What Security Advice Do The Experts Offer?

I recently read an article from Heimdal Security about online safety.  In this article Heimdal had asked 18 experts in the field of cybersecurity for their top 3 ideas about how to stay secure.  The contributors included top cybersecurity professionals from several anti-malware companies, security bloggers, and cybersecurity industry professionals.  The original article is here.

What I found interesting were the suggestions that they shared in common.  Here’s the rundown, and the number of security pros who offered same the tip.

Hacking Humans and Social Engineering

  • You are the most important security tool.    Be skeptical, trust no one.  Many exploits rely on social engineering and trickery to work.  Learn how they work.  Don’t be someone who falls for these exploits. (3)

Email and Phishing

  • Don’t click on links in emails from unknown parties. (6)
  • Be aware of potential phishing emails.  Spelling and grammar mistakes have decreased, you need to know what else to look for. (5)
  • Be aware of potential computer exploits targeting your computers. (4)

Updates and Patching

  • Patch third party applications such as Java, Reader, and Flash (9)
  • Run systems updates for your operating system.  (Windows updates, Apple updates) (7)
  • Update firmware for on all your devices including routers, networking devices, printers, and system BIOS on computers.

Passwords and Authentication

  • Create long and strong passwords of at least 10 characters.  (5)
  • Set up and use a password manager for all your passwords. (My favorite is LastPass.) (3)
  • Never reuse the same password on multiple accounts. (3)
  • Set up and use two-factor authentication wherever you can. (5)


  • Run an anti-malware software.  Windows Defender is pretty decent and better than nothing.  Or choose a program that is highly rated by an independent test lab such as A-V Test. (4)

Web Browsers and Web Applications

  • Update to the latest version of whatever web browser you use. (Edge, IE, Chrome, Firefox, Safari)
  • Disable or restrict Java and Flash on your web browsers.  (2)
  • Buy and use a Chromebook for web browsing, online banking and shopping.  Because Chromebooks rely on browser and cloud apps, and are unable to install applications including malware, a Chromebook is more secure.
  • Be careful what you download.  Use the manufacturer’s website.  Avoid popular download sites, they often offer unwanted programs that hitch a ride with the program you wanted. (2)
  • Free software and apps are not really free.  They take your personal information in exchange for your “free” use. (2)

Mobile Devices

  • Verify or set security and privacy settings on mobile devices
  • Use smartphone security such as a screen lock. (2)
  • When using unencrypted public Wi-Fi, use a VPN. (2)

Social Networks

  • Verify or set security and privacy setting on social network accounts.
  • Avoid over-sharing on social networks. (2)

Information and Data Security

  • Back up all your data, not only your computer, but your phone and tablet too. (2)
  • Think about the files you are creating and saving.  You can’t lose what you don’t have.
  • Be aware of third-party collection of your personal information and data.  This information is generally used in marketing, but can also be a gateway to an attack or exploit.

Following these tips can help you create and maintain a strong cybersecurity environment for you, your computers and devices, your networks, and your information.


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.