Cyber Question of the Month: How much cyber protection is enough?

Hello everyone.

Based on today's date, it is clear this article has taken far too long to complete and publish.  Although our readership is new and we are still just beginning, the length of time between new articles is definitely too long.  There are many reasons for this delay (i.e., small team, personal and professional circumstances, etc.); however, I am still deeply committed to this blog and its primary mission: to provide valuable, common sense cyber security advice, guidance, and protection to the most vulnerable of our society.

This next topic was suggested and inspired by a retiree within our social circle.  I did struggle with the length and depth of the article, but I truly hope the finished product will give you enough information.  Please let us know in the comments or contact us directly if I can further explain or expand on any of the statements below.

Happy reading!

Peter


How much cyber protection is enough?

For such a question - one that I've been asked a fair amount - you'd think there would be a straightforward answer.  Unfortunately, it isn't that simple, but I will try to answer this question to the best of my ability.

Part of the reason this question is so difficult to answer is the relative complexity of people's various wants and needs as it relates to their digital lives.  For example, we recently published an article about online banking.  Given the sensitive nature of online banking, a person looking to ensure their online banking experience is as secure as possible will likely go much further to accomplish that goal than a student who wants to use a web browser and the Internet to perform open source research for a school project.  Thus, a likely unpopular answer to this question is, it depends.

A person today who uses a computer to shop, perform basic research, online bank, communicate with friends and colleagues, and post on social media, will have a greater need for cyber protection.  What I'll try to do here is break down a number of scenarios for you and provide advice for each scenario in turn.  The hope is, you will identify with one or more of these scenarios.

But first, let's look at six defined ways you might use your devices:

  1. Web browsing: One of the most common uses of a computer today is to browse the web.  Whether it's searching for information, shopping online, or using social media, web browsing is a primary activity for many people.

  2. Email: Email remains a popular method of communication, both for personal and professional use.  Many people use email applications to manage their inbox and send messages to friends, family, and colleagues.

  3. Productivity: Computers are often used for productivity tasks, such as creating and editing documents, spreadsheets, and presentations, as well as managing calendars and to-do lists.

  4. Entertainment: Many people use their computers for entertainment, such as streaming movies and TV shows, playing video games, or listening to music.

  5. Communication: Computers are also used for communication, whether it's through video conferencing apps, instant messaging, or social media.

  6. Online shopping and banking: Online shopping and banking have become increasingly popular in recent years, and many people use their computers to make purchases or manage their finances.

Digital Life Scenarios

Here are a few real life scenarios that may combine the six defined ways in which people use their devices, as outlined above.  Following each scenario, I will describe a cyber protection strategy for you that considers the most important steps you should take to help prevent cyber headaches.

What should always be included in each scenario below is a "baseline" level of cyber protection.  This includes:

  1. Keeping all of your software up-to-date, especially security patches.  Don't forget about any native or 3rd party antivirus software. 
  2. Using strong and unique passwords when accessing your services.  You might consider using a "Passkey" if the option is available to you.
  3. Being suspicious of unsolicited email and never clicking on links or opening attachments from unknown sources.  You should also verify links, email, and attachments from known sources.

Let's begin.

Road Trip

On your road trip, you decide to use your personal digital device for navigation and mapping to find your way to your destination, while also using it to stream music and podcasts for entertainment.  Additionally, you use your device to take photos and videos of your journey, share updates on social media, and use travel apps to find restaurants and attractions along the way.

Among the various uses mentioned within the Road Trip scenario, what stands out most is the potential dependency on a digital device - such as a smart phone or tablet - to navigate and map your trip.  The availability of that device - in other words, its ability to maintain its navigational functions for your entire trip - becomes top of mind.  In this case, ensuring access to a reliable power source and cellular service provider would be the most important protective measure to take.  One way to reduce your dependency on the cellular service provider would be to download the maps locally on your device.  Leading map and navigational software will allow you to store maps on your device, storage levels permitting, which reduces its dependency on a persistent connection.  Your device's hardware should also be relatively new, perhaps 18 to 24 months since market release.

