My Personal Security

MY PERSONAL SECURITY CHECKLIST


WRITTEN BY

  ISACA Lagos Chapter

OCTOBER 2023

 

To contribute to making the internet safer for all, ISACA Lagos Chapter has compiled this checklist to help you and your loved ones stay safe and secure online.

 

Personal Devices

  • Encrypt your phone, computer, and external hard drives.
  • Keep the operating system of your computer and phone always updated with the latest version.
  • Change the default passwords of your Internet of Things (IoT) devices.
  • keep your computer and other devices locked with a password, or a pin longer than four numbers.
  • Keep your software, operating system and browser up to date:

Software companies continuously include security fixes with every upgrade they release. Installing updates as soon as they are available can help you better safeguard your devices against malicious software, known as malware.

  • Review your passwords in browser’s settings:

Some browsers, such as Safari, review passwords for you and flag a warning next to a weak or repeated password. Make sure you review them all and change those at risk.

Safari > Preferences > Passwords 

Chrome >Settings > Passwords

  • Run a reputable antivirus product on your home PC or laptop:

This will help prevent your device from becoming infected with malware and may clean up an existing infection.

  • Only download applications from Google Play™ or the App Store®:

and never from a third-party app store. Third-party app stores, or apps that pop up and encourage you to download them, are more likely to contain malware.

 

Passwords

  • Do not use the same password for different accounts.
  • Use passwords that are at least 18 characters long whenever possible.
  • Use a Password Manager supported by the operating system or browser.
  • For accounts not in a password manager, create long, unique and memorable pass-phrases.
  • Configure https://haveibeenpwned.com/ to notify you in case your email appears on a breach. 

Multi-factor Authentication (MFA) 

  • All important accounts (email, social media, finance-related apps) should be protected with Multi-Factor Authentication (MFA) through MFA apps or SMS if there’s no other way.
  • Save MFA backup codes in a paper stored securely, or in your password manager. 
  • See references below for more details.

To click or not to click

  • Avoid clicking on suspicious links, or downloading suspicious attachments from emails, or text messages you don’t expect.
  • Don’t click on ads that promise free money, prizes, or discounts.
  • Don’t play with games, or answer surveys on social media that ask for sensitive private information.
  • Be cautious about the permissions you accept for all the apps you use
  • Delete the applications that you no longer use
  • Back up your important files.
  • Have emergency contacts configured on your phone.
  • Share information like this with friends and family to help them stay safe.
  • Report unsolicited emails as spam or junk and delete them rather than clicking the unsubscribe button.  Clicking unsubscribe informs scammers that your email is actively used, which puts you at further risk of being targeted. These buttons additionally may lead to malicious content.

The less you share the better

  • Be cautious about sharing Personally Identifiable Information (PII) over the phone, in email or via text message, especially if you did not initiate the contact.
  • Limit how much information you share on social media and lock down the privacy settings on your accounts. The information you share online could be exploited by fraudsters.
  • Configure your social media privacy settings to your preferences.
  • Don’t post private information like home address, private pictures, phone number, or credit card numbers publicly on social media. 
Cybersecurity

Cybersecurity on the Go

  • Avoid using public Wi-Fi hotspots—like the ones at coffee shops, airports, hotels, etc. Instead, stick to the mobile network and create a personal Wi-Fi hotspot with your phone. If you do use public Wi-Fi, be sure to use a Virtual Private Network (VPN) so that others can’t intercept your communications.
  • Don’t use publicly available charging cords or USB ports with your devices. These can be used to deliver malware onto your device or steal your data. Always be sure to plug your cord directly into the power source.

Securing your finances

  • Create and save bookmarks for the important banking and brokerage websites you visit often to avoid inadvertently entering your credentials on a fraudulent site.
  • Ensure you’re using a reliable email provider that has built-in security features such as MFA and strong spam blocking. Using an older email account that has not incorporated modern security protections may increase your likelihood of getting malware.
  • Monitor your existing lines of credit for fraudulent activities by leveraging a reputable credit and identity theft monitoring service. Additionally, consider freezing your credit to prevent fraudsters from using your identity to establish new lines of credit. 
  • Secure your home Wi-Fi by changing the router’s default password and username. Create a separate Wi-Fi network for your guests and make sure it’s not connected to your home’s “smart” devices.
  • Consider using a standalone device just for banking or investment activities. Physically separating your devices can help you better protect your high-consequence activities from cyber-enabled fraud.

 

Cybersecurity best practices for young people (ages 8+)

Sharing about me

  • I only post pictures or videos of myself online if I have permission from my parents or guardians. 
  • If someone is asking me personal questions like my home address, where do I go to school, what’s my phone number, or asking for pictures of me, I ask for help right away. 
  • I know that posting my name, birth date, home address, pictures, school address, phone number, or credit card numbers online can be dangerous for me and my family. 
  • I understand that in the online world, anyone can pretend to be someone they are not, so I shouldn’t meet with them in person. 

 

Safety Basics

  • I only download or install applications when I have permission from my parents or guardians. 
  • I avoid using short and simple passwords like “test”, “password”, “123456” or “Charlie1” 
  • I use passwords consisting of words united by a dash (-) or a space. For example: ice-cream-chocolate-is-the-best 
  • My passwords don’t include my name, birthdate, pet’s name, or other information that can be guessed. 
  • All my accounts use different passwords. I don’t click on pictures that promise free money, prizes, or games. Keeping it kind (for myself and others) 
  • I know that I may not be able to delete things I post online, and others can copy/repost them. It could even be connected to me 20 years from now. 
  • I ask for help if someone says something hurtful to me online. I also report and block them if I can. 
  • I mostly ignore comments, but if they get too scary, I report them. 
  • I treat others with kindness online, just like I would treat them in person. 
  • How I feel about myself doesn’t depend on other people’s likes or comments on social media.

 

QUIZ

Try out Google’s Phishing Quiz:

Google' sister company Jigsaw has an online quiz that tests how likely you are to fall for a phishing email.

https://phishingquiz.withgoogle.com/Privacy

References

  

Manufacturers’ Guides to Privacy Settings for Devices

Apple:  https://www.apple.com/privacy/control/

Google: https://support.google.com/chrome/answer/114836?co=GENIE.Platform%3DAndroid&hl=en-GB

Samsung: https://www.samsung.com/uk/support/mobile-devices/how-to-use-security-settings/

Microsoft: https://account.microsoft.com/privacy/ad-settings/signedout

Instructions for setting up MFA:  

Whatsapp: https://faq.whatsapp.com/1920866721452534

Linkedin: https://www.linkedin.com/help/linkedin/answer/a1381088/turn-two-step-verification-on-and-off

Google: https://support.google.com/accounts/answer/185839?hl=en&co=GENIE.Platform%3DDesktop

Yahoo: https://help.yahoo.com/kb/SLN5013.html

Privacy Settings for Social Media

Facebook: https://www.facebook.com/help/325807937506242

X (Twitter): https://help.twitter.com/en/safety-and-security/public-and-protected-tweets

Linkedin: https://www.linkedin.com/help/linkedin/answer/a1337839