Cybersecurity for Regular Folks: No Cape Required

These days, technology seems to be evolving faster all the time. While technology can bring ease and efficiency (and do lots of cool things – just see TIME’s list of Best Inventions of 2023 for some mind-blowing tech, my favorite being this actual flying car), it also creates new opportunities for our information to be stolen and used maliciously. This March, millions of AT&T customers had their private information, including SSNs and birthdates, leaked online after the information was stolen and held for ransom by hackers in a 2021 data breach. Back in 2017, the credit reporting agency Equifax was hacked and private information like SSNs, Driver’s License numbers, and home addresses for over 140 million Americans was leaked online.

               Though these are extreme examples of online privacy being violated, smaller-scale attempts to steal and exploit your data happen every day. Thankfully, there are many things you can do to enhance your online security, lowering the risk of a cybersecurity problem causing havoc in your life or finances. Here are 3 important best practice categories for preserving your security and privacy in the digital world (with a little help in the examples from my two-year-old daughter’s favorite things).

1. Passwords, Passwords, Passwords

Weak or re-used passwords are a hacker’s easiest way to access sensitive information, making them the most important piece of the digital security puzzle. Passwords should be a minimum of 12-15 characters (the longer the better) and consist of upper- and lower-case letters, numbers, and special characters. To increase the length, you could use a passphrase, like a favorite song lyric or quote, separating words with spaces, underscores, or dashes (ex. Bluey-is-my-best-friend). To make it even harder to hack, input the phrase backwards (ex. Friend_best_my_is_bluey).

Do not re-use passwords for multiple logins as hackers often use a password stolen in one place on as many other websites as possible to exploit password re-use. Even variations on the same password are more secure than an exactly re-used password (ex. Using G00dn1ght_G0r!lla! on one website and gOOdn!ght-gori11a?? on another). You might be thinking: those variations will be tough to remember!

Thankfully, password managers can remember for you. A password manager is a heavily encrypted, centralized place where all your passwords are stored virtually. Along with safe storage, it can generate new ultra-secure and unique passwords. You access your vault of stored passwords via a master password, which should be the longest, most complicated password you can think of (at least 20-25 characters).  Some of the best password managers on the market include Keeper, BitWarden, and 1Password. (We recommend staying away from your internet browser’s built-in password manager as they tend to be less secure).

A few other password best practices include:

  • If you suspect that you’ve been the victim of password theft, change the affected password immediately. Change your other passwords as well so thieves can’t use the stolen password in other places.
  • If you’re storing your passwords on pen and paper (not a bad strategy as that can’t be hacked), make sure you store them in a secure location such as a safe or lock box.
  • Since many password-reset options involve email, the password(s) to your email account(s) should be very strong (at least 20-25 characters). If email passwords are stolen, thieves can use your email to start changing your other passwords, quickly making the problem much worse.
  • You don’t need to change your passwords every couple of months if they’re already strong. Changing frequently can make passwords less secure by increasing the temptation to make them easy to remember, and thus easy to hack.
  • Only share your login credentials with people you trust absolutely.

2. Two Factors are Better Than One, They’re Twice the Fun!

Okay, they’re not actually twice the fun, but they are way more secure! Though it’s less convenient than only using passwords, we strongly recommend adding Two-Factor Authentication (2FA) to your website logins, if offered. 2FA significantly increases the security of your accounts by requiring a second step before allowing access. Often this means a hacker would need both your login credentials and your cell phone to access an account since your phone is used for most 2FA (via text messages, number codes, apps, or even biometric authentication like your fingerprint).

Another form of 2FA is the use of security questions, which prompt you to answer a question only you know the answer to. We recommend using special characters in your responses (ex. $es@me Str33t, instead of Sesame Street) and avoiding questions with answers that can be looked up (high school mascot, city of birth, etc.). Alternatively, you don’t need to answer the question appropriately, you could make up an unrelated answer instead (ex. Applesauce for Favorite Sports Team).

3. Good (Online) Hygiene to Keep Your Life Clean

A few best practices for your everyday online habits can make all the difference in keeping your information secure. Here are a few simple (and a couple more complex) practices that you can start using today:

  • Log out of apps and websites when you’re not using them, especially if you’ve logged in on public Wi-Fi or devices.
  • Set your browser’s settings to automatically create secure (HTTPS) connections to websites. Here’s a handy guide with steps for various internet browsers.
  • Consider switching internet browsers to one with more security and privacy features. A few well-regarded browsers include Brave, Vivaldi, or Epic .
  • Update your software when your computer prompts you to. New software patches are used to address security vulnerabilities so postponing updates puts your devices at risk.
  • Pay close attention when clicking on links in emails or downloading attachments from unfamiliar sources. These are frequently hackers’ attempts to gain access to your devices. For example, check the email address – not just the sender’s name. If you receive an email from “James Hill,” check to see if it is my Boardwalk email address (james@boardwalk-fs.com) or a clever variation meant to deceive you (like james_hill@boardwalkfs.com).
  • To avoid financial fraud, freeze your credit so no loans or credit lines can be opened in your name, only unfreezing it when you need to.

Online safety and security is something we must be constantly watching out for. Though we at Boardwalk are not cybersecurity experts, we are always looking for ways to further protect your financial life against disaster. Following the recommendations in this post will go a long way towards ensuring that you are confident in the safety of your personal and financial future.