The following tips are aimed at people with little experience in the IT security sector and are intended to make it easier to use the Internet safely. It will be explained why certain areas are relevant and how they should be addressed.

Passwords

Passwords are pretty much everywhere. They protect our private information. That is why it is important to know how to handle them securely. Your password for each account you have should be unique, long and not easy to guess.

Password Manager

As there is a large number of online accounts in use today and the requirements for secure passwords are increasing, it is worth using a password manager. A password manager can be used to generate passwords that meet today’s security standards. And since the only password you have to remember is the password for the password manager, a long and complex password can be chosen for it.

Have I been pwned?

There is a website called haveibeenpwned.com which checks if your email address is present in known password or data leaks. If so, you should change the password of this service as soon as possible. The website also offers the possibility to register, so that you will be notified in case of a newly discovered password leak. There is also a service on the website that allows you to search for individual passwords and see if they have already been found in a leak. This service should not be used, even if the operator of haveibeenpwned.com is trustworthy, the risk is simply too high.

Two-Factor Authentication / Multi-Factor Authentication

So far, passwords have been extensively discussed. Even if they are made more difficult to crack, they should not be the only protection you rely on. Because if you fall victim to a phishing attack and enter your username and password on an attacker’s website, the game is over. To further protect your accounts, two-factor authentication (2FA), also known as multi-factor authentication (MFA), should therefore be activated wherever possible. If possible, do not use SMS for this, as they can be intercepted. Use an app or use physical security keys. It is also important to note that once you have activated 2FA/MFA, make sure that you have securely stored the backup codes. These backup codes allow you to bypass 2FA/MFA protection if you lose your phone, or if it is broken or stolen. Otherwise you will be completely locked out of your accounts that are protected with 2FA/MFA.

Updates

Now that the user accounts are protected against unauthorised access. Let us turn to the topic of security of your own computer. One of the most important and also easiest measures to protect your own computer is to make sure that your computer is always up to date. This means that as soon as updates are available, they should be installed. With Windows in its default settings, you should already have a good basic setting.

Antivirus

Antivirus software is used to protect your computer from malicious code that could be executed. If you are using an updated version of Windows, it is no longer necessary to use additional antivirus software. Windows has its own antivirus program called Windows Defender, which has been greatly expanded in recent years. When Windows Defender is activated and all its settings are enabled, you already have good protection. If you are concerned about your privacy, you can disable the “Automatic sample submission” in the Windows Defender Security Center.

VPN (Virtual Private Network)

VPN is used to protect your online privacy. In particular, it will prevent your Internet Service Provider (ISP) from reading unencrypted content that you access on the Internet. Your ISP are the ones who give you access to the Internet. This is also why your ISP has so much power over your Internet traffic. Everything runs through your ISP’s infrastructure. And in many countries, ISPs are required by law to allow law enforcement agencies to monitor traffic.

In the control of all your internet traffic also lies the disadvantage of VPN. Because VPN only shifts the ability to partially read your Internet traffic to someone else, namely the VPN provider you choose. This means that you must be particularly careful when choosing your VPN provider. You must therefore find a provider you trust to neither store nor analyse your data traffic. The choice of a VPN provider should therefore be carefully considered.

Phone Security

Now that your computer is set up safely and you can surf online without hesitation, you should also take a closer look at the security of your mobile phone. This is only a small summary of the most important things, there is much more to explore. Your mobile phone should always have a code. If you have an Android device, make sure that your device receives the monthly security updates. How long and how often you receive updates depends very much on the provider of your Android phone. In general, Google publishes the updates on a monthly basis. If you have an iPhone, update it whenever new updates are available. Make sure you have disabled services such as Bluetooth, Wi-Fi, GPS and Internet if you don’t need them. Only install the apps you really need.

Information you share online

Now that the whole technical part has been discussed, one last issue should be highlighted. Make sure you know what you are sharing online and with whom you are sharing it. For all your social media accounts, check who has access to the data you have entered. The guide by staysafeonline.org you will find step-by-step instructions on how to enable privacy settings for many popular websites.

Conclusion

Implementing personal IT security is not only limited to protecting your own computer against viruses. It must also be ensured that your user accounts cannot be taken over by attackers. Secure passwords and two-factor authentication are used for this. Another important part of your own online security is also the awareness of what data is shared where and with whom online.

Further Links

If you want to delve deeper into the subject, these are the links that you should read:

• https://ssd.eff.org/: Surveillance Self-Defense; tips, tools and how-tos for safer online communications. A project of the Electronic Frontier Foundation (EFF), a non-profit organization defending civil liberties in the digital world.
• https://staysafeonline.org/stay-safe-online/: Learn how to protect yourself, your family and your devices with these tips and resources. A project of the national cybersecurity alliance.
• https://medium.com/@nickrosener/an-in-depth-guide-to-personal-cybersecurity: A very in-depth guide to personal online security with a lot of actionable steps that can be taken.
• https://us-cert.cisa.gov/ncas/tips: A collection of tips, tricks and information about IT security issues for non-technical computer users. Collected by the Cybersecurity and Infrastructure Security Agency (CISA), a part of the Department of Homeland Security.

About the Author

Andrea Hauser graduated with a Bachelor of Science FHO in information technology at the University of Applied Sciences Rapperswil. She is focusing her offensive work on web application security testing and the realization of social engineering campaigns. Her research focus is creating and analyzing deepfakes. (ORCID 0000-0002-5161-8658)

Links

• https://haveibeenpwned.com/
• https://medium.com/@nickrosener/an-in-depth-guide-to-personal-cybersecurity-be98ba47c968
• https://ssd.eff.org/
• https://staysafeonline.org/stay-safe-online/
• https://staysafeonline.org/stay-safe-online/managing-your-privacy/manage-privacy-settings/
• https://us-cert.cisa.gov/ncas/tips