Personal Cybersecurity Practices

Use a password manager: Applications like Bitwarden (free), LastPass, or 1Password can generate and store complex passwords for all your accounts. You'll only need to remember one master password.

Create passphrases: Instead of complex combinations of special characters, try longer passphrases that are easier to remember but harder to crack. "Purple5Elephant$Dancing" is both more secure and more memorable than "P@s5wrd!"

Enable two-factor authentication (2FA): This adds an extra verification step (typically a code sent to your phone) when logging in from a new device. Many services now offer this option in account settings, and it dramatically reduces the risk of unauthorized access.

Be skeptical of unexpected attachments: Even if an email appears to come from someone you know, unexpected attachments should raise red flags. When in doubt, verify through another channel (like calling or messaging the supposed sender) before opening.

Hover before you click: Before clicking any link in an email, hover your cursor over it to see the actual destination URL. If it looks suspicious or different from what you'd expect, don't click.

Watch for urgency and pressure: Legitimate organizations rarely demand immediate action under threat of consequences. Emails creating artificial urgency ("Your account will be deleted in 24 hours!") often indicate phishing attempts.

Use screen privacy filters: These simple overlays prevent visual "shoulder surfing" in public spaces or open offices.

Lock your computer: Get in the habit of locking your screen (Windows key + L on Windows, Command + Control + Q on Mac) every time you step away, even for a minute.

Clear your desk: Papers with sensitive information, sticky notes with passwords, and even seemingly innocent meeting notes can reveal confidential information.

Use a VPN: A Virtual Private Network encrypts your internet traffic, making it unreadable to anyone monitoring the network. Many companies provide VPNs for employees; if yours doesn't, consider a reputable personal option.

Avoid sensitive transactions: If you must use public Wi-Fi without a VPN, save banking, shopping, or accessing sensitive work documents for when you're on a secure network.

Verify network names: Before connecting, confirm the exact spelling of the legitimate network name to avoid "evil twin" networks set up by attackers with similar-looking names.

Keep software updated: Those update notifications might be annoying, but they often contain critical security patches. Schedule updates for convenient times rather than postponing indefinitely.

Enable automatic backups: Regular backups of important files protect against both device failure and ransomware attacks. Cloud storage services and external drives both work well as part of a backup strategy.

Install reputable security software: Modern security programs offer protection without significantly slowing your device. Many employers provide security software for work devices, and sometimes for personal devices too.

Review privacy settings: Regularly check and update who can see your posts and personal information on social platforms.

Be careful what you share: Information like your location, travel plans, or details about your work project could be useful to cybercriminals.

Watch for connection requests: Be wary of requests from unknown individuals, especially those with minimal profile information or connections.

Report suspicious emails: Most organizations have a process for reporting potential phishing attempts. Use the "Report phishing" feature in your email client or forward to your IT security team.

Act quickly on compromises: If you suspect an account has been compromised, immediately change passwords and notify relevant parties (your IT department, the service provider, etc.).

Don't be embarrassed: Cybersecurity incidents happen to everyone. Reporting problems promptly is more important than avoiding embarrassment.

Start small: Implement one new practice at a time until it becomes automatic before adding another.

Use security features already available: Most devices and services have built-in security features you may not be using yet.

Stay informed: Subscribe to a simple security newsletter or follow trusted sources for updates on new threats without overwhelming technical jargon.