101 Cybersecurity Tips for my Mom

Brian Sanchez
This book as written for my Mom. Really. It actually started as a list of Cybersecurity
checks for her because one day we found out that someone was using her network
connection. Knowing that I worked with computers, she called me one day and asked
me why her cable internet was slow. At the time she had only a few devices and most
were not even used. After a few questions I found that her roommates daughter had
setup their new router. I was skeptical of the settings and wanted to take a look. I
gained access to her machine and after a few moments I discovered that there were
more than 7 other devices logged into her network.
I found that not only was her Wi-Fi set to a low security setting but also that the
administrator password on the router was not setup. Mom gasped as I was rooted
around in her router and showed her the empty password fields. I then showed her that
there were other unknown devices logged into the router sharing her network. She said
she felt sick to her stomach knowing her neighbors were using her internet connection.
I made her painfully aware of the legal ramifications and possible consequences if
someone were to download something illegal on her network. She then asked me what
else she had missed. I felt horrible for her and fixed her router on the spot. I then
though that she needed a list of other things to check and perhaps a guide of how to
live her life when it came to the internet. And thus, this list was born and now Id
like to share it with you.
The digital world we live in is vast and touches every aspect of our lives. Think about
how much money and private information that is moved across a network. It makes a
perfect place for thieves and hackers to apply their knowledge anonymously. Dont
think for a moment that you are immune or just because you dont have a million
dollars you still have value. That value can be your e-mail contact list that trusts you,
your SSN or even simply your computer or internet connection.
This book is designed to bring your attention to the most critical points of
Cybersecurity that affect you and your machines. Remember this is a list of key points
that you need to be aware of. I wont waste your time by explaining how to make all of
these changes only just that you need to make them. There are tons of resources online
to walk you through making them step by step. Its is important that you learn the
basics. For example, when it comes to configuring your home router and locking down
your Wi-Fi its crucial that you understand how and why. You are responsible for
anything that transmits across that network and ignorance is no excuse in the eye of the
law. Is it really fair that you can be held responsible for your neighbors hacks into

your Wi-Fi and downloads illegal files?

I encourage you to Google the keywords in these bullet points and learn more. Or,
even easier, use Youtube and then search. You may be shocked. Dont think it cant
happen to you it can and probably already is. If you want to hear some horror stories
find my blogs!
The world of computers moves fast so I will make it a goal to update the version of
this book every 3 months. This book is current as of 4JUL15. If the point warrants
further explanation, run a search in YouTube.
Personal Computers, laptops and desktops
Id like to start at the foundation of our home or small business network. This is the
user endpoint and where the largest interaction takes place. Each of these bullet points
relate to every PC on the network and in some cases, every account.
-Use a password to log into your PC and do not share your account. You can make a
guest account for other users with their own password.
-Do not allow your main account to be the administrator account. Create a standard
user account for daily use and an Administrator account when you have to install or
make a change. If your standard everyday account has administrator privileges
anything you run had administrative privileges including a virus or malware.
-If you walk away from your PC, lock the screen. For Windows 7 just hit the
Windows + L keys.
-Create a Password recovery disk on a thumb drive. Go to control panel->User
Accounts->Create a password recovery disk.
-Create a restore points weekly. If your system is compromised or not working, you
can tell Windows to recovery from the last restore point you made. This is also great
if you have a virus or is your PC is working wonky, slow or simply not working.
-The first line of protection for your PC is to make sure its updated. Update the
Operating System, programs and Webrowsers.
-Patch your BIOS. Find the make and model for your PC and search Youtube to see
how. You should only have to do this once or twice for the life of your PC and once
done, its permanent
-Install an Anti-Virus (AV). There are some great free anti-virus programs out there
today. A trusted website for downloads is CNET. Or, AVG and Avast are a few great
free AVs. I used to work for a company that built the Point of Sales system for many
major burger places and hey all use AVG free. Be sure to install them but be leery of
selecting the paid version or installing unwanted programs. If you need help, search

