Cybersecurity Basics: Protecting Your Digital Life

The Foundation: Passwords and Authentication

The Password Problem

Average person has 100+ online accounts. Most people:

• Reuse the same 2-3 passwords everywhere
• Use weak, easily guessed passwords
• Never change passwords
• Store them insecurely

One breach compromises everything.

Creating Strong Passwords

Bad passwords (never use these): ❌ "password" or "123456" ❌ Personal info (birthdate, name, pet's name) ❌ Dictionary words ("dragon", "sunshine") ❌ Simple patterns ("qwerty", "abcdef") ❌ Short (under 12 characters)

Good passwords: ✅ 12+ characters (longer is better) ✅ Mix of uppercase, lowercase, numbers, symbols ✅ Random, no dictionary words ✅ Unique for every account

Examples: ❌ "Sarah2024!" ✅ "Tr7$mK#9pLq2nX&4"

But you can't remember dozens of random passwords—that's where password managers come in.

Password Managers: Your Most Important Security Tool

What they are:

Software that securely stores all your passwords, encrypted with one master password.

How they work:

1. You create ONE strong master password (the only one you need to remember)
2. Password manager generates random, unique passwords for every site
3. Autofills login credentials automatically
4. Syncs across all your devices
5. Encrypts everything—even the company can't see your passwords

Recommended options:

1Password: $3-5/month, user-friendly, great security Bitwarden: Free (premium $10/year), open-source, excellent LastPass: Free tier available, widely used Dashlane: Good UI, more expensive

Avoid: Storing passwords in browser only (less secure), writing them down physically (can be stolen)

How to get started:

1. Choose password manager
2. Create strong master password (memorize this—it's the key to everything)
3. Add your most important accounts first (email, banking, social media)
4. Generate new strong passwords for each
5. Gradually migrate all accounts

One-time 2-hour investment protects you forever.

Two-Factor Authentication (2FA): Your Second Line of Defense

What it is:

Requires two forms of verification:

1. Something you know (password)
2. Something you have (phone, security key)

Even if someone steals your password, they can't access your account without the second factor.

Types of 2FA:

SMS codes (text message):

• Better than nothing
• Least secure (vulnerable to SIM swapping)

Authenticator apps (recommended):

• Google Authenticator, Authy, Microsoft Authenticator
• Generates time-based codes
• Works offline
• Much more secure than SMS

Security keys (most secure):

• Physical USB keys (YubiKey, Titan)
• Plug into device to authenticate
• Virtually impossible to hack
• Best for high-value accounts

Backup codes:

• One-time codes to use if you lose phone
• Write these down and store securely

Where to enable 2FA (priority order):

1. Email (your email controls password resets for everything else—most critical)
2. Banking and financial accounts
3. Social media
4. Cloud storage (Google Drive, Dropbox, iCloud)
5. Work accounts
6. Everything else

How to set up:

Most sites: Settings → Security → Two-Factor Authentication → Enable Follow prompts, scan QR code with authenticator app

Takes 5 minutes per account, massively increases security.

Recognizing and Avoiding Phishing Attacks

What is phishing?

Fraudulent emails, texts, or messages designed to trick you into:

• Revealing passwords or personal info
• Clicking malicious links
• Downloading malware

Common phishing tactics:

Urgency and fear: "Your account will be closed in 24 hours!" "Suspicious activity detected—verify now!" "You owe the IRS $5,000—pay immediately!"

Impersonation: Fake emails from "Amazon," "PayPal," "Your Bank," "IT Department"

Too good to be true: "You've won $10,000!" "Free iPhone—click here!"

Red flags:

🚩 Sender address doesn't match company (amazonn.com vs. amazon.com) 🚩 Generic greetings ("Dear Customer" instead of your name) 🚩 Spelling and grammar errors 🚩 Urgent threats or unusual requests 🚩 Links that don't match hover-over URL 🚩 Requests for passwords, SSN, credit cards (legitimate companies never ask via email) 🚩 Unexpected attachments

How to protect yourself:

✅ Never click links in unexpected emails ✅ Go directly to website by typing URL ✅ Hover over links to see actual destination ✅ Verify sender independently (call company using official number) ✅ Don't download unexpected attachments ✅ Enable email filtering (Gmail, Outlook have good filters) ✅ When in doubt, delete (if legitimate, they'll follow up)

If you clicked a phishing link:

1. Don't enter any information
2. Close browser immediately
3. Run antivirus scan
4. Change passwords (especially if you entered any)
5. Monitor accounts for suspicious activity

Securing Your Devices

Computer Security

Operating system updates: ✅ Enable automatic updates (critical security patches) ✅ Never postpone security updates ✅ Applies to Windows, Mac, Linux

Antivirus/Anti-malware:

Windows: Windows Defender (built-in) is adequate; Malwarebytes for extra protection Mac: Less essential but Malwarebytes still good Both: Common sense is best antivirus (don't download sketchy files)

Firewall: ✅ Keep enabled (usually on by default)

Encryption:

Full disk encryption protects if device is stolen:

• Windows: BitLocker
• Mac: FileVault
• Enable in settings—one-time setup

Smartphone Security

Lock screen: ✅ Use PIN (6+ digits), password, or biometrics (Face ID, fingerprint) ✅ Auto-lock after 30-60 seconds ❌ Never use no passcode or simple patterns

Keep updated: ✅ Install OS updates promptly ✅ Update apps regularly (patches security flaws)

App permissions: Review what apps can access:

• Location, camera, microphone, contacts
• Revoke unnecessary permissions

App downloads: ✅ Official app stores only (Apple App Store, Google Play) ❌ Third-party app stores or APK files (malware risk)

Lost/stolen phone preparation:

Enable Find My Device:

• iPhone: Find My
• Android: Find My Device

Allows remote lock/wipe if stolen

Public WiFi Safety

Public WiFi is insecure—anyone on the network can potentially intercept your data.

