The Weakest Link In Cybersecurity is in Your Mirror

That’s right, it’s still you.  Sorry.

October is Cybersecurity Awareness Month, and this week’s theme is Simple Steps to Online Safety.

The toughest part of cybersecurity is securing the human mind, emotions, behaviors, and responses from the making a decision or taking an action that will open the door for a cyber-attacker.  The reality is that it is much easier to secure systems than humans. And unfortunately, humans have been given a lot of authority to override, weaken, or avoid the security measures that are put into their computer and network to protect them.

Here are my top ten ways that you can improve your security

  1. Longer passwords –  Only longer passwords can defeat automated password cracking that is used to reveal passwords.
  2. Two-factor authentication – A 2FA app on your smartphone, combined with your password makes it impossible for an attacker to hijack your email or online accounts unless they have both your password and your smartphone.
  3. Password managers – Easiest way to create and use hundreds of long, unique and truly random passwords.
  4. Phishing emails – Learn to recognize the tell-tale signs of most phishing emails, such as sender email address that does not relate to the expected domain of the impersonated sender.
  5. Check email links before clicking – Using the hover trick, see where the link will take you before you click through.  Or right click, copy the link address, and paste it on Virus Total to check if it is malicious.
  6. Confirm email attachments – Email attachments can be checked easily by forwarding the email to and waiting five minutes to receive the report back from Virus Total.  Or call the sender to confirm the attachment.
  7. Just hang up – Nobody from Microsoft or any other company is going to call you to tell you your computer has malware or any other problem.  Many cyber scams start with a phone call instead of an email.  Also, calls from “law enforcement” that ask you to pay for bail with GreenDot, Western Union, or Apple gift cards is a scam.
  8. Free open public Wi-Fi – Free Wi-Fi is great, but if you don’t need a passkey to connect, your entire session is transmitted in plain English through the air via radio (wireless, right?).  Someone else with a laptop and the right software can be recording your session.  Logging in to web sites on open wireless is a good way to lose your passwords.  No shopping or banking on open public Wi-Fi either.
  9. Smartphone anti-malware – Install a smartphone anti-malware app.  Use the same brand you use on your computer.  This applies to Android and iPhones.
  10. Smartphone remote wiping app – In the event your phone is lost or stolen, it is important to be able to delete your personal information on that phone.

These tens tips are Simple Steps to Online Safety that you can use to keep yourself safe and secure in your online life.


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.