Youtube for instructions. Oh and by the way, you should only have one AV program.
-The truth of any Anti-Virus program is that it has to learn how to recognize the virus
before it can quarantine it. This means the AVs virus definitions are at least three
months behind. Kasperskys Lab detects 315,000 new viruss a day1 so you can
imagine how long it takes to reverse engineer them and put them in a database AND
THEN update everyones AV definitions across the planet. The bet Anti-Virus tool is
you. If your system all of a sudden starts to run slow or act weird or unpredictable for
no reason, restore it to an earlier point.
-Beware of bogus We found a virus warnings. Know what your AV warning looks
like and questions any program or ad that tells you differently.
-Drive by websites that FBI Lock your browser wanting money to unlock them are
fake and an attack. You may be able to close them by pressing Ctrl+Atl+Del >starting task manager and ending the website.
-Turn off your machines when not in use. The same goes for tablets, smart phones and
your router. I have an electronic timer that I picked up at Wal-Mart for $20 that only
allows my router to be on for certain periods of time. My actual internet modem is
plugged into this device as well.
-MAC books and Apple iPhones get sick too. No system is safe.
-Test your system. www.eicar.org
. Should trigger even the most weakest of alarms. I never even made is past my
browser when I tested.
-Patching and updates. The longer hardware or programs live in the real world, the
longer hackers have time to find flaws and how to exploit them. Software needs
patching as well. Applications, anti-virus, websites and operating systems.
-Hardware (physical devices) run on firmware. Its needs to be patched to the latest
update. Routers, switches, BIOS, tablets, phones and laptops.
-Allow all of your devices to patch and seek out the ones that dont ask.
-Beware of USB flash drive's auto play feature or U3 technology. If you find a USB
drive in the parking lot, it may contain a virus and upload itself as soon as its plugged
into a device. There are several stories online where these devices were scattered
across the parking lot of a bank and soon, the hacker had access to the banks Network.
-If you buy a used PC or laptop or similar device, default and restore it to an original
state or buy a new hard drive. They have software that can clean a hard drive, but if
her is illegal file son it, you can still be held responsible.

Routers
Moving up to the network layer, your home router is next. It is also called a gateway
and controls communications on your network. This is the most critical device you
own and warrants special attention. Each router looks different and will take some
getting used to.
-Change the default administrators password IMMEDIATELY and remember, use
your passphrase (see passwords), I use my street address of
1234WestWaterfallChatanoogaTN45613. This way I remember what my uppercase
characters are and it allows me to use numbers as well. This password would take a
desktop 69 tredecillion years to crack according to
https://howsecureismypassword.net/
. Save and restart when you are done.
-Update your routers firmware. Again, refer to Youtube for make model and how to.
-Use 5Ghz wireless setting if your devices support it. It has a shorter range but there is
usually a very low number of neighbors that use this frequency. Wi-Fi frequencies are
similar to being is a room with 10 other people all talking at the same time. Its hard to
hear your signal if the entire apartment complex is using the 2.4Ghz. The 5Ghz also
has a faster throughput and a shorter range protecting you from people across the
street. If you find yourself using just the 5Ghz or just the 2.4Ghz disable the frequency
you are not using. There is plenty of information on your tube regarding 5Ghz and
2.4Ghz.
-If you are getting a weak signal, move your Wireless routers broadcast to a different
channel like 1, 6 or 11. Remember that there are many types of interference that effect
the 2.4Ghz channel. Things like power panels, microwaves and refrigerators.
-Use a strong Wi-Fi Password and the strongest security settings (WPA2-PSK (TKIP),
WPA2-PSK (AES), or WPA2-PSK (TKIP/AES at the time of this writing). If your
device doesnt use a modern security settings, its becomes a security risk and its
time to sell it. Again use a passphrase!
-Walk around outside to see just how strong (and how far away) you or someone can
see your wireless access point. Compare 2.4Ghz to 5Ghz.
-Enable wireless encryption if your devices support it.
-You should consider replacing if it does not support 802.11g.
-Never used a pre-owned router.

