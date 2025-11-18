Once upon a time, in the ages that were sometimes called the “good old days,” it would have been considered a leak of personal data if, let’s say, you accidentally lost your passport or checkbook on the street. But now it’s 2024, our lives have long and firmly moved online, and the internet is no longer the serene paradise lagoon it was decades ago…
There is no doubt that cyber security is a proper and necessary thing, but, like any sphere of human activity, it has managed to acquire so many rumors, myths and recommendations that it is difficult to distinguish the truth from the fake, and current useful advice from the already outdated. However, people are trying. Like, for example, in this wholesome thread on the AskReddit community.
#1
Read before you click. Think before you click. Beware of common threats.
You are your own best antivirus. You are the weakest link in your cybersecurity.
#2
Don’t reuse passwords and change them often. If one site is breached, if your accounts are associated with your email address, then they all are.
Edited by writer to insert a comment from Aleksandr Valentij, Cyber Security Lead at Surfshark:
“Frequent password rotation isn’t a good idea and is already not recommended by the NIST organization and the InfoSec community overall. At the end of the day, it’s a counterproductive practice with dubious benefits. When a user has a lot of accounts and has to rotate passwords, they end up using weak passwords because of the lack of imagination.
“A better piece of advice is to use password managers and generate longer than 12-14 character passwords unique to each protected resource. Also, necessarily use 2-factor authentication (2FA) wherever possible. Protecting an account with a password only in 2024 – not a good idea. For especially sensitive accounts, physical security keys are recommended such as Yubikey, Google Titan, Thetis, Feitian, SoloKeys, etc.”
#3
If your url says https://, the websites secure, if it’s http://, it’s not secure. Don’t put any personal information into an insecure website
Edited by writer to insert a comment from Aleksandr Valentij, Cyber Security Lead at Surfshark:
“I don’t want to scare you too much and cause paranoia, but that “padlock” SSL certificate can be bought for as little as $9 and added to any malicious website. So just that the HTTPS lock exists doesn’t guarantee a web resource’s safety all on its own. It just shows that data coming your way will be encrypted. There’s no difference whether you’ll get a virus from an encrypted channel or not.
So you shouldn’t relax just yet, but you should click on that “lock” to examine the certificate – who was it given to, are the recipient of the certificate and the website name identical, etc. But yes, the general rule is that HTTP is totally trash and you should by no means give your sensitive info (for example login/password) to a website with a bare HTTP.”
#4
Make certain to have your important stuff offline backed up, totally isolated from the net. Worms, virusses, ransomware can hit online but just wipe the lot and give them the finger. Reload and be more careful.
Edited by writer to insert a comment from Aleksandr Valentij, Cyber Security Lead at Surfshark:
“It’s also advisable to encrypt those backups or store them in a drive with a physical encryption, such as disks with PIN code buttons or fingerprint protection.”
#5
VPNs and data encryption should be top priority for anyone starting online businesses or handling money in general on the internet
#6
Common sense. That big ugly yellow download button that obv doesn’t look like it fits the theme of the website is not the download button.
#7
Older people are extremely susceptible to some of the better email scams like the ones telling you that you need to review something on your amazon or paypal accounts. It’s best if there’s a problem to just go to the website in their browser to see.
#8
Deactivate or deleted old email accounts.
#9
If you receive an email from Apple, PayPal, Amazon, etc. that you think be phishing; hit forward check the email address. It show the true the email address. If it looks different, forward to the real company’s anti-fraud email. You phasing it by searching the company’s name and report phishing ie Amazon report phishing.
#10
Don’t use your debit card to buy online. If that gets compromised the money coming out is hard cash. If its a credit card it’s on the credit card company to get their money back on fraud charges. This can take a long time.
Edited by writer to insert a comment from Aleksandr Valentij, Cyber Security Lead at Surfshark:
“It’s best to use single-use virtual cards for online purchases. For example, Revolut and other payment platforms have them.”
#11
If you post a picture outside or inside near a window or inside in a publicly accessible building, it doesn’t matter what precautions you take, people can geolocate your ass and doxx where you were and thus where you probably are
#12
The advice I usually give:
* As others have said,. safety and cyber-security needs to be in the forefront of your mind all the time. Every. Single. Thing. you do on a computer, you should be slowing down a little and asking “Why am I doing this thing?”… “Is it necessary?”. .”Is it safe?”..
