Before we begin, repeat after me:
Nothing is secure. If someone really wants my information, they can get it.
It’s a truth that will always exist. For every secure system, there’s someone who can break it. Simple as that. Now, let’s get on with the post.
Why should I be concerned?
Everything you do digitally has a fingerprint. Everything from your online shopping habits, your spending, and even the news you read all tells something about you. Based on your social media habits alone, I can estimate (with fairly high accuracy) when you will be home, and where you will be at various times of the day. I know when you’ve had a bad day, I know when you’ve had a good day, and I know when any life event occurs.
You might be thinking: “Well, that’s fine. I have nothing to hide”. That’s where you’re wrong.
Based on that information gathered from social media, I can also discover what foods you like, past online accounts you have had, who you bank with, and even personal things like where your children go to school. I can even use that information to gain access to essentially anything you own. Oh, your security question is your mother’s maiden name? That’s cute. I know that too.
But I’m not the bad guy. I won’t gut your phone shut off or re-route your calls to listen in on you. Frankly, I don’t care. I have better things to do with my time. However, there are plenty of people out there who do.
In all honestly, if someone targets you, there isn’t much you can do about it. This post isn’t about that. It’s about doing what you can to prevent yourself from general data gathering. If someone breaks down your door with a sledgehammer, your lock isn’t going to cut it but that doesn’t mean forego locking your front door.
Get a handle on the dumb stuff.
I won’t go into too much detail on these, but be sure you’re confident in them. If you have a question, don’t hesitate to ask in the comments.
Secure your network
Know what your security settings are what’s on your network. You’d be amazed at how many people have WPS enabled, are using WEP for encryption, or don’t have any security on their wireless whatsoever.
If you don’t know anything about this, Google is your friend. Or just ask your 10-year-old.
Solution:
Disable WPS and use WPA/2 on your wireless network.
Don’t postpone updates
Update all the things. Do you know why your computer is so annoying about updates? Because that update probably contains a fix for a potential security issue. Seriously, this is getting ridiculous.
Solution:
Update your fucking computer/phone/tablet/wifi-connected dildo/etc.
Piracy is bad, mmkay?
Stop being cheap and streaming movies/TV/porn/etc from piracy sources. Oh, you have a Fire Stick running Kodi on it with a few add-ons that let you watch whatever you want? Do you actually know where it’s connecting to? Did you actually write those add-ons and own those servers? I didn’t think so.
This isn’t even taking into account that most of these people who do this either:
A) Read a tutorial online and copy/pasted things that they don’t know anything about.
B) Bought the Fire Stick from someone who could now be using it to sniff your credit card numbers and watch you dance naked in your living room.
Solution:
Just rent the damn movie on iTunes for $3.99.
Use a VPN
Using a VPN is far easier than people think it is. Services like Cloak make it easier by just allowing you to install an app and click a button. There’s not a single reason you can give me for not using a VPN.
What is a VPN?
VPN stands for Virtual Private Network. Normally, network traffic works like this:
- You type in a website.
- Your computer talks to your router and modem.
- Your modem talks to your ISP (the people you pay for internet service).
- Your ISP talks to the website.
- The process reverses to send you what you asked for.
With a VPN, we add an extra layer.
- You type in a website.
- Your connection is encrypted so that nobody can see what’s there.
- Your computer talks to your router and modem.
- Your modem talks to your ISP (the people you pay for internet service).
- Your VPN decrypts your data and talks to the website.
- The process reverses to send you what you asked for.
With a VPN, all your ISP knows is that you sent something to a server. They probably have a good idea that it’s a VPN, but they don’t know anything else about it. They never see the website or what you sent. Even if they’re logging everything you do and selling it to the highest bidder (which they can do legally), it’s completely useless.
We live in a world where the “common folk” hear more and more about cyber attacks. Imagine if the wrong people got ahold of Comcast or Time Warner’s full database on logged details? I bet you wouldn’t be okay with that, even if you only check your email.
How?
There are plenty of reputable VPN services out there. No, don’t Google search for “free VPN”. If they’re not charging anything for the product, you’re the product. Spend a couple bucks a month for a quality service. Here are a few I recommend:
There are a ton of others out there. Just be sure to do your research and ignore pricing. Expect it to be around $10/month. The ones I have mentioned also have apps that are insanely simple to use, so you really don’t have any excuses.
Change and use unique passwords
A good rule of thumb is to use different passwords for absolutely everything and try to change them once in a while. For frequently used things, every 6 months is generally fine.
Why? Because if one account is compromised, and you use the same credentials, they all are. If you use the same password for everything, I only need access to one password to log into everything.
I’m sure you’ve heard about at least one security breach where you were asked to change your password. Do you think the people who got your passwords are going to use that username/password combination on just one site? Of course not. You just got yourself tossed on a list that will be used to attempt access to anything that’s targeted.
If you use the same passwords everywhere, chances are that someone will eventually get ahold of it and use it against you to access a different account entirely.
It’s not as hard as you think it is
Seriously, if my tech-ignorant mother-in-law can do this, you can. Password keychains are the solution.
Services like LastPass and 1Password allow you to create randomized passwords and store those passwords for you. Honestly, I couldn’t even tell you what 98% of my passwords are because I don’t need to know them. Whenever you set a password, all you have to do is save it. If you need to change it, just edit the entry. Hell, most of them already do that for you.
Use 2-factor authentication
What if someone still gets access to your current password? They still can’t get in if you’re using 2FA.
What is 2-factor authentication? Most simply, it’s a way for further prove that you are indeed you. Every time you successfully log into a service that supports 2FA, you’ll be asked to do something such as enter a code that was sent to you in a text message or check your email for a link. This means that even if someone was to access your login credentials, they would have to have access to your phone too.
It’s simple, and it’s secure. More and more services support it, and I can almost guarantee that all of your social media, financial, and email accounts are supported.
Block the bad stuff
Blocking of known ad-trackers and data gathering tools is fairly simple, and can be done directly from your web browser. I’m not going to go too deep into this, but here’s what I recommend:
Pay attention!
Just pay attention to things and try to make good decisions on what a secure choice is. It’s as simple as looking at a URL before you click on a link, or not using password123 as your email password.
There’s quite a bit more that I can cover here, and likely will in the future. Feel free to comment with any questions you may have, or subscribe to get any of the future posts I might write.