When using public WiFi:

❌ Never: Banking, shopping, entering passwords ✅ Use VPN (Virtual Private Network—encrypts all traffic)

VPN recommendations:

• ProtonVPN (free tier available)
• Mullvad
• IVPN

Avoid free VPNs (often sell your data)

Better: Use phone hotspot instead of public WiFi when possible

Social Media Privacy and Safety

Privacy settings:

Review privacy settings on all platforms:

Facebook, Instagram, Twitter, LinkedIn, TikTok:

• Who can see your posts? (Friends only, not public)
• Who can see your friend list?
• Who can tag you?
• Who can find you via phone/email?

Set to most restrictive unless you have reason for public profile

What NOT to share publicly:

❌ Home address or current location ❌ Phone number ❌ Full birthdate (used for identity verification) ❌ Travel plans ("I'm out of town all week" = burglar invitation) ❌ Photos with location tags ❌ Financial information ❌ Kids' schools or schedules

Accepting friend/follow requests:

Only connect with people you actually know.

Fake profiles are common—used for:

• Identity theft
• Social engineering
• Stalking
• Scams

If request seems suspicious:

• Profile created recently
• Few friends/followers
• Generic or stolen photos
• Immediate personal questions

→ Decline and report

Email Security

Email is often the weakest link—it's the key to all your other accounts.

Use strong, unique password + 2FA (already covered, but bears repeating)

Separate emails for different purposes:

Personal email: Friends, family, personal accounts Financial email: Banking, credit cards, investments (never give this out publicly) Throwaway email: Shopping, subscriptions, anything requiring signup

Benefits:

• Breach of shopping site doesn't compromise banking
• Less spam in important inboxes
• Easier to identify phishing

Email aliases:

Services like SimpleLogin or Apple Hide My Email create forwarding addresses:

• Give site "[email protected]"
• Forwards to real email
• If site sells your info or gets breached, disable that alias

Never click "unsubscribe" on spam:

Confirms your email is active → more spam

Instead: Mark as spam, block sender

Backups: Your Safety Net

Ransomware, hardware failure, theft, accidents—data loss happens.

The 3-2-1 rule:

3 copies of data 2 different media types (external drive + cloud) 1 offsite (cloud or drive at different location)

What to back up:

• Photos and videos
• Documents
• Financial records
• Important emails (export/download)
• Anything irreplaceable

Backup solutions:

Cloud:

• Google Drive, iCloud, Dropbox, OneDrive
• Automatic, always available
• Vulnerable if account compromised

External drives:

• One-time cost
• Under your physical control
• Requires manual backups (or scheduled automation)

Combination is best:

Daily: Cloud backup (automatic) Weekly/Monthly: External drive backup

Test your backups occasionally—ensure you can actually restore files.

What to Do If You're Hacked or Breached

Email compromised:

1. Change password immediately (from different device if possible)
2. Enable 2FA if not already
3. Review and revoke suspicious connected apps
4. Check forwarding rules (hackers often auto-forward emails)
5. Notify contacts (hacker may email them from your account)

Social media hacked:

1. Change password (and email password if same)
2. Enable 2FA
3. Review recent posts, delete unauthorized content
4. Check connected apps, revoke suspicious ones
5. Notify friends about potential scam messages

Financial accounts compromised:

1. Contact bank/credit card immediately (fraud department)
2. Freeze cards
3. Dispute fraudulent charges
4. Change all passwords
5. Monitor accounts closely
6. Consider credit freeze

Identity theft:

1. File police report
2. Contact credit bureaus (freeze credit)
3. File FTC identity theft report (identitytheft.gov)
4. Contact affected financial institutions
5. Monitor credit reports

Data breach notification:

If company notifies you of breach:

1. Change password for that account
2. Change password everywhere you reused it (why password managers matter)
3. Monitor accounts for suspicious activity
4. Consider enabling credit monitoring

Check if you've been in breach: haveibeenpwned.com (legitimate site)

Teaching Kids Cybersecurity

Kids need these skills too:

Basics for children:

• Never share personal info online (name, school, address, phone)
• Don't talk to strangers online
• Tell parent/guardian about uncomfortable interactions
• Don't click ads or download without permission
• Passwords are secret (even from friends)

Teens:

• Everything online is permanent
• Photos can be shared without permission
• Strangers online may not be who they claim
• Cyberbullying is real—document and report
• Privacy settings matter
• Social media oversharing has consequences

Parental controls and monitoring (age-appropriate):

Balance privacy and safety based on maturity level.

Cybersecurity isn't complex—it's about consistent basic practices: unique strong passwords stored in a password manager, two-factor authentication on critical accounts, skepticism toward unexpected emails and messages, keeping devices updated, backing up data regularly, and limiting public sharing of personal information. You don't need technical expertise, just discipline in following fundamentals that prevent 90% of attacks. Start today: install a password manager, enable 2FA on email and banking, and update your devices. These simple steps dramatically improve your digital security. Cyber threats are real, but protection is accessible. Take control of your digital safety—your future self will thank you.