-Enable logging on your router. When you become more adventures, you can browse
the logs and see if you were or are being attacked.
-There are several Myths for configuring your router and wireless accounts.
Remember these DONTS (unless you are an advanced user).
-Dont disable your SSID. Sniffers can find it regardless and it just causes headaches
when you are adding new devices.
-Dont disable DHCP. Hackers can scan and spoof any IP that you are using
regardless. This also means dont limit the address pool or change the default range.
You will create a mess easy.
-Dont enable MAC address filtering. Hackers can see and spoof real MAC address
and again, you will be creating a mess.
-The best advice for your router is to simply turn it off when not in use. Just make sure
you save your routers configuration!
-Keep your router out of reach. Lock it up if you can and use a Wi-Fi extender. A
report released in 2013 says that 11 of the 13 on off the shelf routers are easily hacked
with LAN or WAN (physical) access3.
-Use a safe DNS source such as Open DNS4. When you type in a website URL like
Google, your Internet Service Provider uses their DNS to convert that name into an
IP address and your Service Provider does not care if the page is infected or
malicious. With Open DNS, inappropriate websites or site with adult context are
blocked. Not only does this make the internet safe for the family, but Open DNS also
blocks known malicious attack sites that auto download viruses.
-Restart your router once a month and check for firmware updates. They are numbered
so you can compare them to what your router has.
Passwords
A password is the first line of defense.
-Use more than twenty characters. Use a sentence or passphrase, not a word. A
passphrase is a long sentence of multiple words. Search Youtube for Create unique
secure passwords. I have a great training video that will help. A few years ago I ran
a PC LAN party called LAN Dogs that specialized PC games and along with that
security.
-Use uppercase and lower case characters, numbers and symbols.

-Avoid common words, phrases number sequences. If its easy for you to remember,
then its easy to guess.
-Should not contain any or your personal information such as dates of birth, family
names, SSN or phone numbers.
-Change every thirty days.
-Use a unique passphrase for every account.
-Do not write down passwords or give them out.
-Use a program such as LastPass, Keypass or 1Password.
-Test your password at https://howsecureismypassword.net/
-Same goes for pin numbers and phone logins. No common sequences or related
numbers to your personal information.
Unattended devices / Theft
-Do not leave your devices unattended. Theft is real, and your loss will be too. The
best way for a hacker to gain access is to have physical access to your device. They
always prefer to use the front door as its the easiest way to get into the house.
-We know that our devices valuable but so is its access, history and data it contains.
-Hang onto or do not carry debit or credit cards to prevent loss.
-Dont let people shoulder surf your phone or PC log ins or passwords.
-You your whole hand to cover the pin pad when entering your PIN, you know where
the numbers are and dont need to see it.
-Dont let others use your accounts even if it seems ok, like Fedex shipping accounts,
sending an e-mail out, PCs, Laptops or borrowing your phone.
-Dont use unknown ATMs or withdraw money from weird locations. Search
Youtube for Credit Card Skimmers from ABC News.
-Pull, push and jerk on debit card scanner to dislodge skimmers. Another value of
using the same ATMs is it will be easy to recognize skimmers or changes to the
interface.
-Better yet, go inside to pay and use cash or credit.
Controlled access to machines

-Use the same PCs, ATMs and personal devices.

-Use strong passwords on your own personal devices.
-Dont allow physical access to your devices. This included Laptops, PCs, Tablets,
Phones and networks, access points and wireless network.
-Dont allow people to connect to your wireless, Hotspot or plug into your router or
switches.
Data backup and recovery
There is a saying in the IT world that is You are only as good as your last backup.
Just like having car insurance you dont wait until you need it to purchase it. PCs die,
hard drives fail, laptops go missing, it happens. I have pictures from when I was 5,
how can I replace that?
-Use an external hard drive and back up your files. Daily, weekly monthly. Ask
yourself, what can you afford to lose? Google WD My Book for a great product.
-Windows already sets up a file directory that organizes Libraries into Documents,
Music, Pictures, and Videos. If you move your files into these directories, it makes it
easier to ensure that when you make a backup that you get everything.
-Move the backup offsite to prevent loss by fire, flood or theft. Use a relatives house
or a safety deposit box. Encrypt your data first!
-Encrypt your device, your data and your log in. Use a strong password.
-Build and use a NAS (Network Attached Storage). Google it.
-Dont use online backups. Online storage locations are not private. The company
owns those and have full access. If that company is subpoena in court, then the law has
full access to your records. Keep privet things private. I suggest you encrypt your data
prior to uploading it.
-Encrypt your data. If its lost or stolen you have some protection. This is especially
true on mobile devices like USBs, flash drives, SD cards, external Hard drive
storage, Laptops, Tablets, cell phones or even online storage sites.
-Be conscious of what you plug into your PC. Malware and virus can transfer across
USBs, cell phones and other storage devices. Dont use borrowed or found USB
cords or chargers? They can contain SD cards and record your data.
Going online

