Personal Cyber-Savvy™ Intro Checklist
Use this as a guide to take you through the three levels of defender! These simple actions will make you MUCH less vulnerable to cybercriminals who want to steal your personal information and money.
If you complete these items and want to protect yourself beyond the basics, Contact Us and let us know!
Improve from Level 1 - NEW DEFENDER to Level 2 - SOLID DEFENDER:
These tasks take 5-10 minutes each.
Click the down arrow to expand each section.
-
This includes computers, cellphones, tablets and wearables! Lock these devices with a password or a biometric element like a fingerprint.
Why?Because let’s admit it. We’ve all left our phone in the presence of strangers before.
—Maybe on a desk at work while we ran to get water (2 minutes).
—Or plugged into an airport charger while we talked to our travel buddy (5 minutes)
—On a table at a party (10 minutes)
—Or in a cab that drove away before you realized (2+ hours)
It literally takes seconds for someone to access and alter your device if you have not set that initial lock screen. Think about all the sensitive and identifiable information you have on your phone: photos, emails, files, credit card numbers, mobile banking apps (that may “remember” your phone and not require a new login)… you get the idea.
-
Can you name (right now) the antivirus software on your computer? Phone? Tablet? If not, that either means that your devices don’t have current antivirus software, or that you haven’t configured the pre-loaded software (that sometimes comes on laptops.)
Need a recommended brand of antivirus software? We like Webroot, which is American made.
-
If you are not able to run software updates immediately, set a goal to run them within a week!
Why?
Software updates can be likened to Band-Aids that software companies send us to cover software holes that they have discovered in our systems/devices. They are often called “patches” because they literally patch up vulnerabilities.
If we do not run these patches quickly, cyber attackers can take advantage of the vulnerabilities to do things like:
-access our device
-see all data on the device
-watch our activity on the device
-steal valuable data from us.
-
Do not wait more than for years to replace your devices, even if they seem to be working well.
Why?
Many manufacturers stop “supporting” devices after 4 years, which means they stop sending software updates that are crucial to keeping your device protected.
Attackers can take advantage of this to launch attacks and access your devices/data!
We know it’s expensive to trade up devices, but it’s much less expensive than cyberattack or data theft!
-
2FA (Two-Factor Authentication) adds a second verification method beyond an alpha-numeric password. This is usually a PIN code sent by text or email.
2FA goes a LONG way in deterring criminals. Why? Because even if someone has your password, they will still not be able to log in without also having the second verification method.
How to get started with 2FA?
Step 1: Make a list of 5-10 of your most important digital accounts (e.g., financial, cloud backups)
Step 2: Visit each website, login and notice which sites require you to enter a secondary verification method after you enter your password. This means 2FA is already turned on!
Step 3: For the websites that did NOT ask you for an additional step during login, go into Settings (perhaps Security Settings) and find the place to opt INTO 2FA. It may just be a yes/no button, or it may ask you to select your preferences for text message or email message codes.
You've got this... keep going!
〰️
You've got this... keep going! 〰️
Grow from Level 2 - SOLID DEFENDER
to Level 3 - SAVVY DEFENDER:
These tasks take 10-30 minutes each
Click the down arrow to expand each section.
-
Subscribe to a paid VPN (Virtual Private Network) application for use when you need Internet access away from your home network. Think Starbucks, hotels, airports, or free wifi in public places.
Why?
VPNs allow us to:
—Keep our Internet activity safe from criminals who may be snooping,
—Block unnecessary (and creepy) website trackers and cookies
—Change which country our IP address appears to be in (if we want)
Want a VPN recommendation?
We recommend ProtonVPN (Swiss) or Mullvad VPN (Swedish).
-
2FA (from the Solid Defender list) helps tremendously with password strength, but for sites that do not offer 2FA…
Use passphrases instead of passwords for all of your important accounts! Think financial accounts, backup/cloud accounts, and photo accounts. And make sure each one is unique.
—Passphrase: multiple words or ideas strung together
—Long: more than 12 characters
—Unique: do not reuse the same password across accounts. Why? Because once attackers discover one of your passwords, they’d be able to access many different accounts!
