures taken to achieve
this.
Personal Cybersecurity is a balancing act

★ Discussion Topics
- Why you should care
- Passwords
- Mobile: Secure your phone
- Links and Clicks
- Sharing
- Device Hygiene
- What to do if you are Hacked?
Why you should care?

1. Ransomware: It is predicted to get more frequent

- It costs money to regain access to your devices.
- It may cost irreversible damage to your personal data.
2. Stolen credentials can create financial risks.
- Bogus credit card charges
- Stolen Bank account balances
- Compromised Social media and email accounts
- Enabling attacker to extend further damage
3. Identity Theft can be used to take over victim's real life
4. Other Exposures
Passwords: Lock down your logins

● Let’s face it, We use passwords that are easy to guess, we re-use them across
sites, and we keep all sorts of terrible password practices.

● The first thing you can do to beef up your security is to secure the way you log in
online.

The risk: You use a password at a website to create an account. That website gets
hacked, and it turns out the company stored your password in plain text in their
database. If you re-use that password for another sensitive account (bank, social
media, email , etc.) an attacker can use it to access your other accounts.
Password Practices

1. Strong Passwords are your first defence against “attackers”

- A good password is a balance: It must be easy enough for you to remember,
and complex enough to guess.
❏ Your wife/childs name or your birthday are easily found online:
don’t use them as your password.
❏ Use a unique, random password consisting of 16+ characters for
each account.
❏ Include uppercase, lowercase, numbers, and characters.
❏ Manage the passwords with a password manager such as LastPass,
OnePass, or others (I use LastPass).
❏ Change all the passwords at least once in 6 months.
Password Practices

2. Implement 2-factor authentication (2FA) for all sites that offer it. 2FA adds an extra
level of security, often requiring an SMS message or code from your phone when
someone tries to login from an unknown device.

3. Have variations for different email accounts, bank accounts and applications like
- Summer$517 facebook.com
- Summer$985 amazon.com
- Summer$654 xyzbank.com
Keep Track of all your online accounts

The first thing to do when securing your logins is to get a comprehensive list of all the
places you have online accounts. This can be daunting, and can be upwards of 100+,
but this is the true scale of our online profile.
Places to look to:
➔ Your phone: every app you have probably has a login. Write it down.
➔ Your email: many of the places that email you have accounts.
➔ Chrome saved passwords: Google Chrome can give you a readout of the saved
passwords it has for you.
The risk: An online service account you no longer use has an old, insecure password
and stores sensitive data. This account may also belong to a website that has poor
security practices, and is vulnerable to hacking (especially if you’re not using it
anymore).
Mobile: Secure your phone

Most people do not know just how much personal data is sitting in their pocket, which
can easily be compromised. In this section, I go over several common topics that come
into play when securing a mobile phone( Iphone/Android)
Passcode
➔ Turn on your phone passcode (if you haven’t already) and add a secure
password of 6+ characters. Don’t use a repeating code like 222222 or simple
incremental code like 123456.
➔ Set the phone to erase after 10 failed passcode attempts are made.
Mobile: Secure your phone

Location Services (GPS)

Location services are the systems on your phone which provide GPS location access to
the apps on your phone. We often don’t consider the different ways that applications
use our location data, but if unchecked, this can leak more information than we intend
to tech companies who track our location, or through social media posts that attach
location information to what we share.
➔ What is the Risk?
Your location data can leak your home or work address.
Publicly shared location can signal to potential thieves that your home is
unoccupied.
Mobile: Secure your phone

➔ Some people like to turn location services off. If you prefer not to turn off
location services entirely, make an active choice as to what situations are
warranted
➔ Manage which applications should have access to your location, and when. Go to
Settings -> Privacy -> Location Services to see which apps have location services
enabled. It’s very rare that apps really need the “Always” setting, and most can
do fine with “While you’re using the app”
➔ Always keep a track on your location settings, sometimes when you install an
application on your phone the location automatically gets enabled and you will be
unaware of this.
Mobile: Secure your phone

Access to Contacts
Go to Settings -> Privacy -> Contacts to see which apps can access your contacts. For
me, this was way more than I wanted. I removed most of them. Not so much a security
concern as a privacy concern, but it’s personal preference.
What is the Risk?
➔ You start a social media account which you aren’t ready to publicly broadcast, but
your social media profile is attached to your contact list, and the social network
sends out a notification as soon as you setup the account to all other people who
you know on the network
➔ The social media site who stores your contacts gets hacked, and your contact list
becomes public.
Mobile: Secure your phone

Tips for Securing your Mobile:

➔ Guard Your Mobile Device. In order to prevent theft, unauthorized access and loss of
sensitive information, never leave your mobile devices unattended in a public place.
➔ Keep It Locked. Always lock your device when you are not using it. Use strong PINs and
passwords to prevent others from accessing your device.
➔ Update Your Mobile Software. Keep your operating system software and apps
updated, which will improve your device’s ability to defend against malware.
➔ Only Connect to the Internet if Needed. Disconnect your device from the Internet
when you aren’t using it and make sure your device isn’t programmed to automatically
connect to Wi-Fi.
➔ Know Your Apps. Be sure to thoroughly review the details and specifications of an
application before you download it. Delete any apps that you are not using to increase
your security.
Links and Clicks

