I’d like to share with you tips from the book Cybersecurity for Dummies by Joseph Steinberg. I’ll give you my Cybersecurity for Dummies book review and summary of the book, and you may want to buy your own copy.
- Cybersecurity for Dummies Book Review And Summary
- Bad Guys and Accidental Bad Guys—The Folks You Must Defend Against
- Evaluating Your Current Cybersecurity Posture
- Enhancing Physical Security
- Securing Your Accounts
- Preventing Social Engineering
- Recovering from a Security Breach
- Restoring from Backups
- Ten Ways You Can Improve Your Cybersecurity without Spending a Fortune
- Cybersecurity for Dummies Book Review – Final Thoughts
Cybersecurity for Dummies Book Review And Summary
This book is a decent, basic guide to cybersecurity for individuals and small businesses. It covers a range of topics at a non-technical level. Some Dummies books are better than others, and I was disappointed by this one. It’s not nearly as good as Firewalls Don’t Stop Dragons or Cyber Smart.
Still, it was worth reading because it contains some unique content. It’s that unique content that I focus on in my summary, rather than repeating information I’ve already shared in other book summaries.
I wish this book had more specific software and service recommendations. I realize technology changes rapidly, so including recommendations can date a book, but they would’ve made it more helpful.
The author has the right perspective on cybersecurity. He says,
It is important to understand that there is no such thing as 100 percent cybersecurity. Rather, adequate cybersecurity is defined by understanding what risks exist, which ones are adequately mitigated, and which ones persist.
I don’t completely agree with the author about password managers. He says,
Your online banking password should be strong, unique, and committed to memory — not stored in a database, password manager, or anywhere else electronic.
Later, he says about password managers,
Such technology is appropriate for general passwords, but not for the most sensitive ones. Various password managers have been hacked, and if something does go wrong when all your eggs are in one basket, you may have a nightmare on your hands.
In a perfect world, this would be true, but in reality, we can’t expect people to create and remember strong passwords for all their financial accounts and other sensitive accounts. In general, a password manager is the best option.
Here are my notes from each chapter.
Bad Guys and Accidental Bad Guys—The Folks You Must Defend Against
Be aware that online archives of newsletters from churches, synagogues, and other communities often contain birth announcements that include the name of the baby and his or her parents, and the baby’s date of birth. These details can help an attacker answer security questions.
Evaluating Your Current Cybersecurity Posture
If your router lets you disable older Wi-Fi protocols that aren’t needed by any of your devices (such as 802.11a, b, and g).
Put your router near the center of your home to limit how far your Wi-Fi extends outside your home, to reduce the risk of others getting access.
Don’t publicize medical information, including information about medical facilities you’ve been to, or conditions you suffer from.
Keep private data out of the cloud unless you encrypt it. Don’t rely on the cloud provider’s encryption; encrypt it yourself before uploading it.
If you’re accessing websites that you don’t want to be associated with you, use private browsing (which is only partial protection) or use the Tor Browser which has better privacy protections than standard browsers.
Don’t publicize your mobile phone number. Instead, get a number from a service like Google Voice and give that out. Have it forward to your real number. This protects against SIM-swapping, spam, and other risks.
Ensure that none of your IoT (Internet of Things) devices (smart devices) would create a security risk in the event of a failure. For example, a smart lock preventing you from leaving a room in case of fire, or letting robbers into your house during a power outage or network failure.
If possible, run your IoT devices on a separate network than your main devices. That IoT network should have a firewall protecting it.
Enhancing Physical Security
According to most experts, the majority of information-security incidents involve insider threats — meaning that the biggest risk to businesses is their employees. Likewise, if you share a home computer with family members who are less cyber-aware, they may pose the greatest risk to your cybersecurity.
Securing Your Accounts
Log out of websites when you’re finished; don’t just close the tab or browser. Only stay logged in on a device that is secure; that no one else has access to.
When a website allows, set limits. For example, limit how much money can be transferred out of a bank account, limit how much can be charged to a credit card when it’s not physically present, and limit the maximum amount that can be purchased in one day.
Preventing Social Engineering
Don’t list your family members in your Facebook profile. Doing so can leak information to criminals. It can reveal your mother’s maiden name or where you grew up, which are often answers to security questions. Listing your family members also gives criminals a list of people to target with social engineering or scams.
