Tips on Cyber Hygiene and Awareness for Friends and Family

Recently, I had the personal thrill of directly seeing the influence I've had on my friends and family's cybersecurity knowledge and perspectives. I have long been “tech support” for my family and friends. In late 2013, when data breaches started making national news, I also became the “cyber security tech support” go-to person. Four different people shared their success stories with me. One was able to recognize a phishing email and simply deleted it. A second asked me about password vaults and installed one on her phone. The third shared how she is now using separate strong passwords for different systems. And the last updated their Wi-Fi router to better secure it. I was thrilled to have made a small difference in their cybersecurity perspectives! My suggestions to friends and family are focused on basic cyber hygiene and awareness, such as:

• Know how to create strong passwords. Strong passwords are at least 12 characters long and use a combination of upper and lower case letters, numbers, and if possible symbols. Make it something that you can remember, such as a phrase. For example ”I Love Scotcharoos” could be changed to” !<35cO7ch4ro0$” where Scotcharoos is not a dictionary word (it’s a type of cookie popular in the central US). Although I have used some simple substitutions like 5 and $ for the letter ‘S,’ I did not use the same substitution consistently. I tested this passphrase on https://howsecureismypassword.net/ with the result that it estimates it would take a computer 41 trillion years to crack it. Check out this blog post on how to create strong passwords that you can remember.

• In order to have separate security phrases, passphrases, passwords, or PINS for all the programs and systems that are needed for everyday work or home life, I strongly advocate destroying your sticky notes and replacing them with a password vault. If needed, you should also update your passphrases/passwords/PINs to increase the strength of each as described above. There are many no- or low-cost password vaults available for mobile phones and desktop computers. (Some come with web options for use on both types of devices). Check out PC magazine’s review of some of the most popular solutions.

• Whenever possible, use login methods that require multiple parts, such 2-factor or multi-factor components. This means you will need to provide something that you know (like a password), and either something that you have/can get (like a code sent via text message to your phone), or something that you are/do (like your fingerprint, facial scan, or how you walk).

• Update your Wi-Fi router to employ a username (something besides "admin") and a unique strong password. If it works for your household, update its settings to NOT broadcast its name (the SSID). If not, use an SSID that does not include your name or other distinguishing names; use a name that is applicable to anyone.

• Investigate the sender of each piece of email sent to you. If you place your mouse over the sender’s name, does it match who and where it claims to be from? If the email states that you need to take urgent action and respond with information that you would not give any Joe on the street, STOP, take a breath, pick up a phone, and call the sender’s home or organization. DO NOT immediately take the action requested of you, as it could be a scam.

Cybersecurity does not have to be scary or inconvenient. Just put these simple suggestions into practice as the first (small) steps towards a better, more secure digital life.