Step 0

Assumptions

• You are not a cybersecurity expert
• You want to reduce the risks you're exposed to online
• You want to be resistant to the threats you face online
• You have a limited or no budget
• You do not want to spend a lot of time doing all of the above (let's be honest: you don't have the drive or diligence to do so. That's OK, most people don't. You're not a bad person, you're just human).

What we're going to do is walk you through some fundamental things that will help protect you from several different types of threats, reduce the risk assocated with online activity, and improve your resilience in case these defensive steps fall short or something else goes wrong.

Everything we're going to show you should cost you nothing but time and effort. There are paid options we'll talk about if you want to go down that route, but the goal here is to help you leverage things you've already got access to but maybe were not aware of that will go a long way in leveling up your cybersecurity posture.

Nothing we're going to do will guarantee you security. Nobody can promise that because that's just not possible. What we're doing is making your a harder target than you were before. 

Turn on Full Disk Encryption

Encrypting your computer hard drives helps reduce the likelihood that someone who manages to make off with a computer will also make off with the data therein. Full disk encryption, done properly, turns your stolen computer into a fancy brick. It costs nothing to implement and goes a long way in protecting what’s of value to you from both a data and resource perspective.

Create and Maintain Backups

The quickest, easiest, and cheapest way to get back to business in the event of an attack, or any sort of disruption—manmade or otherwise—is to have current backups available. Back up your data regularly. Store copies of that data off-line, and if you’re particularly cautious, off-site. Backups are not a sexy or sophisticated security solution, but a standard, often mundane, task. Yet the value of a current backup can be, in the right circumstances, the sum total value of your digital life.

Implement Multi-Factor Authentication

When an account is protected by a single password, the compromise of that password means the compromise of that account. Depending on the role a person plays in a company, the compromise of that account could lead to substantial losses. Multi-factor authentication makes it radically harder for the bad guys to compromise accounts, which in turn makes it harder for them to steal your data, money, etc. Multi-factor authentication adds another step to accessing accounts and services, but those extra seconds—literally seconds—are a small price to pay for one of the most cost-effective and powerful defenses you can put in place. 

Update Your Software: Now

Software updates reduce risk. Every time you update your operating system or software, you’re making it harder for the bad guys. It may be inconvenient at times, but it is literally the easiest thing you can do to improve your security posture. When asked to update your software, do it as soon as you possibly can. Every day you put it off is another day you leave yourself, and your firm, open to exploitation. 

Use A Password Manager

Weak passwords and poor password practices are one of the easiest ways to facilitate getting hacked. When it comes to passwords, most people take the path of least resistance, which becomes the path to a breach. Password managers make it easy to make and manage passwords that are harder to crack, and facilitate the use of unique passwords for every account, which makes for more secure accounts, and fewer opportunities to compromise your security. 

Delete Everything You Don't Need

All data breaches have one thing in common: someone gets away with data they should not have. Data can’t be stolen if it’s not there. Retain what data you must by law and to deal with short-term business needs, store what you need long-term off-line, and delete everything else. A breach at some point in time may be inevitable, but the impact is lessened if you don’t put any more data at risk than you absolutely need to.