10 Tips to Protect Your Digital Security

Dennis Skarr, EvCC instructor and cybersecurity specialist offers solid advice on how to keep your digital identity safe.

 

The need for good digital security practices is increasingly tied to all facets of our lives.  Digital hygiene, defined by Collins dictionary as, “good cybersecurity practices,” is more important than ever with our reliance on computers, browsers, apps, and electronic data for conducting everyday tasks.  Everything from checking social media, ordering food, banking transactions, applying for jobs and sending messages requires us to set up an account with our personal information.

photo courtesy of Dennis Skarr
Dennis Skarr, cybersecurity specialist and EvCC instructor

Dennis Skarr is a Subject Matter Expert (SME) member of a National Guard cyber protection team and also an instructor in the Computer Information Systems (CIS) department at EvCC. Skarr defines the three tenets of information security, “You’ve got the confidentiality, integrity and then availability.”  

He defines confidentiality as other people not reading your information, similar to privacy.  Integrity is not allowing others to manipulate information, such as banking. Availability is preventing others from denying you access, like malware and viruses.

1. Self-Awareness

There are obviously serious differences between the information contained in a Spotify account versus that in a banking account. Skarr recommends classifying all of your personal data that someone could get access to into different tiers of low, medium and high.  Make sure that your levels of protection for online accounts correspond appropriately to the sensitivity of the information that they harbor.

2. Create Strong Passwords

Skarr recommends individuals use long, unique, secure passwords or phrases that are easy to remember. “It’s no longer eight characters, upper, lower, special because technology can actually crack that thing in no time, no problem,” he says.  “But if you go into three or four words, even if it’s, ‘big dumb dog falls,’ it sounds like a terrible password, but now you have a 15 character password no upper, lower anything and if you need to make some complexity requirements throw a couple explanation points after it and like a couple numbers.”

Skarr explains the protection a strong password helps provide.  “Whenever a database of password hashes gets dumped, they’re running through with their crackers looking for the low-hanging fruit,” he says.  Put in layman’s terms, Skarr uses the analogy, “It’s kind of like the outrunning the zombie kind of method, where you don’t have to be the fastest, but you can’t be the slowest in the chain.  Because they’re going to be picking off all of the people with bad passwords.”

3. Use a Password Manager

An easy way to create and organize longer, more secure passwords for all of your accounts is by using a password manager. “For the stuff that really matters, I always recommend using a password manager and that way you don’t even know what your passwords are,” Skarr says. There are many different free and paid password managers available, such as LastPass, Dashlane and 1Password. Most act as browser extensions and function to create long passwords for individual accounts, only requiring you to remember your master passphrase used to access the password manager.

Create a secure passphrase that is a minimum of three to four words long and easy for you to remember. “What I always recommend for passphrases are like scripture, poetry, music lyrics, a sports phrase—whatever it is everyone has some useless trivia going around in your head that works for you,” says Skarr.

4. Enable Two-Factor Authentication

Another important element in protecting your digital information is to enable two-factor authentication (2FA) on as many of your accounts as allow it. Two-factor authentication allows an additional verification of your identity when logging into your accounts. “I’m a big fan of two-factor authentication whenever you can,” Skarr says.  

Two-factor authentication should be enabled on all accounts that you can, including your email, social media, banking, medical and password manager.  It usually consists of a one-time passcode either texted to your phone, generated by an app like Google Authenticator or Authy, or by a hardware-based key that can be inserted in a USB port or connected by Bluetooth such as a YubiKey or Google Titan. Hardware keys are relatively easy to set up and are the most secure, but make sure, just like a physical safe, to have a second backup key in case you were to lose one.  

5. Backup Your Data

It’s also crucial to back up your data.  “Definitely when it comes to your habit of storing data, have a backup – and it shouldn’t be in your house. If you have a fire, your backup at home is now cooked too,” Skarr says.  “The cloud is so easy these days, there’s Google Drive, Amazon, countless different ways to back your stuff up; I’d recommend with just a good cloud sync program.”

6. Avoid Public Wi-Fi

Equally important for digital security is good habits concerning the use of public Wi-Fi.  “If you’re just jumping on public Wi-Fi, really the best protection at that point is just jumping onto a virtual private network (VPN),” Skarr says. “And there’s a bunch of different apps for that, some are free, some antivirus (programs) will come with it.”  VPN’s encrypt the traffic between your phone, tablet, or computer and the VPN server and are useful for connecting to unsecure, untrusted networks.

7. Safer Web Browsing

Another factor to consider is good web browsing habits. Skarr advises against surfing the internet as an administrator on your computer and instead setting up a standard user account for yourself, “If you’re browsing the internet as an admin and you interact with malware, now it’s running as admin,” he says.  “If you hit it when it’s running as a standard user, you’ve restricted what it can do, so, it may not even be able to take a real effective hold.”

8. Additional Measures

Other best practices for digital security include keeping browsers and operating systems up to date, this is easily done by setting updates to automatically download and install.  Make sure to get software, apps and plug-ins only from the official manufacturer and app stores. Encrypt the storage on your devices, so that if they were lost or stolen, other people can’t view or copy the information.  Don’t share your login information with anyone else and use an antivirus program with anti-malware protection.

9. Practical Balance

Digital security also has to be practical to use in order for it to be effective.  “It’s just really kind of finding that balance, like security and convenience are an absolute tradeoff,” says Skarr.  He recommends, “If you’re just trying to stay current with what the basics are, a lot of the commercial magazines will get you there; Wired, PC World, even Life Hacker, all of them will have some basic cyber hygiene for security best practices, and 90 percent of it is exactly the same.”

10. Be Prepared

There’s a good chance your digital data will be compromised at some point, if it hasn’t been already.  Skarr says, “It can happen to everyone, you’re going to get hit at some point, just what’s your plan?”  He likens it to treating your digital information much like you would physical valuables. “Just be realistic with the threats out there. They’re constantly changing, they’re constantly evolving, they’re getting better, they’re getting more frequent,” he says.  “To assume that nothing is going to happen and that you’re living in this utopia is not healthy at this point.”

 


Students in the Ethical Hacking & Cyber Security Club, of which Skarr is the advisor, were asked to share their knowledge and provide some fast facts on how not to get hacked. Hear what the students in the club had to say in “Ethical Hacking & Cyber Security Club: How Not to Get Hacked.”