I’d like to share with you my summary of the book Cyber Attack Survival Manual: From Identity Theft To The Digital Apocalypse And Everything In Between by Nick Selby and Heather Vescent.
Cyber Attack Survival Manual Book Review & Summary
The book contains pretty good personal cybersecurity advice covering a range of topics, but it’s not as helpful as other books I’ve read, and it’s not very engagingly written. Each chapter ends with takeaways in 3 levels: basic security, advanced measures, and tinfoil-hat brigade (for the extremely cautious or paranoid). The book has a realism and grittiness that probably comes from co-author Selby’s police work. I like the artwork throughout the book (see sample below).
Co-author Nick Selby is a police detective who investigates computer crime, fraud, and child exploitation. He consults law enforcement agencies on cyber intelligence and investigations. He has fought cybercrime for over a decade and is well-acquainted with online scams, fraud, and hacks.
Co-author Heather Vescent is a futurist with expertise in cyber-economics and cryptocurrency.
Here are my notes from each chapter.
- Amazon Kindle Edition
- Selby, Nick (Author)
- English (Publication Language)
- 405 Pages - 10/10/2017 (Publication Date) - Weldon Owen (Publisher)
Keep Your Identity Safe
Password managers
LastPass helps you remember and manage your secure passwords all in one place. Never forget a password again.
Keeper is a top-rated password manager for protecting you, your family, and your business from password-related data breaches and cybersecurity threats.
1Password remembers all your passwords, so you can easily log in to sites with a single click.
Dashlane fills all your passwords, payments, and personal details wherever you need them, across the web, on any device.
Takeaways
- Use a different strong password for every login (websites, desktop programs, phone apps).
- Use a password vault program (password manager).
- Don’t get your kids’ social security cards unless necessary.
- Check kids’ credit at least quarterly.
Where the Money Is
- If you get a message from your bank asking you for info, call the bank’s known number to ensure it’s legit.
- Check credit reports regularly.
- Use only cards with chips (don’t swipe).
Protect Your Privacy Online
Hackers can “sniff” insecure public W-Fi to see what you’re doing. Hackers can set up a second network with the same or a similar name as a trap. Always ask for the name of the network, and use a secured network whenever possible.
Think twice about storing sensitive data online (identification, tax docs, etc.).
Takeaways
- Set all social media privacy settings as high as possible.
- Protect home Wi-Fi with WPA2.
- Don’t accept friend requests from strangers.
- Never use public Wi-Fi without a VPN.
- Restrict what you share on social media.
- Consider covering cameras and microphones with electrical tape.
ProtonVPN offers secure VPN through an encrypted VPN tunnel, so your passwords and confidential data stay safe, even when you are using public or untrusted Internet connections.
Keep Kids Safe Online
Kids shouldn’t assume nude photos they send will stay private.
Use OpenDNS to control the sites kids can visit.
To prevent kids from using a bootable operating system (OS) on your computer, set a BIOS password on a Windows machine or a firmware password on a Mac.
Teach kids that they’re not anonymous online, and there are bad people online. Don’t scare them, but help them understand the threat is real.
Set alerts for when a kid tries to access a blocked site or search certain words.
Check browsing history using your router or with ISP.
Regularly discuss online safety with kids as they grow. Praise good behavior. Let them know they can come to you if they get into trouble.
Review teen’s online footprint together; act like a college admissions officer or potential employer.
Takeaways
- Monitor kids’ social media (with software, or manually).
- Talk to kids about what’s safe to share.
- Log traffic.
- Enable GPS tracking on kids’ phones.
The Internet of Things
Protect yourself from Internet of Things (IoT) devices
- Read everything you can about a device, especially data-use policies.
- Opt-out of data collection and/or use offline or airplane mode.
- Change default passwords immediately.
Secure messaging systems: Signal, Wickr, Tor.
Takeaways
- Change default modem and router passwords.
- Use screen lock codes on all mobile devices.
- Isolate IoT apps from sensitive data.
- Ensure medical devices are locked to only critical services.
- Consider a separate home network or VLAN for IoT devices.
Not Just Phoning It In
Enable screen lock. Use a password instead of a PIN, if possible. Set screen to lock after a short amount of time (2 minutes or less).
Disable communication (Wi-Fi, hotspot, Bluetooth, NFC, etc.) and only enable when necessary.