-Search using the incognito setting on your browser. Search engines gather your
search data and history to predict your next search and more importantly to bring up
the correct sponsored ads. These values are stored and mined to lead to you preferred
sellers.
-FBI Computer Locked Virus. If you hit this webpage, use Ctrl+Alt+Del and start
Taskmanger. Under the Applications tab, select the website listed and hit End Task.
-Tip Top security lists Chrome has been listed as the safest browser2.
-Use Chrome for your personal browser to check e-mails or log into bank accounts.
-Use another web browser like Firefox to browse the internet to keep it separate from
your private chrome browser. I have three browsers icons on my desktop that I use.
One for a remote work connection, one for e-mail and one for surfing.
-Book mark your banks URLs. Never trust links. Be aware of what your URL should
look like and if it look different this time, dont log in.
-Clear your search history daily or weekly. If you dont know how, find out on
Youtube.
-Dont use toolbars. Just, dont. Or any other browser add on.
-Do not allow your browser to store logins, passwords or links. This data can be
mined by malicious websites or a virus.
-Dont trust bitly links from an unknown source or links that dont reveal their
destination. Hover of it before clicking. Or, you can use a links scanner. Copy and
paste the link into a site like URLVoid or MyWOT.
-VMWare is a free download that lets you install any operating system that run in a
windows safe environment on your PC. It simulates a PC running on your PC. You can
install a separate copy of Windows 7 and save it the use it to surf online. If your PC
gets a virus, you simple restart the machine. Security professionals will use a virtual
system and allow it to get infected then let the virus detonate to see what the effects
are safely.
-Check to see if a file or website contains a real virus by going here
www.virustotal.com
.
-Run a new website though www.siteadvisor.com
. To see if it infected or malicious before you visit it.
-Don't buy anything from a spammer who repeatedly send you e-mails or messages.

-Don't Accept Offers of "Free PC Scans" That Pop up When You Use the Internet.
-Don't Let Spammers See Your "Out of Office" Replies.
-Be careful with Cybercafe computers, public computers or other peoples PCs that
you know especially if they are promiscuous online (use public Wi-Fi or dont havent
read this book).

E-mail
-Never use public or private accounts for personal data. If you use a school or work email, remember that its not your data, it belongs to the schools. There is not privacy.
-Public e-mail servers such as Gmail and AOL are not private. The company owns
those and have full access. If that company is subpoena in court, then the law has full
access to your records. Keep private things private.
-If the mosquito is the carrier of malaria, then e-mail is the carrier of the virus.
Malware attacks, phishing, whaling, spamming, e-mail is the foundation of both digital
communication and malicious activity.
-No e-mail is safe. Encrypt your messages. Gmail can do this for free. Remember that
e-mails are sent in plain text and can be read in route to the receiver. Its like sending
a post card vs a sealed letter.
-Dont reply to e-mails if they dont make sense or are unexpected. If its a
compliment, attack or an angry e-mail, they a designed to elicit a response which
allows the virus to alert the hacker that your e-mail account is real.
-Dont click on weird links unless you know someone is sending you something. Even
then, scan that link. Some people dont understand that a popular video, site of joke
can contain a virus or attack. Also, even your trusted friends or familys account can
get hacked. If you see a Viagra link from you son, delete it.
-Be thoughtful of what e-mail service your using (AOL, Gmail, etc) and its history
with security and breaches. Send your information carefully. Consider moving to a
secure e-mail service.
-Use a strong passphrase.
-E-mail is insecure by default because it is more like a postcard, not a sealed

envelope. Emails are unencrypted and sent in plain text.

