A lot of people don’t take on security, because they figure they probably don’t understand the technical aspects of it. The reality is anyone who wants to secure their system can and should take steps to do so.

Security is a simple 2-step process: 1. Identify your vulnerabilities, and 2. Take reasonable steps to decrease your vulnerabilities. If you have a computer connected to the Internet, you understand at some level you are vulnerable to being attacked. Step 1–complete! So, what are you “reasonable steps” to protect yourself? If you just want to use your computer, here are some simple steps, most of which you will find are common sense:

• Make sure to apply any security patches available to you. Most operating systems will automatically apply patches by default. However, you may want to learn how to manually check for updates for your computer just to get a high-level understanding how it works, when updates are applied, etc.
• Try to avoid web sites you think are questionable.
• Don’t open e-mail attachments from senders you do not recognize. Even benign-looking attachments, such as images, can contain scripts that can harm your computer.
• Understand malicious software is not likely to advertise itself as malicious. It could run for weeks or months on your computer before ever revealing itself, if at all. (This isn’t necessarily something you “do,” it’s something you need to understand.)
• Do not offer any personal information on any web site (rule of thumb–there are exceptions).
• Be aware that anything on the Internet that is “free” is collecting information about you to sell to someone else. For example, Facebook not only tracks every post you make, but it tracks every “like,” video you click, how you interact with friends, etc., and they build profiles that are worth something to someone, but that someone is likely not you.
• If you have a smart phone, you are being constantly monitored–PERIOD! If you install an app like FaceBook Messenger, you are monitored even more–with your consent. A real-world example is going into a shopping center while on your phone. If you connect to their “free” wi-fi, you are giving them permission to see everything on your phone. If you don’t “connect,” your phone is still tracked by its MAC address. As you move from store to store, that unique address is monitored. The “mother ship” knows what time you entered, how long you spent in what areas of the store, what time you left, how long it took you to get to the next store, who or what other MAC addresses you spend time with, etc. If, at some point, you connect to an open wi-fi system and give them consent to “connect,” you have now enabled a match with your name to the MAC address, which that retroactively populates all the other data about you. Where there was once a MAC address, there is now your name, phone number, e-mail, contact list, browsing history, playlist, etc. The systems are sophisticated enough to add songs from your playlist to the music playing in the shop just to keep you there longer. (Before you roll your eyes, I used to work for a company that did all this and more.)
• If you use any online mail system (i.e., GMail), everything that passes through your email is read by the mail servers. This is no surprise to anyone, because you have most likely seen ads associated to some topic in an e-mail.
• E-mail is insecure in general. Specific information (i.e., sender and recipient’s e-mail addresses) must be available for servers to deliver the message–that’s common sense. However, everything in the message is subject to being read by bots. You need to encrypt the e-mail somehow to prevent the bots and prying eyes from reading it. Ideally, you can use an encryption certificate to encrypt the email to send. This isn’t complex, but it does take effort, and both the sender and recipients have to have the same key (a public key to encrypt it, and a private key to decrypt it). Optionally, you can use a program like 7-zip to encrypt and password protect a message, then send the message as an attachment. The recipient then only needs to know the password to decrypt the message.
• ProtonMail advertises itself as secure and with “end-to-end” encryption. This is great–for marketing! Unfortunately, most ProtonMail users are lulled into thinking their e-mail is secure. The reality, though is it is only encrypted if you are using their web-based e-mail system (for the basic version) AND you are e-mailing between ProtonMail users. Any e-mail going outside of the ProtonMail environment (such as sending from sender@protonmail.com to recipient@gmail.com) is automatically decrypted to allow the recipient to see it. The same works in reverse. Therefore, ProtonMail is only secure if it is used in a very specific way, which is not how most e-mail is conveyed. (Side note: ProtonMail is developed by an engineer at CERN and his team. Feel free to do your own research on CERN, then decide if you want to use ProtonMail.)

Assuming you made it all the way to this point, you are now aware that security is something anyone can address in their own environment. Knowing what types of things to look for is most of the battle when solving the problem. And preventing the problem is even better than solving it!

In our current world, no one will ever be completely “secure.” Let’s at least try to be “more secure,” a goal toward which we can all take some steps.