Student

As a student, you use your personal digital device for education purposes, such as taking online classes and using educational apps to study.  You also use your device for communication, using email and messaging apps to stay in touch with classmates and professors.  On top of that, you use your device for productivity, with note-taking apps and calendar apps to keep track of assignments and deadlines.

In this case, your device is likely larger, such as a tablet, laptop, or convertible.  Online classes may rely on web browsers, which need to be kept up-to-date.  Follow any auto-update instructions provided by your favourite browser frequently.  If there are additional software required to conduct your online classes, such as web browser plugins or operating system applications (namely Microsoft Teams or Google Meet), make sure you use the official download links provided by your educational institution or the service provider.  If you are using a device managed by the educational institution (i.e. not personal), the software and source used is often vetted and of less concern.

Apply the three baseline suggestions and for the most part, your student device experience should be drama free.

For social media use, review and configure privacy settings to control who can view your posts and personal information.  You should also enable two-factor authentication (2FA) wherever possible to add an extra layer of security to your accounts.

Freelancer

As a freelancer, you use your digital device for remote work, using video conferencing apps and collaboration tools to communicate with clients and colleagues.  You also use your device for personal organization, with to-do list apps and time-tracking tools to manage your workload.  Additionally, you use your device for entertainment during downtime, such as streaming movies or playing games.

This mixed approach to device use is common for freelancers and contractors.  In this scenario, it is especially important to ensure the confidentiality and integrity of customer and client information.  For all professional uses mentioned, such as video conferencing, collaboration, and communication with clients, follow the baseline protections.  You should also create separation between your work and personal activities on the device; this can be achieved by separating work and personal apps and accounts.  Try to use your device less for personal entertainment.  This will reduce your exposure to threats from your personal side that may impact your professional side.

Health-Conscious Person

You are a health-conscious person who uses your digital device for health and fitness purposes, such as a fitness tracker to monitor physical activity, and nutrition apps to track meals.  You might also use your device for communication, staying connected with workout partners and support groups through messaging apps and social media.  In addition, you might use your device for entertainment, such as streaming workout videos or listening to podcasts while exercising.

This approach to device use can be satisfied with the application of the baseline protections previously described.

Small Business Owner

As a small business owner, you might use your digital device for communication, using email and messaging apps to stay in touch with customers and vendors.  You might also use your device for productivity, with project management tools and accounting software to manage your business operations.  Additionally, you might use your device for e-commerce, selling products through an online store and using social media to promote your business.

Compared to the previous digital life scenarios, this scenario deserves more attention.

This digital scenario is near-and-dear to me, since it forms part of the basis and justification for the launch of my company.  In my opinion, small businesses receive far less attention - thus far less cyber protection - than deserved, especially when you consider their collective contribution to our economy.

Let's try to break this one down into smaller portions.

  1. Digital communication: email and messaging to customers and vendors

    Similar to the Freelancer scenario, follow the baseline protections.  Create separation between your work and personal activities on the device by separating work and personal apps and accounts.

  2. Project management, accounting, and business operations

    For productivity software, try to leverage Software-as-a-Service (SaaS).  This serves to shift the heavier cyber protection responsibility to the SaaS provider.  If this is not possible - whether because of budgetary constraints or otherwise - try to install your productivity software on a computer dedicated to business operations.  This separation helps to insulate your personal digital world (and practices) from your business world, given the assumption that personal practices compare less favorably when our businesses are at stake.

  3. E-Commerce, online stores, and promotion

    For e-commerce and online stores, it's imperative that you use a reputable website hosting provider.  Reputable providers tend to be open with their security practices, often dedicating time and space on their website to promote their secure cyber practices.  Never self-host!