-You can turn off the e-mail preview pane in Outlook or Outlook Express If the
message contains a virus it could detonate simply by scrolling through your slit. Never
click on a suspicious e-mail.
-Your inbox is a screening tool.
-Dont read e-mails if you dont know who they are from.
-Dont click on links if you are not expecting it or dont trust it.
-Dont run file types that end in, .exe, .zip or .msi unless you know who they are from.
They will most always create viruses.
-Dont follow links that take you to company websites and ask you to log in unless you
are expecting it.
-Create several e-mail boxes to screen and ghost yourself. One should be used for
admin purposes like logging into Linkedin, Facebook, websites, GoDaddy and gaming
accounts. Another for business and professional contacts. And yet another for a
personal, close friends and family.
-Use a super dumb long e-mail name to create confusion and a smoke screen. Give
these as a disposable e-mail address. When a I buy something at a store and they ask
me for my e-mail I say no thanks, or giver them
thesearenototthedroidsyourlookingfor@gmail.com
. The will give up halfway through.
-Use a mail client for easy management. Outlook or Thunderbird for example.
Trusted devices for trusted networks
-Dont connect to Wi-Fi networks that you dont trust. If you do, use a disposable
device or a Virtual Machine and an external NIC.
-Use one of your disposable e-mails if required. Expect Spam.
-Dont log into PCs and devices that you dont own.
-Dont use public devices, PCs or networks. Hackers use them and lay booby traps.

-Dont use USB cable or chargers that arent yours. There are devices that can record
your data and log your passwords.
Social networks and info
-Dont reveal your location or that of your family. Be conscious of posted information
or live pics that have a background especially if you are out of town.
-Some devices tag a Geolocation to your pictures. Disable it.
-Your identity is at risk with social media, Personal information freely distributed and
likewise, fake accounts gain your trust. Dont put faith in the high security settings, by
its nature a social media is designed to share your information. Hence the name
social.
Debit cards
-Use credit instead of debit. Debit cards pull cash directly from the account. Credit
cards have specific protection laws that can allow stolen funds to be disputed and
easily returned. In the case of T.J. Maxx data breach in 2007, it took debit card user
months to get their money retuned as opposed to the credit card users that got new
cards and reverse charges in a few days.
-If you cant use credit, cover the whole keypad with your hand when entering your pin
number. Even to the point where you cant see it. This prevents shoulder surfers and
skimmers from seeing you across the street with binoculars.
-Use well known ATMs that are in well-lit places to avoid skimmers.
-You cant always see a skimmer. Dont use gas station pumps. The high traffic and
openness make them valuable targets for skimmers. Go inside and use cash or credit
-I ate at a restaurant last week and they wanted me to pay with a wireless device at the
table. No thanks.
-Dont buy things online unless you trust the source. The web is a dangerous place.
Even if you buy something from your laptop in your home on your wireless network,
the data can be captured using a man in the idle attack.
-Never use public Wi-Fi to make online purchases. Ever.
-Disable links to your secondary accounts. I have the options to allow my bank to
withdraw from my savings account should I overdraft. But his also allows thieves to
access to not only my operational account, but my savings as well.

-Spoof your public facing account. Walmart sells debit cards that allow you to use
them as credit or debit cards. These cards have a primary and a secondary savings. I
use my Walmart account for my direct deposit from work and move the bulk to the
saving portion thus protected from thieves. I only transfer funds if I know that I am
going to be paying bills and keep no more than $100 in the main account so I can have
spending cash.
-Along with my Walmart money card, every pay period I withdraw cash and move it
to my bank account that I use for savings. I never use my bank account debit card.
Ever. If I need money from savings for an auto repair, I go to the bank and make a cash
withdraw.
-Paypal comes with a debit / credit card option. Its easy to transfer money from your
bank to add funds but be careful of the auto withdraw options that allows Paypal to
withdraw from your bank account.
-With some online financial accounts, you can use a virtual account number that is
disposable to pay for items.
Mobil device (Smart phones and tablets)
-Apps can hack and transmit your private data and geolocations. To hackers, they are
the back door to your home.
-Phishing and ransomware attacks are just as prevalent on mobile devices as they are
on a PC. Be wary with lesser known Apps even if you pay for them. Google them for
security and known issues first.
-What does an App get access to on your hone? When you install an App it shows you
in what you grant it access to when you install it. Why does a calculator need access to
your personal image folder for?
-If an App can make you believe its a trusted source, then you will click on it and it
can execute whatever malicious intention that it has.
-Ransomware is increasing for mobile Apps. Think before you click or it may cost you
$500 to unlock your phone (dont pay, default your phone. These are most commonly
hidden in a video player for a specific website.
-Resist using your mobile device to bank with. Texts are ok but an unwanted App can
steal the unencrypted bank log in from your memory and send it out via text message.
This is called a Man in the Browser attack. Thieves can basically own your cell
phone and desktop.
-Some attacks using malware never really took off. Like the class known as the