1. While browsing or checking email avoid links and clicks from unfamiliar locations.
➔ Check authenticity of the link: for example avoid “facebok” instead of “facebook”
➔ Don’t click on questionable email attachments
➔ Avoid Phishing scams asking for personal information
➔ Never email your National ID number
➔ Threats to shutdown your account are highly questionable
2. Do not download unverified softwares or applications
➔ Download apps only from trusted sources
➔ Do not accept any offers online to scan your devices for virus.
Links and Clicks

3. Before connecting know the source of WIFI at places like Coffee Shops, Hotels,
Railway stations and Airports.
➔ Before connecting to a Public WIFI let’s say at a hotel check with the staff if
you are connecting to the correct network.
➔ Do not perform sensitive transactions while on a PUBLIC WIFI
4. For sensitive transactions look for only https webpages
Sharing

● Balance sharing with Privacy

● Why bother? With personally identifiable information one can steal an individuals
identity
➔ Name and address
➔ Birthdate
➔ Mother’s maiden name/family members name
➔ National ID number
➔ Places you have lived/vacations
➔ College/Career/Employer
➔ Attackers use a little information to gather more
Sharing

Be aware on Social Media

➔ Accept friend requests only from known contacts
➔ Adjust privacy settings on who can see your information easily
➔ A picture is worth a thousand words to an attacker
Common Risks
➔ Essentially assume that everything you post has the potential to become public.
Such is the nature of the internet: nothing can be taken back once it’s posted.
➔ Challenge others to know why they want your personal information.
➔ Think before you post.
➔ Analyze your online presence from the perspective of prospective employers or
clients.
Sharing

➔ Most social networks have privacy controls to allow you to control who can
view what types of content. Spend some time on each network to set the
privacy settings to what you’re comfortable with.
➔ Spam accounts are sometimes very convincing. Once people are in your
network, they are often connected to you in numerous ways.
➔ Social media profiles are fertile sources of personal information that
attackers can use hack other accounts, use in social engineering scams, or
other things. When sharing, consider how what you’re sharing could be used
against you.
➔ Always keep a track on what you post publically.
Sharing

Facebook
➔ Use the same password practices mentioned above when dealing with
Facebook (and all the social networks in this section). You can find this on
Facebook under Settings -> Security and Login.
➔ Essentially every settings page in Facebook is worth reviewing to ensure it
meets your privacy expectations. I’ll mention my opinions on a few specific
items here.
➔ Personally, I’ve restricted my posts to be viewed only by friends. If you do
the same, consider restricting your past posts to the same privacy group
with the “Limit Past Posts” option.
Sharing

Linkedin:
➔ Review the third-party apps that are authorized to access your LinkedIn account.
Remove the ones that are no longer needed.
➔ Check your public profile, and customize what people can view about you if you
aren’t connected.
➔ Decide if you want your contacts to be able to be viewed by the public, people in
your network, or only you. I’ve restricted contacts to only be able to be viewed by
me, to reduce people using my network for sales and marketing purposes.
➔ FYI, 2-step verification on LinkedIn is buried at the bottom of the Privacy section
for some reason. I almost missed it.
Sharing

Twitter
➔ Decide if you want your tweets to be protected or open to the public.
➔ Pay special attention if you’re making a previously-closed account public. You
may not have been so careful with your past posts if you expected them to be
private.
➔ The “Settings and Privacy” section of Twitter is worth spending some time in.
➔ Location information in tweets are a source of several security concerns. In
Settings -> Privacy and Safety, you can remove location information from your
tweets, and delete it from past tweets.
Sharing

Search Yourself
It’s a good practice to do a “background check” on yourself to see what you find. A
couple places to try:
1. Google
2. Yahoo
3. Bing
4. Facebook
Make sure there isn’t any information about you that is out of date. If so, attempt to
remove it. If the information comes from an out of date social media site you control,
you can attempt to remove the information or lock down the privacy settings.
Device Hygiene

1. Personal Computer/Smart Phone

➔ Use login passwords to prevent unauthorized usage
➔ Keep Operating Systems Current
➔ Softwares and applications uptodate
➔ Backup your data to other devices
➔ Beware that when you delete a video or photo from your devices, it may be
still backed up in the cloud.
➔ Use a good and well recognized full version Antivirus software.
2. Home Router
➔ Use a strong password for the Router
➔ Never share WIFI password with strangers
➔ Remember if the router gets infected all other devices also get infected
Device Hygiene

3. Smart Devices (Webcams, Voice activated Devices)

➔ Always change the default logon credentials
➔ Cover the webcam on smart devices
➔ Remember Voice activated devices are always listening.
What to do if you are Hacked?

➔ Take corrective action Quickly

For credit/debit cards:
➔ Contact your card issuing bank and block the card and request for a
replacement one.
➔ Change your account password and Pins
➔ Change other accounts which use the same passwords or Pins
➔ Check for any unauthorized charges
If your identity is stolen
➔ Check for any unauthorized charges
➔ Change all account password immediately
➔ Replace all your cards to a new one
➔ Notify the relevant authority
What to do if you are Hacked?

On your Computer and Mobile Devices

➔ Remove the computer virus. A antivirus software can help you find the virus and
destroy it.
➔ Update all your softwares. Download the latest updates for all the applications
and install immediately.
➔ Change all your passwords immediately.
➔ Logout from all websites/applications if you have have already not done so.
➔ If your computer is connected to a Network then immediately disconnect from
the Network so that the impact does not flow into the complete network.
➔ Consult a Computer Expert if things go out of your control