Don’t use your phone on public Wi-Fi without a VPN. Or, use mobile data.
In the US, the government can use your fingerprints to unlock, but they can’t force you to give your password.
To better secure your phone, turn it completely off and remove the battery if possible.
Takeaways
- Set a good password (7+ characters or numbers, or good pattern).
- Encrypt phone.
- Enable phone locator in case the phone is stolen.
- Limit the number of days of email stored on the phone.
- Use two-factor authentication (2FA) whenever possible.
- Disable location services and only enable when necessary.
Cyber Security and Small Business
When selling online (e.g., Craigslist), limit the info you reveal. Consider a burner app (for a temporary phone number) and meet in public. Ensure a friend knows where you are.
Cloud backup
- Dropbox
- SpiderOak
- Backblaze
BackBlaze provides astonishingly easy and low-cost cloud storage for your files. You can automatically back up your Mac or PC files and access them anywhere.
The Deep Dark Net
- Surface Web: public websites, indexed by search engines.
- Deep Web: websites not indexed by search engines, but can be visited using a standard browser if you know the address.
- Darknet: websites that can’t be visited using a standard browser, and typically require a Tor browser to view. It also includes other protocols and environments (IRC, I2P, etc.).
International Cybersecurity
Burner apps for creating anonymous phone numbers: Burner One, Hushed, CoverMe.
If you travel out of the country, consider renting a phone or computer in the country you travel to, to avoid searching for devices when you return home.
Takeaways
- Encrypt all products and communications.
- Use separate devices when outside your country.
Summary
- Password-protect and disable remote management on modem, router, any other Internet-connected devices.
- Never give private info over email or text. Always call bank, utility, service that’s claiming to request info.
- When shopping online, consider using guest checkout and one-time credit cards.
Cyber Attack Survival Manual Book Review – Final Thoughts
If you found this summary helpful, then read the book, Cyber Attack Survival Manual: From Identity Theft To The Digital Apocalypse And Everything In Between by Nick Selby and Heather Vescent.
- Amazon Kindle Edition
- Selby, Nick (Author)
- English (Publication Language)
- 405 Pages - 10/10/2017 (Publication Date) - Weldon Owen (Publisher)
The Resources page has additional cybersecurity and privacy books.
What You Should Do
Here are several tips I’ve hand-picked from the book.
- Use a different strong password for every login (websites, desktop programs, phone apps).
- Use a password vault program (password manager). (I like LastPass.)
- Use only cards with chips (don’t swipe).
- Protect home Wi-Fi with WPA2.
- Use OpenDNS to control the sites kids can visit.
- Teach kids that they’re not anonymous online, and there are bad people online. Don’t scare them, but help them understand the threat is real.
- Regularly discuss online safety with kids as they grow. Praise good behavior. Let them know they can come to you if they get into trouble.
- Change default modem and router passwords.
- Disable phone communication (Wi-Fi, hotspot, Bluetooth, NFC, etc.) and only enable when necessary.
- Encrypt phone.
- Enable a phone locator in case your phone is stolen.
- Use two-factor authentication (2FA) whenever possible.
- Disable location services and only enable when necessary.
- Password-protect and disable remote management on modem, router, any other Internet-connected devices.
- Never give private info over email or text. Always call bank, utility, service that’s claiming to request info.
ProtonVPN offers secure VPN through an encrypted VPN tunnel, so your passwords and confidential data stay safe, even when you are using public or untrusted Internet connections.
Private Internet Access provides state of the art, multi-layered security with advanced privacy protection using VPN tunneling. It helps block unwanted connections, hide your IP address, and defend yourself from data monitoring and eavesdropping.
TorGuard protects you from hackers, net censorship, identity theft, and ISP's monitoring activities. It provides easy to use services that protect your online identity.
ExpressVPN hides your IP address and encrypts your network data so no one can see what you're doing. You can access any content, no matter your location using ultra-fast VPN servers.
TunnelBear encrypts your internet connection to keep your online activity private and anonymous. It's very easy to use for both consumers and teams.
Windscribe helps you browse the web privately as it was meant to be. It encrypts your web activity and blocks ads for a better web browsing experience.
SurfShark enables you to access the Internet anonymously. It prevents malware and phishing attempts, and blocks ads for a better web browsing experience.
NordVPN provides a secure VPN service for everyone. It keeps your data safe and helps keep your online identity anonymous.
