Cybersecurity Basics for Non-Techies

We all rely on the internet for everything from banking and shopping to keeping up with friends and family. It’s become so ingrained in our daily routines that we hardly give it a second thought. But as much as it brings convenience, the digital world also opens the door to a host of potential threats. From malicious software to phishing scams and data breaches, the risks are increasingly dangerous and can have a devastating impact on our cybersecurity and finances.

Cybersecurity might sound like something only IT experts need to worry about, but the truth is, it’s something everyone should understand to protect themselves and their loved ones. Protecting your digital life doesn’t require a tech degree—it just takes a little knowledge and some simple precautions.

This guide will walk you through the basics of staying safe online, including how to spot common cyber threats like malware and phishing attempts, and what steps you can take to guard your personal data. With just a bit of awareness and a few smart habits, you can reduce your risk and enjoy the perks of the digital age without the worry.

What are cyber threats?

Malware

Malware, short for malicious software, refers to any software intentionally designed to cause damage to a computer, server, or computer network. Various types of malware threaten our digital security:

Viruses: These attach themselves to clean files and spread to other clean files, potentially deleting files or reformatting your hard drive.

Worms: Worms function independently, replicating themselves to spread to other computers by exploiting vulnerabilities.

Trojans: Disguised as legitimate software, trojans trick users into loading and executing them on their systems.

Spyware: Covertly gathers personal information often to benefit third parties.

Common sources of malware and how it spreads

Malware often infiltrates systems through email attachments from unknown sources, downloads from suspicious websites, deceptive online ads, and pirated or cracked software. These vectors can cause extensive damage before the user even realizes there’s a problem.

Phishing

Phishing involves fraudulent attempts to obtain sensitive information such as usernames, passwords, and credit card details by disguising oneself as a trustworthy entity in digital communication. Phishing emails might appear as communications from known organizations or individuals, luring the recipient into clicking harmful links or opening malicious attachments.

Spear phishing: Unlike basic phishing, spear phishing is more targeted and personalized, often aimed at specific individuals or organizations. Attackers gather personal information about their targets to make their emails appear more legitimate.

Identifying phishing attempts

To avoid falling for phishing attacks, be attentive for email senders whose addresses don’t exactly match known entities, messages creating a false sense of urgency, or threats of account suspension. Always hover over links to check the actual URL destinations before clicking.

Data breaches

Data breaches occur when unauthorized individuals access a system or database, retrieving confidential data like personal identification details, financial information, and healthcare data.

Impacts of data breaches

Data breaches can lead to financial loss due to unauthorized transactions, loss of reputation and trust for businesses, and personal information theft for identity fraud.

Basic cybersecurity concepts

Password management

Passwords serve as the primary defense against unauthorized access to your accounts. They can be crucial in preventing unauthorized access to personal and financial information, making strong password practices essential.

Tips for creating secure passwords

• Use a mix of letters, numbers, and symbols.
• Refrain from using predictable passwords, such as birthdays or commonly used words.
• Regularly update your passwords to keep your accounts secure.

Recommendations for password managers

Password managers store and generate strong passwords, sync across devices for convenience, and maintain security by not relying on weak or repetitive passwords.

Software updates and patch management

Cybersecurity isn’t a one-time setup. It requires constant vigilance and updating.

Regular updates

Software updates patch security vulnerabilities that cybercriminals could exploit. Keeping your system up to date is one of the simplest and most effective cybersecurity measures.

How to enable automatic updates

On operating systems like Windows or macOS, ensure that the automatic update feature is turned on through the settings. Regularly update applications, particularly browsers and antivirus programs, to maintain optimal security.

Firewalls and antivirus software

Firewalls and antivirus software are critical components of basic cybersecurity.

Firewalls

A firewall acts as a barrier between your network and external threats, filtering traffic to block unauthorized access.

Antivirus software

Antivirus programs can detect and remove malicious software, providing real-time protection against new viruses, thus ensuring your devices remain secure.

Safe online practices

Secure browsing

Secure browsing practices help ensure that your online data transfers are encrypted and safe from interception.

Recognizing secure websites (https://)

Secure websites are often identified by “https://” in the address, indicating that data encryption is in place.

Use of browser security settings

Enable security settings such as blocking third-party cookies and using do-not-track requests to protect your online activities.

Here’s how to enable these:

For Google Chrome

Blocking third-party cookies

1. Go to Chrome Settings.
2. Click Privacy and security.
3. Choose Cookies and other site data.
4. Select Block third-party cookies.

Enable do not track

1. In Privacy and security, click Security.
2. Scroll down to Advanced and toggle the option for Send a “Do Not Track” request with your browsing traffic to on.

Email safety

Email remains a common attack vector for cyber threats. Here’s how to be vigilant when dealing with potentially dangerous emails.

Avoid attachments and links from unknown sources

Do not open attachments in emails from unfamiliar senders and avoid clicking on suspicious links to prevent malware infiltration.

Using email filters and spam protection

Set up spam filters to automatically redirect suspicious emails away from your inbox, reducing your exposure to potential threats.

Here’s how to get started on Gmail:

1. Go to Gmail settings.
2. Go to the Filters and Blocked Addresses tab and click Create a new filter.
3. You can filter emails by specific criteria, such as sender, subject, or keywords. For example, if you want to filter out emails with the word “free” in the subject, enter it and click Create filter.
4. Then, select what action you want (e.g., Delete it, Mark as read, etc.) and click Create filter.

Protecting personal information

Limiting what you share online can be crucial in protecting your identity. Avoid sharing sensitive information like your full address or phone number in public forums to minimize risks. In addition, regularly review and adjust privacy settings to control who can see your information on social media platforms.

Mobile device security

Mobile devices are often more vulnerable than PCs, making them a prime target for cybercriminals. They are susceptible to mobile-specific malware, unauthorized app downloads, and data interception.

Follow these steps to keep the data on your mobile device secure:

Best practices for mobile security

Set up strong device passwords or biometrics

Use PINs, passwords, or biometric protection like fingerprint recognition to lock your devices and secure the data they contain.

Regularly update apps and the operating system

Ensure all installed apps, as well as the mobile OS, are regularly updated to patch vulnerabilities and enhance security.

Avoiding public wi-fi risks

Public Wi-Fi networks can be a breeding ground for cyber threats. Mobile devices are always on the go, meaning they connect to a variety of Wi-Fi networks, some of which may not be secure. Cybercriminals can intercept data on public Wi-Fi networks, such as your personal messages or login credentials, if your device isn’t properly secured.

Avoid personal use

If you must use public Wi-Fi, avoid accessing sensitive information like bank accounts or emails.

Using VPNs for secure connections

Encrypt your internet traffic and protect your data by using Virtual Private Networks (VPNs), especially when accessing public Wi-Fi.

By staying vigilant and following these basic security practices, you can minimize the risks of cyberattacks on your mobile device and enjoy the convenience it offers without compromising your safety. With cybercriminals increasingly targeting mobile devices, taking the time to secure your phone is a smart move.

Additional resources

To further enhance your cybersecurity knowledge and access recommended tools, consider using reliable antivirus and antimalware tools, participating in cybersecurity awareness training sessions, and exploring resources from reputable websites such as the FTC.

Protect yourself further by signing up for BeenVerified, a reverse phone lookup tool that helps you try to identify unknown callers and verify people’s backgrounds. It can be an essential tool for helping safeguard your personal information and stay safe from potential scams. Sign up today and take control of your security!