Crypto Mining attacks. They look for digital currency on your phone like Bitcoin.
Even if you dont use Bitcoin, they can still attack. If your phone runs out of battery
life fast or seems slow, check your running Apps and you may find it.
-Its said that the Y generation is the sharing generation. Just remember that once its
online it cant be gotten back.
-The top 10 flashlight Apps in 2014 were found to gain access to your personal
information and send out to a main location via your cell connection without your
knowledge. This includes Geolocations.
When you buy a car there are many types of makes and models. Some cars have great
gas mileage, some have comfort and space. Smartphones and tablets also have options
inherent to the phone itself, but also to the service that your provider offers. Services
you should have on your smart phone should be:
-The ability to encrypt of remotely wipe the phone in case of loss or theft.
-The ability to encrypt your data when uploaded to your PC.
-While rooting or Jail breaking your phone seems cool, you are defeating some
internal security measure that may allow unwanted Apps to install. Just as you never
want your primary PC login account to be an administrator, if your phone is rooted,
then any unwanted App has full access.
-Limit your mobile number to the public. Scanning bots gather data and flood
cyberspace with unwanted calls and texts. Dont reply.
-Disable all connection abilities if not in use. Bluetooth, Wi-Fi and hotspots.
-Wipe your devices prior to selling them.
-Act quickly if your device is lost or stolen and call your service provider.
-Do you know your devices IMEI number? Learn it.
About the author
Brian Sanchez has a BA in Network Engineering and has his CCNA and Security+
certifications. He is actively employed as a Network Administrator and author. He
currently works or the largest privately held business is North America whom is also
the largest car buyer in North America. He maintains the network and wireless access
and security for more than 8,000 locations in a multitude of countries including the US,
Ireland, Scotland, UK, Spain, Germany, PR, Hawaii and Canada.

-Kerpaskys Lab Online article 2013 http://www.kaspersky.com/about/news/virus/2013/number-of-the-year

-TipTopSecurity 2015 http://tiptopsecurity.com/safest-web-browser-chrome-firefoxie-opera-safari-comparison-chart/

-Cnet 2013. http://www.cnet.com/videos/home-wi-fi-routers-are-easily-hackablesays-study/
-Open DNS https://www.opendns.com/
Legal stuff
Some names and identifying details have been changed to protect the privacy of
individuals. This is a work of fiction and personal opinion and personal experience.
Names, characters, businesses, places, events and incidents are either the products of
the authors imagination or used in a fictitious manner. Any resemblance to actual
persons, living or dead, or actual events is purely coincidental. I have tried to recreate
events, locales and conversations from my memories of them. In order to maintain
their anonymity in some instances I have changed the names of individuals and places,
I may have changed some identifying characteristics and details such as physical
properties, occupations and places of residence. Although the author and publisher
have made every effort to ensure that the information in this book was correct at press
time, the author and publisher do not assume and hereby disclaim any liability to any
party for any loss, damage, or disruption caused by errors or omissions, whether such
errors or omissions result from negligence, accident, or any other cause. This book is
not intended as a substitute for the legal advice of lawyers. The reader should
regularly consult a lawyer in matters relating to his/her small business ventures and
investments. The information in this book is meant to supplement, not replace, proper
education. Like any startup or business venture involving investment, money, and other
financial factors, starting a small business poses some inherent risk. The authors and
publisher advise readers to take full responsibility for their safety and know their
limits. Before practicing the skills described in this book, be sure that you are well
insured, and do not take risks beyond your level of experience, aptitude, training, and
comfort level. The company and band names in here represent themselves and in no
way shape or form do I promote or condom them. They have all rights reserved.
2014 The Paper Napkin Idea Company. All rights reserved 1st edition.