    E-Commerce and online stores require the ability to protect customer information as it travels from their customer's digital device, across the Internet, and to the online store.  This protection comes in the form of cryptography, which ensures the information that passes between the two digital devices is kept secret until it safely arrives.  In order to achieve this transportation secrecy, you need to be sure either you or your hosting provider make use of something called "TLS", which stands for "Transport Layer Security".  In a nutshell, it is the mechanism that ensures all sensitive information exchanged with your customers is protected.  In order for TLS to function correctly for you, you or your website hosting provider will need a trusted identity or "certificate" that ties your website domain name - such as "your.onlinestore.com" - to a trusted certificate provider and your store.

    Once you can assure your online customers that their sensitive personal information will be protected when sent, it is important to use a secure and reputable payment gateway that will process payments for your customers in a trusted, established manner.

    For all user accounts associated with your e-commerce site or digital promotion activities, make sure you enforce strong password policies.  Instruct users to create unique and complex passwords, mandate regular password updates, and implement multi-factor authentication where possible.  If you have a choice, leverage "passkeys", which may serve to replace password use on your site all together.

    Keep your website's content management system (CMS), e-commerce platform, plugins, and other software up-to-date.  Regularly patch vulnerabilities to ensure that your site is protected against known security issues.  Make sure your website hosting provider also keeps their software up-to-date.

    Limit user access privileges to the minimum necessary for each role within your website.  If you can, implement "role-based access control" (RBAC) to ensure that your employees or team members only have access to the data and functionalities they need to perform their tasks.

    Regularly back up your website's data and configuration settings.  In the event of a security breach or data loss, backups can help restore your site and minimize downtime.

    Educate your employees and team members about safe online practices, such as how to recognize phishing emails, avoid suspicious links, and protect sensitive data.  Regular training and awareness programs can help prevent human error-based security breaches.

    Finally, have clear and transparent privacy policies and terms of service in place.  Clearly communicate to your customers how their data will be collected, used, and protected.

Parent

As a parent, you might use your digital device for a variety of purposes, such as communication with family and friends through messaging and social media apps.  You might also use your device for information and entertainment, browsing the web for parenting tips and using streaming services for family movie nights.  Additionally, you might use your device for productivity, with calendar apps and reminders to keep track of family schedules and appointments.

For the parents out there, in addition to the baseline protection, here are some tips to follow:

Review and configure privacy settings on social media platforms and messaging apps to control who can view your posts and personal information.

Enable two-factor authentication (2FA) wherever possible to add an extra layer of security to your accounts.

Be mindful of the information you share online, especially when it comes to personal and sensitive details.  Avoid sharing too much personal information publicly or with unknown individuals.

Teach your children about online safety, including the importance of not sharing personal information, being cautious of strangers online, and recognizing and reporting any suspicious or inappropriate content.  Supervise their online activities and consider using parental control tools or apps to set limits and protect them from accessing inappropriate content.

Regularly back up your important data, such as photos, videos, and documents, to a secure location or cloud storage.  This ensures that in the event of device loss, theft, or data corruption, you can easily restore your valuable information.

Set a strong password for your home Wi-Fi network and enable encryption (e.g., WPA2 or WPA3) to secure your wireless communications.  This prevents unauthorized access to your network and protects your data.

Stick to reputable app stores and do some research before downloading apps to ensure they come from trusted sources.

Traveler

As a traveler, you might use your digital device for a combination of purposes, such as navigation and mapping apps to find your way around a new city.  You might also use your device for communication, staying in touch with friends and family through messaging apps and social media.  Additionally, you might use your device for information and entertainment, browsing the web for travel tips and using streaming services for in-flight entertainment.

This digital scenario also deserves some extra advice and tips.

When connecting to Wi-Fi networks, especially public ones, be cautious and use only trusted and secure networks.  Avoid connecting to unsecured or open Wi-Fi networks, since they can expose your data to potential eavesdropping and attacks.  Consider using a virtual private network (VPN) to encrypt your internet connection and protect your data when using public Wi-Fi.

