KSL.com Challenge: Become cybersecure in just 1 month

Estimated read time: 7-8 minutes

This archived news story is available only for your personal, non-commercial use. Information in the story may be outdated or superseded by additional information. Reading or replaying the story in its archived form does not constitute a republication of the story.

SALT LAKE CITY — You wouldn’t leave your valuables on the front seat of an unlocked car parked in downtown Salt Lake, but you might be doing the digital equivalent.

Tech is ubiquitous and makes our lives immeasurably easier, but we’re often glued to devices we don’t fully understand. In fact, we regularly leave our online data and devices on the metaphorical front seat.

Making the necessary changes to protect ourselves, however, simply isn’t our No. 1 priority. We’re busy people and our schedules fill up quickly.

But what if you could make your digital life immensely more secure in just one month? Here are nine simple changes recommended by Utah’s Department of Public Safety. Do one thing every three or four days, and you’ll be done by Halloween.

Oct. 2-5: Password safety

A strong password is your first line of defense against cybercrime, and the internet is full of tips to make yours better. But the easiest way to choose a more robust password is to use a passphrase instead.

A password is usually just a bunch of random characters or a single word. A passphrase is a string of words. For example, you may use "hotdog74" as your password, but "Ilovetoeathotdogsonthebeachwith74packetsofmustard" as your passphrase.

Avoid using personal information that hackers could guess, and try replacing letters with symbols. The letter “a” can be “@” or “l” can be an exclamation point. You can also use phonetic replacements like “ph” instead of “f.”

Another important but very underutilized tip is to use a different password for each account. A lot of people use the same password everywhere because it’s hard to remember so many, but password managers — like browser extensions, websites, and apps — can help.

Oct. 6-8: Multi-factor authentication

When possible, use multi-factor authentication. While that level of added protection won’t be available for all your accounts, those that store a lot of important information (like your email or bank account) should have it.

Accounts protected by multi-factor authentication usually require you to put in a second piece of information after your password — usually a code that’s sent to your phone. This will help protect your account even if your password is compromised.

Oct. 9-11: Keep tabs on your apps

Your apps may be running in the background and collecting your info via default permissions you didn’t realize you gave. You can manually turn these permissions off in your phone or app settings, and learn to just say “no” to permissions that don’t make sense. Location is a big one. Do you want that app to know where you are?

Oct. 12-15: Social media

Bad actors can find out a lot about you via social media, especially if you like to post frequently. Here are a few tips to be safer with the information you post:

Remember there is no delete button. Even if you delete something, screenshots still exist. Share wisely.
Update your privacy settings: The default privacy settings on your social media accounts may be more liberal than you want. Check your settings and change them so you’re only visible to friends and people you trust.
Only connect with people you trust: While it’s tempting to garner lots of followers, make sure you connect with people you know. Some followers may have ulterior motives.
Limit the information you post: While you may be smart enough to know you shouldn’t post a picture of your credit card on social media, think twice about posting your location.
Report harassment or suspicious activity: Speak up if you’re uncomfortable with something someone shared about you online or if you see suspicious or harassing behavior directed at you or someone else.

Oct. 16-18: Turn on automatic software updates

Keep your software up to date. Developers often patch security vulnerabilities in their software; but if you don’t update yours, those vulnerabilities will still be there on your end. Consider turning on automatic updates so you don’t have to think about it.

Oct. 19-22: Internet of things

The internet of things refers to any devices connected to the internet — a list that expands rapidly every year. Cars, phones, watches, TVs, security systems and even refrigerators can be online now. Your devices are gathering information about you, and once that information gets on the web, there’s a potential it can be stolen.

One of the most important ways to protect that information is by changing your devices’ factory security settings from the default password. Get creative and create a unique password for each of your devices. Make sure to secure your wireless network, and you may even want to connect your devices to their own network.

Keep tabs on the apps that your appliances connect to, as well. They may be running in the background or using default permissions you never realized. Learn to just say “no” to privilege requests that don’t make sense.

Oct. 23-25: Phishing

Take time to learn about avoiding phishing scams and teach someone more vulnerable than yourself — maybe your young kids or elderly friends who aren’t as tech savvy as you.

Phishing attacks use email or malicious websites to infect your machine with malware and viruses in order to collect personal and financial information. Cybercriminals will often try to lure victims to click a link or open an attachment that will infect their computer.

Be wary of emails coming from unknown sources and always check the address for small inconsistencies. Be cautious of generic greetings or commands to take immediate action. Avoid clicking on hyperlinks and hover over them first to verify authenticity. Consider investing in software that can protect you from malware.

If you feel like there’s something off, you’re probably right.

Oct. 26-28: E-skimming

E-skimming is when cybercriminals use skimming code on those web pages where you put your credit card information to buy something online. Once you’ve input the information, they can send your details to a domain under their control.

If you’re going to buy something online, make sure the website you’re using is secure. Check for a secured logo (often Norton Secured) and make sure the URL has a little lock next to it and begins with “https.” Search online to check that the website you’re using hasn’t recently or frequently been a victim of fraud.

If you think you’ve become a victim of e-skimming, change your passwords quickly and notify your credit card company and bank. Learn more about e-skimming and pass the information along to someone who might not know as much.

Oct. 29-31: Identity theft and internet scams

There is a multitude of ways to become a victim of identity theft and internet scams, but you can learn more about how to avoid becoming a victim.

To start, make sure you browse the web responsibly by always checking for the lock on your browser bar — this means you have a secure connection. Avoid free internet access, and if you do use an unsecured public access point, don’t do things (like banking) that would require you to input sensitive information. If you have a personal hotspot, that may be even safer than using public Wi-Fi.

Make sure to type links into your browser bar instead of clicking links or copying and pasting them from suspicious sites or emails, and don’t reveal personal information to unknown sources. Consider turning on automatic software updates so you don’t have to think about it every time there’s a security update.

If you are a victim of identity theft or fraud, report it.

Share your experience with this challenge in the comment section below, but be sure to follow KSL.com's comment guidelines.