**Most people don’t realize that length and uniqueness are the MOST important factors to a strong password. For instance, a passphrase with 30 lowercase letters (let’s say 5 English words strung together) is usually stronger than a 6 character password with capitals, special characters and numbers!! As long as the phrase isn’t well known or reused across many of your accounts. ;)
-
Run searches on Google, Bing, and other search engines to see what information is publicly available about you and your family!
Search on combinations of:
□ Full name
□ Previous names (e.g., maiden name)
□ Home address
□ Phone numbers
□ Company name
□ Associated groups (e.g., University, Volunteer organizations)
Why?
This is what many criminals will do first in an attempt to trick you in a social engineering scheme.
By learning what information is public, you can know not to trust a stranger who tries to use those pieces of information to validate themselves to you. For instance, you’d say “I know that it’s public knowledge that I was on my high school track team… so this caller saying we ran track together is probably not who they say they are!”
-
Now that you’ve Googled yourself, it’s time to take some of that information DOWN!
How? There are two methods.
Hard (free) way:
—Go to every website where your data appears, and contact the site administrators requesting your information be removed. Prepare to request multiple times… and wait…
Easy (low-cost) way:
—We recommend subscribing to Kanary, a reputable Seattle-based service that requests info removal for you! They also run monthly scans so you can quickly see what new information is popping up. While removal requests can still take some time, you can rest assured that professionals are chasing it down for you!
***Sign up with this OUTFOXM referral link for $10 off your third month!
www.thekanary.com/?outfoxm#sign-up
Impressive! Now can you make it to the end?
〰️
Impressive! Now can you make it to the end? 〰️
Finally, become an EXPERT DEFENDER:
These tasks take 30+ minutes each.
Click the down arrow to expand each section.
-
Password managers keep all passwords in a secure vault, so you don’t have to juggle them! You only need to remember a single “master password”.
Some important considerations:
—Only use reputable password managers. We recommend 1Password because it was founded by a prominent American security researcher.
—Ensure your master password is extremely long so it would take criminal software years to crack it. Think 40 characters!
-
When companies are breached, the data stored in their databases is often sold on the Dark Web. This can include things like our names, email addresses, phone numbers, credit card numbers, bank account numbers, SSN, and more.
After finding out which personal data is for sale on the Dark Web, we can change the passwords associated with any breached accounts.
How to safely search: (do not actually attempt to visit the Dark Web! It’s complicated and dangerous.)
Recommended site: “Have I Been Pwned” (pronounced “Pohnd”, rhymes with “owned”)
Step 1: Visit www.haveibeenpwned.com, and enter your email address in the search bar
Step 2: Take note of all companies listed on the red “oh no—pwned” screen. These are companies that had your information in their database at the time they were hacked
Step 3: Change the password associated with any company/brand you recognize on the red screen. (Hint: if there are some companies you do not know and do not have an account with, that’s normal. Companies share our data with each other.)
Step 4: Click the “Notify Me” tab to sign up for alerts when your email addresses are exposed in future company breaches
-
Change the default passwords that come programmed on your home WiFi router. This includes the password to connect to your home WiFi, and the password to configure your router.
Why?
The default passwords that come with our routers seem strong, but they are not! They are posted publicly in lists published by router manufacturers. This means attackers can easily look up the default passwords for your router model, log into your home network and watch all Internet activity!
To change both of these passwords you will need to access your router configuration webpage. Most people have never done this, so it may take a bit of work to find the first time.
□ Try typing 192.168.1.1 into your URL bar as if it was a web address, and click enter. (Note: enter the numbers and dots with NO spaces.) This may bring you to the log in page for the configuration site.
□ If that doesn’t work, check your router’s documentation or visit the manufacturer website for the correct URL
□ Once on the log in page, log in using the default username and password. These can be found on the sticker on your router, in your router documentation or on the manufacturer website. The default username is usually “admin”.
Once logged in, change the password needed to connect to your WiFi:
□ Find the WiFi tab or section of the webpage.
□ Locate the “WiFi password” field. Here you will be able to type in a new and unique passphrase.
**Remember, make it unique, and longer than 12 characters! 15+ is ideal.
Now change the default password for the configuration website itself so no criminals can log in as you.
□ Look for a “settings” or “administration” tab
□ Locate the “router password” field. Here you will be able to change the password.
**Remember, make it unique, and longer than 12 characters! 15+ is ideal.