3 rules of personal cybersecurity: Advice for our clients (summary)
29 May 2019
Personal cybersecurity has become increasingly vital. For ordinary people, the concept can feel overwhelming. To simplify this crucial topic, three essential rules serve as an effective foundation against most untargeted cyberattacks.
The Power of Simplicity
These three rules succeed because of their straightforward nature. They’re easily explainable to family members and grandparents alike—crucial because overly complex cybersecurity advice often discourages people entirely. Consistently applying a few fundamental principles proves more effective than ignoring comprehensive guidance.
Rule 1: Protect Your Most Important Accounts
Safeguard email accounts (which can reset all other accounts), banking/financial accounts, online storage, and password managers. Use complex passwords and enable two-factor authentication with biometric options like Face ID or fingerprints. Consider how loved ones might access these accounts during emergencies.
Case example: A breached personal account lacking two-factor authentication led to stolen documents. Criminals discovered divorce settlement details and used them to defraud the victim of $70,000.
Rule 2: Use Only Trusted Devices
A trusted device has known history and only trustworthy software. Limit software installations, especially browser extensions or questionable programs. Keep systems updated and retire devices lacking security patches. Consider virtualising experimental machines separately from sensitive-use devices when possible.
Case example: A CEO’s unmanaged Mac with untrusted browser extensions compromised his work email credentials, enabling corporate espionage.
Rule 3: Maintain Device Trustworthiness
Remain vigilant about installations and online activities. Regularly review app permissions—camera, location, microphone access. These settings often surprise security professionals during audits.
Setting Baseline Standards
These rules establish minimum cybersecurity standards for individuals without specific threats, though they don’t guarantee absolute protection. They derive from practical breach investigation experience rather than scientific studies, offering efficient protection strategies.
Special Circumstances
Executives, business owners, public figures, journalists, and activists require tailored cybersecurity strategies beyond these fundamentals and should seek specialised expertise.
Business Applications
Organisations require comprehensive cyber defence strategies scaled to their specific risks. Notion Digital Forensics specialises in helping companies develop and implement appropriate cybersecurity frameworks.