Practical privacy and simple cybersecurity.
TheNewOil.org

Cybersecurity 101: A Guide to Staying Safe Online

Today is Computer Security Day. While not a high profile holiday, I of course can’t miss the opportunity to bring it up because in our increasingly digital world, cybersecurity likewise becomes increasingly important. Nearly everything in our lives are now basically repurposed computers: phones, TVs, even cars, washing machines, and more. Many a privacy enthusiast has decried the growing difficulty of finding a “dumb” product that isn’t internet connected from TVs to light bulbs and even toys. For better or worse, it seems that we are moving into a world where everything is internet-connected, and we may soon have no choice but to focus on harm reduction rather than avoidance. As such it’s important we take a moment to go back to the basics and talk about the best ways to secure our computers of all kinds.

Avoidance

I know I just said that avoidance may not be an option for much longer, but at least for now, in many cases, it is. While dumb TVs and offline cars are harder and harder (or impossible) to find, dumb light bulbs, thermostats, and appliances remain plentiful. Even many things that are smart don’t require you to connect them to make use of their basic functions. One of my TVs, for example, will refuse to function as a smart TV if I reject the Terms of Service. Sounds like a great way to turn it into a dumb TV if I wanted to.

Another possible solution if the devices you get do require a connection – for example, to an app to set up or configure them – is to put them on an offline network. For example, you can take an old (or cheap) router and set up a completely separate IoT (“Internet of Things”) network that’s not connected to the internet and use that to control your devices without fear of them connecting to the internet and posing a privacy or security risk. (More tech-savvy readers can also create an isolated section of the network by blocking all traffic to or from specific devices or by creating a subnet and blocking all traffic on that subnet. Lots of possibilities.) Regardless, unless you’re buying something with the intention of making it smart, I would encourage you to consider ways to use it offline rather than just saying “may as well since it can.”

Update, Update, Update

By a wide margin, the single most important thing you can do to protect your digital devices is to keep the updated. Updates – especially for IoT devices – often include critical security or bug fixes. Sadly, most things outside of computers and phones just don’t do automatic updates these days, assuming they get updates at all. For your computers and phones, be sure to enable automatic updates everywhere you can: in the device settings, in the app stores, etc. For IoT devices – including routers – check before buying to see if the manufacturer supports updates, for how long, and how they work. There are people and organizations are raising the awareness around this issue, but there’s still a long way to go. Regardless, it’s worth taking the time to do even some basic research on this topic prior to purchase. You can also reach out to the company directly if you're having a hard time finding a clear answer. If they don’t reply, that is an answer of sorts (which I would interpret as “screw your updates”). If devices offer automatic updates and a long support time, that’s great!. Even if they don’t offer automatic updates, you can set reminders to check periodically. Try to stick to devices with guaranteed support if you can. (Sadly this often means opting for a pricier device, but don't just assume that an expensive product guarantees support.)

Secure Your Accounts

By far the biggest method of compromising any system seems to be – from what I can tell – account compromise. This can take many forms, including phishing, but can also be as simple as reused passwords or common passwords. The best ways to protect your accounts – and thus devices – from compromise is to use strong, unique passwords, enable two-factor authentication where possible, and to be careful what links you click or software you download (including extensions, plugins, and apps).

Keep Backups

Quick! Imagine this: your computer/phone/etc just blew up suddenly. Aside from the obvious immediate concerns like “is everyone/everything safe?” and “what's my replacement plan?” take a moment to consider your data. Would you lose any photos? Any messages? These days backups aren’t really talked about as much because everyone mostly operates in the cloud – at least on mobile devices – but I do still think it’s worth talking about for a couple reasons. First off, most privacy advocates are less likely to use the cloud due to security and trust concerns. Even the best clouds can be susceptible to hacks, bugs, and data loss. Second, most people don’t use a cloud on their computers in the first place (not knowingly, at least). Despite that, having a cloud could be a convenient part of an effective backup strategy, though it’s important to pick a good one that respects your privacy and not just go with defaults like Google Drive, Dropbox, or iCloud. For more information on backup solutions, see here. While not strictly a security topic, I still think backups are underrated and worth a mention.

Stay Informed

A bit of a shameless plug but the security landscape is changing constantly. For example, there’s currently a new security measure being rolled out called Passkeys. While not very widely used, passkeys are widely available, yet it still seems most people I run into either don’t know what they are or if they should use them. This is far from the only example, just one of the most recent and visible. It’s important to stay updated on new threats to your security as well as solutions to protect them. Of course, staying on top of the evolving tech landscape is basically a full time job, and I don’t expect my readers to dedicate that amount of time to this stuff. Thankfully there are lots of resources out there who do all the work for you and then bring you a snapshot of the most important stories on a regular basis. I list several such resources on my website in various formats to cater to your preferred style of taking in information: reading, watching, and/or listening. Don’t forget that yours truly also regularly publishes videos and a podcast and news feed.

Tech changes fast, so be sure to check TheNewOil.org for the latest recommendations on tools, services, settings, and more. You can find our other content across the web here or support our work in a variety of ways here. You can also leave a comment on this post here: Discuss...