How to Protect Your Privacy Online: Cyber Security Tips

Whether you shop, work, or otherwise spend time online, your private data might be at risk. Data breaches, identity theft, and account hacks have become so frequent that many Internet users raise questions about cyber security and online safety.

While big companies improve the privacy protection measures for their services, it is also important that users take specific precautions to help prevent their sensitive data like Social Security numbers, ID, or financial information from being hacked. So how do you protect your privacy online?

To help you answer this question, we’ve interviewed Bryan Seely, a world-famous cyber security expert, ethical hacker, and the only person to ever wiretap the United States Secret Service and FBI. In this video, Bryan explains cyber security violations and what can protect your vulnerable personal information.

Watch the video to uncover cyber security tips on how to protect your privacy online:

Questions discussed with a cyber security expert:

• How to protect online privacy from hackers?
• How often should you change your password?
• What password manager to use?
• Where to report a cyber security violation?
• Recent ransomware attacks

Introduction

Bryan: My name is Bryan. I live in Seattle, Washington. I am an ethical hacker, a cybersecurity expert. I do a lot more public speaking now than I used to mainly to educate and try to not influence, but give people an idea of what they can do with technology. I didn't set out to be a public speaker. I accidentally became one trying to solve a problem on Google maps and Yelp and white pages and attacking review fraud. And that kind of thing.

How to Protect Online Privacy From Hackers?

Michael: A lot of things that are posted on our site have to do with identity theft with the vulnerability of accounts, hacked accounts, hacked financial institutions. What are the suggestions that you could make to our consumers?

Bryan: Well, you can get really far into the weeds when trying to protect your own privacy. If I'm trying to figure out your information. Because if you are my target, I want to know your cell phone number. And I want to know your email address, full name, date of birth, social security, home address because if I need to pretend to be you, I need to know that stuff.

Check government benefits, make sure that any... Depending on the country, you could have a lot of different types of benefits coming to you or welfare, Medicare, Medicaid, whatever those things are, make sure you go and ask the office people, hey, how do I share my account? Is there a security thing? Look that stuff up.

Use different passwords for every account. There's a ton of different things out there, but the two-factor is the most important because every single day websites get compromised.

Like let's say Gmail, all the usernames and passwords get put into a website that you can then search to see if your stuff's been compromised and you can see… My MySpace page was breached and all my credentials and my old passwords and criminals will then go and try them. So that's why you have to change them because they have an automated machine sitting there trying 10,000 passwords a second or more.

How Often Should You Change Your Password?

Michael: How often do you recommend for people to change their passwords for financial institutions?

Bryan: If you've never used that password before, if you use the password generation program and you use two-factor, six months, maybe a year. I mean, they'll probably ask you to change it more often than that, but if you use a password generator within a password manager, like LastPass or KeePass or whatever, they'll give you a suggestion that's absolutely impossible to remember and they'll keep it for you. And then you go and set up the two-factor with...

Avoid text messages as the last resort. If you can use Google authenticator or Microsoft authenticator, there are apps that do that two-factor thing much easier, much faster, and it doesn't require using another phone number. And you can just get it right on your phone and type in a couple of things and you're done.

What Is the Best Password Manager to Use?

Michael: When I use the password manager, how do I know the password manager I can trust? How do they research which password manager to use so it doesn't click my data itself?

Bryan: If you typed into Google offline P-A-S-S, the first thing that pops up is an offline password manager. And then there's like 35 best offline password managers. There's like PCMag.com is a fairly recognizable brand name, more, CNET great, Wired.com, Amazon, maybe, depending because they have an agenda to sell stuff. So KeePass is an offline password manager. It gets the highest score. That's it.

You don't need another one if you've got one. That's the one I know is recommended by a ton of people. One Password, it's not quite as high on their score. You can, they're all free. And also there's a paid version of some of them.

Where to Report a Cyber Security Violation?

Michael: Let's say someone is breached. Someone's security is compromised. Where shall this person go, what are the right agencies to report issues online basic security?

Bryan: If someone gets access to your username and password and then takes over stuff, I would start with the email address of whatever gets all of your mail. If you have multiple email addresses, you have to just do them one at a time.

Start by taking that over, making sure that you have that secure, change the password, disconnect any devices that might be automatically allowed to log into the account regardless of the password. So you can go into account security on Gmail or Yahoo or whatever. See who's allowed to log in, where they log in from. Make sure there's nothing left in there except for the device you're on.

Change the password, make sure of the two-factor setup, then start securing things and changing passwords, download a password manager if you don't have it, and start assigning new passwords for every single site.

So that way there's not much you can do from a reporting standpoint because they don't know who it is. Even if you know who it is, it's very difficult to go to court. Like you can say, my wife hacked my phone during our divorce. The judge will just look at you like how can you prove it?

You can prove that an IP address is connected, but you can't prove she was doing it then. And even if you had her on videotape, it's still not even going to be considered. The amount of evidence it would require, I don't even know what it is. I haven't seen anyone prosecuted for it. It's just not... That's just not how it works.

Unless you do something horrible like child pornography, something like that, then they will come after you with everything they have. So change your stuff. Don't waste your time with law enforcement unless you're a business that is breached with ransomware or major financial theft, then you report to the internet crimes, FBI website, their portal, local law enforcement. And they'll tell you where to go from there.

What Are the Recent Ransomware Attacks?

Michael: Are there any updates that you can share regarding ransomware attacks that the United States has or recently went through? They're not stopping, they're continuing, but are there any recent events or something you can share?

Bryan: They're getting more sophisticated and they're doing more damage. Not only are they demanding payment to then get access to your files. They're also threatening to release all of your files to the public if you don't pay as an additional incentive or contact your customers and say you had a breach, you should yell at them.

If you don't pay the ransom, you probably won't continue to be a company if you didn't do a proper job, backing things up and lots of small businesses who get hit with ransomware, you don't hear about. And they fail and they don't come back. And it's devastating to small companies, big companies have better backups and they have more people or they get special treatment. Or they'll get FBI help or the FBI will after a certain amount of money, it's not a policy to say we're only taking money because we're being bribed. It's more like they only have enough people to go after really big crimes.

And if you lost $10,000 in your bakery and you're forced to shut, it's not going to make front-page news. It just isn't. So it's unfortunate. So the best way for us as powerless consumers is to band together, to help each other, to educate others, to tell people, oh, hey, you shouldn't probably be doing that or you need to go fix that thing. And there are lots of different ways that people go about and do it.

But ransomware is going to continue to evolve. They're starting to offer smaller ransoms to decrypt one or two of your files. So let's say they take all of your files from your computer over the last 10 years, but you want to get one of those things back and you don't care about the rest, they might offer you just, hey, for this one page, you can pay a hundred dollars instead of 10,000 and then you might do it because it has your social security number, or it has a tax form that you need.

For trying out what works in their business. And they're seeing who pays and who doesn't. And if it doesn't work, then they try something else. We're going to be doing the same thing on our end to try and stop them.

Conclusion
Cybersecurity has become an important part of the online experience. You should always be mindful of what you click on and share online to protect your private data from hacking. Simple things like changing your password and setting up a two-step authentication make it hard for hackers to steal your personal information. Make sure to follow the cyber security tips and stay safe online.

We thank Bryan Seely for his expert insights on cyber security. If you’ve been hacked or would like to alert an issue, you’re welcome to leave a review on our website. For more expert tips and interviews, follow us on YouTube.