Whether you like it or not, security is important in 2022. I don't think I really have to explain this - I can guarantee you have at least one digital asset that you really care about. It doesn’t matter what that account is - an online bank account, social media, a game you’ve put a lot of time into, whatever - you have at least one. Cybercrime is becoming ever more problematic and is only going to get worse over time.
How do you keep it safe?
Separate Out What’s Important
We’re going to start out with the toughest bit of love. If you can swallow this, everything else in this guide should be easy.
The best way to be really secure is to buy a separate device and delegate all important actions to that device only. Buy an iPad Mini or similar, make a separate accounts, and do all your online banking, etc. on that device. Update the software on it every time you turn it on, and turn it off after you are done doing what you need to do. Store it in a safe location and don’t let anyone else use it.
I imagine to most people, this sounds like entirely too much money and time. Really? I need an entirely new device just to do online banking? Thinking this way, however, isn’t properly accounting for the risk involved. People spend hundreds (if not thousands) of dollars a year on insurance for their cars, homes, and health. Identity theft can take thousands of dollars and years of work to correct, and maybe even do permanent damage - not so different from a flooded basement or a minor car accident.
Despite this, few people are willing to spend to improve their cybersecurity. If your bank account was hacked and emptied tomorrow, how much would you lose? If you lost control of your email, Facebook, or Amazon accounts tomorrow, how long do you think it would take you to get them back? Could you get them back? Suddenly, the price of a separate device and a few hours of time doesn’t seem bad in comparison.
So grab a used iPad or a cheap laptop, make a dedicated email account, and begin connecting your other accounts to that email. Use that email for the “important” things (whatever that means to you) and your personal email for everything else. Do not give out this email! Don’t use it to sign up for newsletters, or register for online games, or join surveys, or anything of the sort.
Why It Works
Two core, fundamental principles of cybersecurity are reduction of attack surface and the principle of least privileges. These are somewhat fancy terms for very simple concepts.
Reducing your attack surface means limiting the number of things someone can target and the ways they can target them. In this case, if you only log into your bank account from your dedicated device, then you only really have to worry about securing that one device. If you limit the software installed on that device, and make sure to not use it for anything else, you limit the time window and number of ways a cybercriminal could possibly get in.
The principle of least privilege states that a thing should only be able to perform a limited set of actions based upon its role. Your dedicated device should only have one purpose - managing your important online accounts. If you use the same email for Facebook and for your bank account, and both those services have the ability to reset your password via email, then a criminal only needs to get into that one account to eventually control all three. By creating separate accounts which do different things, you limit the amount of bad that happens to you if any one account is compromised.
Use a Password Manager
For most people, passwords are the single biggest security problem they have. The average person has dozens of online accounts, and the traditional advice for creating and using passwords simply does not scale to that number of accounts. Despite this, passwords are a reality that will not go away anytime soon.
A better way to manage passwords is with a password manager, a dedicated piece of software designed to hold them. Some popular password managers with good track records for security are 1Password, LastPass, and Bitwarden.
Why It Works
We already discussed how it isn’t practically feasible to remember all your passwords. Password reuse, however, is a huge problem because of what we previously discussed about the principle of least privileges. If you have the same password for your Facebook and your bank account, and your Facebook is hacked, then your bank account has (essentially) also been compromised.. You have now engaged in a race against time to change your bank password before the hacker accesses it, and let me tell you - you will probably lose. Keeping the accounts more separate by using different passwords increases the amount of work a criminal has to do.
Don’t Install Software
Software is becoming increasingly more safe. Viruses, malware, and other nasties are becoming harder and harder to make as platforms become more locked down. If you have a mobile device, especially an iPhone, it’s fairly unlikely (but not impossible) that you will download a serious piece of malware.
Permissions, pop-ups, fake apps, and dark patterns all mean that apps and programs can be ‘clean’ but still do bad things. For example, it’s widely believed that apps like Instagram and Facebook save everything that a user copies to their clipboard, on Android and iOS. Twitter has been caught at least once taking pictures of people’s faces without their consent when they are viewing ads. Programs like Google Maps can be saving your location all the time, even if you turn off location tracking. If any of this is a problem for you (which it should be), now think about every single program you’ve ever installed, and realize any of them could be doing those kinds of things. How are you supposed to know?
Why It Works
We return to our second core idea, reducing the attack surface. Remember, unless you’ve written the code or otherwise analyzed an app, you don’t know what it does! You’re trusting the platform developer (Microsoft, Apple, etc.) to catch everything for you, and even then you can still run into problems with permissions, leaking information, etc. If you simply have less software, you have less to worry about.
Conclusion
I hope you found this article informative, go forth and enjoy more security!