Don’t share information that contains answers to security questions or could allow others to impersonate you, such as favorite vacation spot, name of the first school, details about your first car, or your favorite food.
Don’t share images that reveal where your kids go to school, or their after-school activities, which could expose them to danger.
If you get a friend request from someone you don’t recognize, you can put their profile picture into Google’s reverse image search to see where else it appears.
Don’t assume that an account is legitimate just because it has a few mutual friends. Some of your friends may have unwittingly connected with a scammer. If an account has many mutual friends, it’s more likely to be the person they claim to be.
For safety, use bogus information when possible. For example, a fake birthdate and fake mother’s maiden name. However, don’t give false information when accurate information is required by law (for example, when opening a credit card account).
Recovering from a Security Breach
If one of your devices is breached, change any passwords that are stored on it, and check all accounts that were accessible from the device without requiring you to enter a password.
Restoring from Backups
Technically speaking, cryptocurrency is tracked on a ledger, not stored anywhere, so the restoration is not to restore the actual cryptocurrency, but rather to restore the private keys needed to control the addresses within the ledger at which the cryptocurrency is stored.
If you lost the device on which your cryptocurrency is stored, get the paper that has your keys printed on it. When you’re finished with the paper, return it to a secure location, such as a safe deposit box.
If you store cryptocurrency at an exchange, restore your credentials to the exchange through whatever means the exchange allows. If you properly backed up your passwords, obtain and use them.
If you use hardware wallets to store the keys to your cryptocurrency, the backup for the wallet device is often a recovery seed, which is a list of words that allows the device to recreate the keys needed. The list of words should be written on paper and stored in a bank vault and/or safe, not stored electronically.
Ten Ways You Can Improve Your Cybersecurity without Spending a Fortune
If you work from home, consider connecting your computer to the Internet via a different Wi-Fi network than the one that your family uses to browse the Web and play video games. Most modern routers support at least 2 Wi-Fi networks (one is usually called the guest network).
Cybersecurity for Dummies Book Review – Final Thoughts
If you found this Cybersecurity for Dummies book review helpful, then read the book, Cybersecurity for Dummies by Joseph Steinberg.
The Resources page has additional books about personal cybersecurity.
What You Should Do
Here are the top tips I’ve selected from this book.
- Put your router near the center of your home to limit how far your Wi-Fi extends outside your home, to reduce the risk of others getting access.
- Don’t publicize medical information, including information about medical facilities you’ve been to, or conditions you suffer from.
- Keep private data out of the cloud unless you encrypt it. Don’t rely on the cloud provider’s encryption; encrypt it yourself before uploading it (unless you’re using a zero-knowledge provider, such as Sync).
- If possible, run your IoT (Internet of Things) devices (smart devices) on a separate network than your main devices. That IoT network should have a firewall protecting it.
- Log out of websites when you’re finished; don’t just close the tab or browser. Only stay logged in on a device that is secure; that no one else has access to.
- Don’t list your family members in your Facebook profile. Doing so can leak information to criminals.
- Don’t share information that contains answers to security questions or could allow others to impersonate you.
- Don’t share images that reveal where your kids go to school, or their after-school activities, which could expose them to danger.
- Use bogus information when possible and allowed. For example, a fake birthdate and fake mother’s maiden name.
- If one of your devices is breached, change any passwords that are stored on it, and check all accounts that were accessible from the device without requiring you to enter a password.
- If you work from home, consider connecting your computer to the Internet via a different Wi-Fi network than the one that your family uses to browse the Web and play video games. Use the guest network for yourself or your family.
BitDefender Internet Security offers the best security against all Internet threats. Includes a privacy firewall to block intrusions and filter traffic, and secure VPN for complete online privacy.
F-Secure helps protect your devices against online threats. It also ensures that your identity is protected while you browse the web.
ESET provides advanced security for all your Windows, Mac, Android, and Linux devices. It blocks and eliminates even the most advanced threats.
Avira Pro protects your devices from malware, spyware, ransomware, and adware. It lets you bank, shop, pay, and email with complete confidence.
Avast Free is packed with the largest threat-detection network, machine-learning virus protection, and home network security that will not slow down your PC.
Kaspersky guards your devices against viruses, secures and stores your passwords and private documents, and encrypts the data you send and receive online with VPN.
McAfee provides virus protection against the latest malware, spyware, and ransomware attacks. It also has a password manager and a VPN for a safe web browsing experience.