Cyber Security for Business and Personal (Everyone!)

You probably know someone who has been hacked. There are a lot of different versions of hacking attempts and scams out there!

I think the creative person, the entrepreneur who is putting oneself out there a lot, has a higher degree of risk than most people. However, it can and does happen to anyone, in our internet world! On Sept 22, 2024, I found my personal Gmail and then YouTube channel hacked in a very bizarre series of events. Seemingly, I was the target of a Russian hacker organization... that pretended to be the Tesla company and Elon Musk.

It took me a while to figure out exactly how to respond... I did regain my email and YouTube channel in the end, after a bit of struggle... but then I also found myself attacked 2 more times within a week and a half. Here's the full story, told 11 months later in a YouTube video! Also, summary below, quick ideas on Cyber Security I implemented (going to a level of paranoia beyond what most people do....)

I was too lax on my security for a while prior to these attacks. There are some minimum things everyone should do!

Paraphrasing ideas from the end of this video at 35:20,

10 Cyber Security ideas to implement!

1. Passwords: Have difficult passwords. Have different passwords. Do not use the same password for everything! 1 key for every door is a terrible idea, on the chance you lose a key... also... Change your passwords regularly! If you find yourself hacked, change all your passwords! If you are attacked again, change your password again!

   
   

2. Delete your cookies now and then... Session hijacking (or cookie hijacking) means a hacker can "copy a session" (if there ends up being malware on your computer) without even necessarily knowing what your password is! If you are hacked, it might seem less obvious than changing your password, but deleting your cookies also will be important.

   
   

3. Have an antivirus program. Do regular virus scans.

   I was lazy for a period of time and also did not want to pay for an antivirus program (though I had in the past).

   I see this as a non-negotiable absolute must of cybersecurity for everyone now.

   -If I had had an antivirus program at the time, it likely could have stopped the ways I was attacked.

   You can research and research and research, compare... I chose BitDefender.

   You should do regular virus scans.

   -If you have an incident, it is likely worth deleting and reinstalling everything. At the least, everything needs to be scanned.

   
   

4. Consider a security key for extra security. I've chosen a Yubikey, I think still the best option. My email (and as many other things as I can attach it to) cannot be opened on a new device without using the security key.
   

   Requiring employees to use a Yubikey in 2017 is how Google stopped phishing attacks on its employees.

   -It is more difficult to figure out if that policy continues to this day, they have allowed some other options... Still, after researching, I think a security key (and in particular the Yubikey) might be one of your strongest potential lines of defenses against hackers.

5. Get a Password Manager.

   If you're not using the same password for everything and you are using difficult passwords (which is what you should do!)

   ... you will forget which password is used where. With a password manager, you only have to remember one difficult password! The password to the Password Manager. And/or... you can use your fingerprint or Security Key to log in.

   After a lot of research, I chose NordPass.

   -I had been using the same password for most things, prior to this attack... as I tried to remember my passwords for different things without a Password Manager as one of my earlier responses... honestly, I locked myself out of things a few times when I couldn't remember my password.

6. Check your Email Security Settings every now and then. This could be critical... is there evidence of device login from devices that are not yours?

   
   

7. Turn on Advanced Protection in your email settings (or anywhere). If the option is there, use it! I do think that it's for more than just "journalists, activists, and political campaign teams".

8. Switch things out if you get hacked... like... Change your SIM Card!

   It turns out, our phone system and text message might not be as secure as we might like to believe...

9. Hide Ownership

   It would be more secure if your phone number, if your email is not publicly visible. If that fits with your life, hiding your phone number and email might be a good plan! If you are hacked, it might even not hurt to be able to change these.

   
   

   For someone like me, I can't do that. Not if I want to be hired as a musician... Public visibility signals trust and also gives the way that people can reach out to me!

   -What I did do, however, is change the ownership of my YouTube channel to a different email address, which would be very difficult to find or access.... While I hadn't seen at the time that anyone had thought of this, I've seen a YouTube video recently where some suggests this.

10. Improve your habits. Most hacking attacks are a result of human error. Typically through some form of phishing!

Of course you might consider, "is a site trusted"? But much more than that. -Should you click on a link? Sometimes this can be sneaky, like a malicious unsubscribe link from an email.

Many YouTubers who have been hacked report having clicked on a file in an email where there was seemingly a sponsorship offer...

11. Use a better browser! You can read or watch reviews... Many of these from people who have spent a lot of time thinking about it conclude that the most used browsers like Google Chrome and Microsoft might fit into what they call the "spyware" tier of browser.

    You can make your own conclusions...

I decided to switch to the Brave Browser, after a lot of research/review watching.

It does a pretty good job at blocking trackers and ads.

12. Use a VPN? (Virtual Private Network) You will see people all across YouTube selling this idea (often with some sort of affiliate payment link).

    It could be one extra layer of security.

    A VPN basically encrypts your data through a tunnel and then sources elsewhere on the internet cannot see the original source, where you are coming from.

I tried the VPN from my anti-virus, BitDefender... there might be a better option!

But I didn't really like it. I found I had to keep turning on and off the VPN, as many sites reject your ability to use the site if you have a VPN on.

Traditionally it was thought that these were a tool used by hackers....

Research for yourself, consider if it might be a tool you might want to use! While the idea makes sense to me, I don't want to use a VPN myself right now.