Our readers are a technically oriented group with a good awareness of the dynamic nature of the cyber threat. You do not need lists of best practices, you live them by continuously assessing your environment and taking action to reduce risk as appropriate.
But all of us have friends and family or co-workers who are not technically strong or do not have awareness of adversary capabilities and intent and could use some guidance on best practices.
The problem is that there is an overwhelming amount of guidance on best practices, some very old and now irrelevant and others based on myths but now promulgated by reputable sources. And some guidance actually is a bit too hard for the average person to really implement.
With that in mind, below I’m sharing the list I use as I advise others on their home security. These things are much easier to implement if a person with at least some basic tech skills are helping out (so really the list is for you to use when guiding your friends and family in improving their security).
Things To Help Others Implement at Home:
- Show others how to make sure all computers are patched, and every application on every device is updated.
- Recommend a good password manager and give tips on how to use it (there are many, I recommend Dashlane).
- Explain how DNS works and help people leverage one that helps slow the bad guys. I recommend the Quad9 DNS service.
- Encourage the use of multi factor authentication for every service used on the Internet. Help others think through any services that might be overlooked: ask about banks, shopping, clubs, calendars, documents, photos, social media. Show how to turn on multi-factor authentication feature as required.
- For email, recommend the use one of the big providers (Google or Microsoft). They invest heavily in security engineering to help reduce risk to their users.
- For small business owners, steer them to the best practices articulated by the Global Cyber Alliance.
- Everyone should maintain awareness of the changing nature of the cyber threat. For that sign up for the OODA Daily Pulse.
Note: I do not recommend any home users implement a VPN. There are reasons corporate users do that, but the average citizen just doesn’t need that level of protection anymore. Will be writing more about that shortly.
If you have other tips you offer friends and family to make the more secure please share, would love your inputs.
- OODAcast– A Conversation with Dan Gerstein - April 1, 2020
- Update on The End Coronavirus Project and Need for Volunteers - March 28, 2020
- Think Twice Before Deciding To Use A Personal VPN: You could be getting some really bad advice - March 23, 2020