When using navigation and mapping apps, choose a reputable and trusted app from a reliable source.  Verify the app's authenticity and check user reviews before downloading and using it.  Be cautious when entering personal addresses or sensitive locations in the app.

While traveling, be cautious about sharing your location and travel plans on social media.  Avoid announcing that you are away from home, as this information could potentially be used by criminals to target your empty residence.  Adjust your social media privacy settings to control who can see your posts and be selective about accepting friend or connection requests from unknown individuals.

Avoid using public computers or charging stations for sensitive activities such as online banking or accessing personal accounts.  These devices may have compromised security or be infected with malware that could steal your information.  Instead, rely on your personal device or use a trusted mobile data connection.

When searching for travel information, tips, and booking services, use reputable travel apps and websites from trusted sources.  Verify the legitimacy and security of the platforms before entering any personal or payment information.

Enable device tracking and remote wiping features on your digital device.  In case of loss or theft, these features can help locate your device or remotely erase your data to protect your information.

Before traveling, make digital copies of important documents such as passports, IDs, travel itineraries, and reservations.  Store these copies in a secure and encrypted location, such as a password-protected cloud storage service or an encrypted USB drive.

Consider using security measures such as biometric authentication (e.g., fingerprint or facial recognition) or strong PINs/passwords to secure your device.  Enable automatic locking and set a short idle time before the device locks itself.  This helps prevent unauthorized access in case your device is lost or stolen.

Retiree

You are a retiree who uses your digital device for a variety of purposes, such as staying connected with family and friends through messaging and video conferencing apps.  You might also use your device for entertainment, using social media to keep up with news and trends, and playing games for relaxation.  Additionally, you might use your device for health and fitness, using fitness trackers and nutrition apps to stay healthy and active.

Our valued retirees tend to be from generations with less digital device comfort.  The baseline protections already provided can be augmented with these additional tips:

Review and adjust privacy settings on social media platforms and messaging apps to control who can view your posts and personal information. Consider limiting the visibility of your personal data to trusted individuals and friends.

Be cautious about sharing personal information online, especially sensitive details such as your address, phone number, or financial information. Only share such information on secure and trusted websites or with reputable service providers.

Before sharing news articles, stories, or information on social media, verify the credibility and accuracy of the source. Misinformation and scams can spread easily, so it's important to be critical and avoid sharing unverified content.

Download apps from trusted sources, such as official app stores for your device's operating system. Avoid downloading apps from unknown or unofficial sources, since they may contain malware or pose security risks.

Avoid using unsecured or public Wi-Fi networks when accessing sensitive information or conducting financial transactions. If necessary, consider using a virtual private network (VPN) to encrypt your internet connection and enhance security.

Regularly review your bank statements, credit card transactions, and other financial accounts for any suspicious activity. Report any unauthorized transactions or discrepancies immediately to your financial institution.

Make regular backups of your important files, photos, and documents. Consider using cloud storage or external hard drives to store your backups securely. This helps protect your valuable data in case of device loss, theft, or hardware failure.

If you play games or use apps that involve in-app purchases, be cautious about sharing your payment information. Stick to reputable platforms and review app permissions before granting access to personal data.

Stay updated on the latest online scams, security threats, and best practices for online safety. Stay informed through reliable sources - such as the White Falcon Blog! 😄 - and consider attending workshops or webinars on cyber security targeted at older adults.


That about does it for this post.  It's officially Summer here in Canada, but wherever you are I hope this article encourages safer practices in your digital scenarios!  Keep yourself and your family cyber safe, and stay in touch with us.  You can always register here to comment on any of our articles, or use our "contact us" form.  We are also developing a newsletter for the blog to make it a little easier to stay up to date with us.  Until the next time!

Peter

Comments powered by CComment