* Keep everything updated. Your OS, Browser, Apps, etc. Updates fix security holes. Don’t be “that guy” who never updates anything. Including your Motherboard BIOS or other Firmware (such as your WiFi-Router or Modem Firmware). Any or all devices that you have that have some sort of “Check for Updates” button.. you should be checking and reading what the update fixes. You might be surprised at how deep down the Security fixes go. (Example:.. Dell Laptop BIOSes have had INTEL CPU Security fixes in them nearly every release for years now).
* Don’t login with a Local Admin account. Create a different account (example,. you have a primary account named “asmith” and an Admin account named “asmith-admin” … when you’re logged on as “asmith” (that does NOT have Local Admin rights). .and you get a popup saying something wants Admin-Rights,.. review what that thing is (is it OK?).. and use your “asmith-admin” and password to allow it.
* Use common-sense and don’t click on stupid s**t. Don’t open unknown Emails. Don’t surf dodgy or risky websites. Don’t respond to unknown friend-requests or unexpected Messages. Etc (again— Cybersecurity should be forefront in your mind. Any thing unexpected your computer does, you should be asking “Why is it asking me to do X_Y_Z thing?”)
* Don’t install more software than you have to. Keep things as “minimal” as you can. The more and more software you install,. the wider and more diverse your attack-surface becomes (and the more things you have to maintain and update). It’s far better (from a security standpoint) to keep whatever system you’re using as “factory-original” and “minimal” as possible. Install software if you need it.. but don’t go overboard installing every little “helper-app” that every yahoo on the Internet forums says you “need”. You likely don’t.
* If you need to do risky things.. do it on a more secure OS (such as an iPad or Chromebook or read-only bootable Linux USB or something like that. Don’t put your primary system at risk.
If you’re doing all of the above.. then the necessity of running anti-malware of anti-virus is far far reduced. (note: I didn’t say “eliminated entirely”.. cause I know someone is going to complain or say I’m recommending to NOT run anti-virus. That’s not what I’m saying). Anti-malware and Anti-virus programs should be 3rd or 4th or 5th down on your list of things that protect you.
If you’re NOT doing the above things…installing Anti-Malware or Anti-Virus and expecting it to somehow “magically protect you” (from your own sloppy or lazy behavior).. is ridiculous and nonsensical.
#13
-Use a password manager.
-Think before you click. (Did I hover the link to preview the URL? Is this REALLY a Nigerian prince?)
-2-Factor Authentication is your friend. Keep it simple with 1 platform if possible.
-Utilize browser add-ons and extensions to tailor your experience with ad/script blockers. Added benefit of privacy.
-Explore VPN options, for privacy’s sake.
-Malware/virus protection.
#14
In email, especially at work, hover over a link and see the domain name makes sense before clicking. It should be your company’s domain name or the domain name of the company you are working with.
I will literally not click on a link in an email from my bank or other financial institution if it is not a link directly to their domain. I stop doing business with banks that use a 3rd party domain for email links.
#15
Don’t download programs from sites you don’t trust. Use app stores where possible.
Macs and Linux boxes are not immune to malware, do not treat them as such.
Use password managers where possible.
Use 2 Factor Authentication where possible. Avoid SMS-Based 2FA
If you download script files (eg: .bat, .ps1, .py), try to read it before running it. If you can’t read it, see rule 1.
Watch what you click and exercise scepticism. No, there are probably not 36 model-looking singles in your area.
Edited by writer to insert a comment from Aleksandr Valentij, Cyber Security Lead at Surfshark:
To work out if your details have been stolen in breaches you can link this tool as well.
#16
Password managers are extremely helpful, look for the little padlock in the URL bar so you know the site is secure, be very careful how much information you post on social media, have a firewall/internet security, use a VPN
#17
Be wary when you click on links from emails.
#18
You don’t need to be a cyber security expert to know that you shouldn’t pirate games and that you shouldn’t run unknown programs as administrators
#19
Make sure you know who you are talking to online, what the security level is of what you are using to communicate, and keep an eye on your surroundings. “You are your own best antivirus, you are the weakest link in your cybersecurity.”
#20
If you are going to enter sensitive information online close your webrowser and then go order pizza.
Each tab talks to your webrowser, if something malicious is going on a website can get your info from a different tab. Plus closing all tabs shuts down malicious cookies.
Edited by writer to insert a comment from Aleksandr Valentij, Cyber Security Lead at Surfshark:
“Closing all tabs doesn’t clear all malicious cookies unless you were browsing in incognito mode. For that, you need to clear the browser cache.”
#21
Change passwords often. Store them in a file offline.
Learned this after the My Fitness Pal databreach.
