So its the first day of #CyberAware month; Time for real talk.

Being secure online is all about performing the basics, or a cyber hygiene routine as I like to call it. Its about forming habits and developing situational awareness. Let me share some of the simple techniques 1/n
#1 Look at your Digital Footprint:
Ever actually googled yourself? Looked at the information you are sharing? Know where all your online accounts are?

First step is to do what an attacker would spend some time searching your name, email, other info.
#1 <Cont>
There are some tools you could use to help with this...

rocketreach.co
192.com
truepeoplesearch.com
usersearch.org
Search engines Google, Duckduckgo

Google: intext:<yourname> or <username>
Google: filetype:pdf <yourname> etc
2# Dreaded Passwords

The average person has like 20+ odd online accounts, and unless you're using a Password Manager or storing your passwords in a spreadsheet its likely they are similar

1) check haveibeenpwned.com
2) Create a strong Phrase
3) Use PW Manager
More...
2# <cont>
Its really important to understand that an attacker will search leaked and breached credentials online, there are about 15 odd billion out there. So it's likely the password you are using right now could be known by an attacker.

More...
#2 <cont>
Long is Strong- yes but its also about your personal threat model here..

Password manager will give you ability to generate 100 char password for every account, its also one single point of failure. Some people think password book is terrible, but do what is best 4 u
3# Multi Factor Authentication - its important!
Even if you have an amazing password, an attacker could still obtain this MFA will protect your accounts further.
1. SMS worst
2. App better
3. Ubikey :)
check out the awesome 2fanotifier.org
MFA is simple, helps protect u
3# <cont>

It is really important to note that you should think about enabling MFA on all your online accounts, this will help reduce your personal attack surface. Do also be aware that attackers can phish these, so don't think its the silver bullet. It is worth the time tho.
#4 Updates are really, really important.

Hey, pssst, yes you.. You may of heard this before, but update your sh*t.

It massively reduces your exposure to attacks that might be using a weakness in your operating system that the update fixed.
#4 <cont>
Updates also include:
Phone
Laptop/PC
Router firmware
Smart Fridge, TV, Toaster, smart anything

Also make sure you have anti-malware on all devices, it will help reduce common attacks :)
#5 Whoa, back up there...and there...and there.

Ensure you back up your stuff regularly, especially the things that are important to you. Not only is it a pain if your device dies, but if you manage to get Ransomware. Ensure you have both online and OFFLINE copies!
#5 <cont>

Here is a simple guide for backing up... might come in useful.

uk.pcmag.com/backup-4/8647/…
#6 Track me if you can....
Every site performs tracking, usually used for website analytics (where visitors are from, go etc), but also used by advertisers, and sometimes attackers. Reduce footprint by blocking these trackers. Use Brave browser brave.com
Brave will block trackers, ads and any scripts, its designed with privacy in mind.. defo worth it.

Also it has a real private browsing mode... using TOR.. :) Image
#7 Verify, before action (trusting).
There's a saying if something is too good to be true then it probably is, being a social engineer myself, its easy to trick people in to doing things they don't realise might be malicious, or useful for an attacker < Big Thread this one>
#7 cont Phishing is still probably the most effective tool an attacker in their arsenal. However, if you get a phishing email asking for you to click a link because your account has been compromised, don't! go to your acc login and check security notices. You have verified.. more
#7 cont.. urgency or pressure are a massive clue to something being wrong or suspicious. Attackers will play on urgency, to try and trip you up. Check the link does that look right, check the where it is sent from? But don't click the link, go to the website via google> login
#7 cont.. if you get a call from your <insert company name, bank, company just gone under, or in news>, its probably not them, so again hang up the call and use a different phone to call the number YOU have for them and verify the information.
We trust too easy, its time to stop
#8 What to do if you have been compromised?

1) Don't panic, ok maybe a little :)
2) Disconnect your PC from the internet
3) Change your online passwords quickly (did you have 2FA)?
4) Let your bank know, and credit monitoring
5) UK - Call thecyberhelpline.com
#8 <cont>
Some other things to do:
6) Change router password and ADMIN password
7) Check admin portal for connected devices and boot any that you don't recognise
8) Rebuild your machine from a backup, or worst case reset to factory settings.
9) make a quick cup of tea...
Ok that's it for now.. you do this and you'll be in a stronger place in terms of protecting your online information and accounts.

I wrote these articles a while back and its still just as relevant
tripwire.com/state-of-secur… (3 parts all linked)

Verify, Verify, Stay Safe.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with STUͣͬͭ ͣ ͬ ͭ 🕵️🔎

STUͣͬͭ ͣ ͬ ͭ 🕵️🔎 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @cybersecstu

1 Oct 19
So its the first day of #CyberAware month; Time for real talk.

Being secure online is all about performing the basics, or a cyber hygiene routine as I like to call it. Its about forming habits and developing situational awareness. Let me share some of the simple techniques 1/n
#1 Understand your own exposure:

Ever actually googled yourself? Looked at the information you are sharing? Know where all your online accounts are?

First step is to do what an attacker would spend some time searching your name, email, other info.
#1 <Cont>
There are some tools you could use to help with this...

pipl.com
192.com
infobel.com
searchpeopledirectory.com
Search engines Google, Duckduckgo

Google: intext:<yourname> or <username>
Goolgle: filetype:pdf <yourname> etc
Read 16 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!