I recently read the book Online Danger by Dr. Eric Cole. In addition to the tips it shares, it teaches a security mindset. I’d like to share my summary of the book with you. I also encourage you to read the book for yourself!

Note: this post contains affiliate links.

Get the audio podcast version of this post.

Book Summary

The book contains practical personal cybersecurity advice for the average person. It’s neither overly simplistic nor overly advanced. Dr. Cole deliberately shares only fairly basic tips, skipping those that average users won’t implement because they’re too difficult. Each chapter ends with bullet points containing the chapter’s salient points.

Dr. Cole explains not only how to protect yourself, but also how to protect your family, and how to help them protect themselves by teaching them a security and privacy mindset.

Dr. Cole summarizes the book by saying, “Remember, everyone on the Internet could be out to get you, use your common sense.” He points out that, as much as possible, you must be responsible for your security and privacy. He sets realistic expectations; rather than telling you that following his advice will make you unhackable, he says,

Success in cybersecurity comes in reducing the frequency of hacks or breaches and minimizing the impact on our lives.

He also says,

‘Prevention is ideal, but detection is a must.’ Truly, you will not be able to stop all attacks, but you should make it your goal to minimize or control the damage.

The book is somewhat repetitive, but that was probably deliberate, to reinforce points. I don’t like that the book uses a ninja theme, telling you to “be a cyber ninja” and frequently using ninja-related terms. Please don’t use “ninja” or related terms unless you’re talking about Japanese covert agents who existed prior to the 18th century.

Dr. Cole is the founder of a cybersecurity consulting firm. He is an actively involved SANS Fellow, and was CTO of McAfee. He’s the parent of 3 kids, so he has experience helping kids stay safe online.

Here are my notes from the book.

The New World Order

4 basic cybersecurity principles (security 101)

  1. Always run latest version of any software you install.
  2. Don’t put off installing patches from software vendors.
  3. Uninstall any software you don’t use. Think of each program like a window in a house. The more windows, the more opportunities for someone to break in.
  4. Never use an administrator account for daily activity; log in as a normal user with limited access. This limits the damage in case of compromise.

Use one computer/device only for all sensitive or personal info (taxes, banking, passwords, etc.). Use a different computer/device for everything else, and never for sensitive or personal info.

The Realities of Cyberspace

Before giving away or recycling electronics, remove their hard drives or securely wipe them.

Secrets and Lies

To defend against spoofing and phishing, verify the sender’s identity through a different communication medium. For example, verify that someone sent an email by calling or texting them.

Don’t answer quizzes and surveys, which often ask for personally identifiable info (PII).

Don’t share your location online, through posts or checking in. Doing so makes your home vulnerable to thieves, and shares details about your daily routine.

Use anti-malware software, host-based intrusion prevention (HIPS), application whitelisting (list of approved software), full-disk encryption (FDE).

Losers, Slime Balls, Forlorn Lovers, and Predators

Ask callers to verify their identity by providing details about the company they claim to call from. If they can’t, or if you have any doubt, hang up and call the company directly.

Use file-sharing services such as Dropbox instead of email attachments.

Don’t connect your computer directly to your modem; put a router in between, because it contains a firewall.

Back up any valuable data. Always assume your system could be made unusable at any time.

You Are the Target

Any time you walk away from your computer or device, lock the screen. Any time you’ll be away from it for an extended period, turn it off.

Never post your address, current location, school you or your kids attend.

Before accepting a questionable friend on social media, verify their identity through friends or phone calls.

Don’t use “remember me” feature on websites, because they often lack security.

Don’t save credit card numbers online.

Use separate credit cards for online purchases. That makes it easier to pinpoint the source of fraudulent charges. Set low limits on those cards.

Thoroughly review your free credit reports (AnnualCreditReport.com), and consider buying additional ones to check more frequently.

IdentityTheft.gov contains resources for managing identity theft.

Enable airplane mode on your phone when you don’t need it to communicate, to increase protection.

From a functionality perspective, you want data in many places. From a security and personal protection standpoint, you want data in a minimal number of places. Achieve balance with these conflicting strategies by focusing on the access and storage of the information.

Smile, You’re Being Recorded! Permanently

Limit which apps can track your location.

Treat your email as a public record, because it could be compromised. Also, keep in mind that email constitutes a legal record and can be admissible in legal actions.

Secure delete programs aren’t foolproof; destroying a hard drive is the only foolproof method.

Before you store sensitive data online, encrypt it on your computer.

“The only foolproof way to protect yourself against being recorded is to go camera-less or microphone-less. … try to buy devices without any type of recording features.” If you can’t, then cover, block, or disable them.

Childproofing Cyberspace (for Kids and Adults!)

Follow your children online [on social media], but do not interact with them, at least not in front of their friends. … Do let your children know they are being watched, and quickly address any concerning behavior.

Parents should measure the trust and independence they want for their children against safety and caution. Rather than feeling like you are invading their privacy, commit to the idea that you are protecting them.

Don’t give kids admin access on any device.

Periodically, and unannounced, use your kids’ devices. When you do, check browsing history. If child has deleted history, that’s a sign of trouble.

Set up parental controls on any device you give to kids. Disable location tracking (although you may want to use a location tracking app to track them). Require passwords before in-app purchases. Limit or disable data usage. Restrict incoming and outgoing calls to approved numbers.

Only allow kids’ devices to be used and charged where and when adults can supervise.

When children become old enough, remove parental controls, but still monitor behavior.

Approach children as their ally; you’re not trying to get them in trouble, but to save them from trouble.

Is It Time to Become Amish?

Just as driving less will decrease your chances of getting in an accident, even if you don’t completely stop driving, so decreasing the data you store and your Internet usage will decrease your chances of digital injury, even if you don’t completely stop using the Internet.

Depending on what you do online, consider cyber insurance for yourself or your family.

Further Reading

I recommend that you read the book, Online Danger by Eric Cole. The Resources page has additional cybersecurity and privacy books.

View book on Amazon (aff. link)

What You Should Do

Read the book. Yes, I’ve summarized it here, but that’s not a substitute for reading the book. The book provides not only tips, but also teaches a security mindset. Here are a few tips I’ve hand-picked from the book:

  1. Uninstall any software you don’t use. Think of each program like a window in a house. The more windows, the more opportunities for someone to break in.
  2. Before giving away or recycling electronics, remove their hard drives or securely wipe them.
  3. To defend against spoofing and phishing, verify the sender’s identity through a different communication medium. For example, verify that someone sent an email by calling or texting them.
  4. Don’t answer quizzes and surveys, which often ask for personally identifiable info (PII).
  5. Don’t share your location online, through posts or checking in. Doing so makes your home vulnerable to thieves, and shares details about your daily routine.
  6. Use file-sharing services such as Dropbox instead of email attachments.
  7. Never post your address, current location, school you or your kids attend.
  8. Before accepting a questionable friend on social media, verify their identity through friends or phone calls.
  9. Don’t give kids admin access on any device.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.