Part 4: Daily Security Habits

🗺️ Series: Overview • Part 1: Recognizing Scams → • Part 2: Essential Tools → • Part 3: Network Security → • Part 4: Daily Habits (current page)

⚠️ Disclaimer

I’m not a certified security professional or lawyer. I’m just sharing my experience and security habits - things I try to follow myself and urge my mom to practice as well. This is not a professional security consultation, nor a legal advice. Your situation may differ. When in doubt, consult with qualified paid professionals.

Security isn’t just about tools and configuration - it’s about daily habits. This final part covers the everyday practices that keep me safe online.

🎯 Bottom Line

Security is a journey, not a destination. Small daily habits compound into major protection over time.

1. I Don’t Trust Free Stuff

There’s no such thing as a free lunch - especially on the internet.

The USB Stick Trap

Scenario: You attend a conference. Someone gives you a free USB stick with “marketing materials.”

What could go wrong:

• USB stick contains malware
• Automatically runs when you plug it in
• Infects your computer
• Spreads to your network

💀 Real Attack

The Target data breach (2013) started with a compromised HVAC vendor. Hackers infected their system via a phishing email, then used that access to break into Target’s network.

Cost: 40 million credit/debit cards + 70 million customer records stolen, $18.5 million settlement

What I Do

Free USB drives:

• Never plug unknown USB drives into my computer
• If I must check it, use a dedicated air-gapped machine
• Or just throw it away

Free downloads:

• Only download from official sources
• Check URLs carefully (adobe.com vs adob3.com)
• Scan everything with VirusTotal

Free WiFi:

• Use VPN on public WiFi (more on this later)
• Don’t access banking on public WiFi
• Assume everyone can see your traffic

2. How I Taught My Family

Security is only as strong as the weakest link. When a family member gets hacked, it affects everyone.

My Annual Security Chat with Mom

Once a year, I sit down with my mom for 30 minutes and we review:

• Recent scam trends (what’s new this year?)
• Her password manager - still working well?
• 2FA status on important accounts
• Any suspicious emails/calls she received
• Practice: “What would you do if…” scenarios

🔑 Pro Tip

Don’t make it preachy. Make it conversational. Share your own mistakes. Make it light and practical.

What We Talk About

With elderly family:

• Phone scams (IRS, tech support, grandparent scam)
• Email phishing
• Social media safety
• How to verify if something is real

With kids/teens:

• Social media privacy settings
• Stranger danger online
• Protecting personal information
• Cyberbullying awareness

With everyone:

• Password manager basics
• How to spot phishing
• When to ask for help

Set Up a Security Code Word

My mom and I have a code word. If she gets a suspicious call claiming to be me asking for money, she asks for the code word.

No code word = hang up and call me directly.

3. I Trust My Browser

I trust my browser and keep it updated. Browsers are the first line of defense.

When My Browser Warns Me

If Firefox/Chrome/Safari/Edge shows a security warning, LISTEN TO IT.

Common warnings:

• “This site is not secure”
• “This connection is not private”
• “Deceptive site ahead”

🔐 Important

When I see a browser warning, I don’t click “Advanced” and proceed anyway. I just leave.

I Keep My Browser Updated

Why browser updates matter:

• Fix security vulnerabilities
• Improve phishing detection
• Update malware protection
• Patch zero-day exploits

How I update:

• Most browsers auto-update
• Chrome: Menu → Help → About Google Chrome
• Firefox: Menu → Help → About Firefox
• Safari: Update with macOS
• Edge: Menu → Help & Feedback → About Microsoft Edge

🔐 Important Note

Internet Explorer was discontinued in 2022. Anyone still using it should update to Edge immediately!

Browser Security Settings I Enable

Chrome/Edge:

• Safe Browsing (Enhanced protection)
• HTTPS-Only mode
• Block third-party cookies

Firefox:

• Enhanced Tracking Protection (Strict)
• HTTPS-Only mode
• Delete cookies on close (for high security)

4. Virtual Machines for Risky Browsing (Advanced)

This is over the top for most people, but I do this when testing suspicious software.

What Is a Virtual Machine?

A virtual machine is a computer inside your computer. Like a sandbox.

If the VM gets infected:

• Delete it
• Start fresh
• Your actual computer is safe

When I Use VMs

• Testing downloaded software
• Visiting sketchy websites
• Opening suspicious files
• Security research

Software I use:

• VirtualBox (free - Mac, Linux, Windows)
• VMware Workstation
• Parallels (Mac)

🤷 For Most People

You don’t need this. Focus on the basics (password manager + 2FA). But if you’re tech-savvy and want maximum protection, VMs are great.

5. How I Handle Social Media

Social media oversharing is a security risk.

What NOT to Post

Vacation announcements:

• ❌ “Heading to Hawaii for 2 weeks! So excited!”
• ✅ Post photos AFTER you return

Why: Burglars monitor social media for empty houses.

Personal information:

• ❌ Birthday, birthplace, mother’s maiden name
• ❌ Pet’s name, first car, first school
• ✅ Keep security question answers private

Why: These are common security questions.

Real-time location:

• ❌ Checking in at every restaurant
• ❌ Geotagged photos in real-time
• ✅ Share locations selectively with trusted friends

Financial information:

• ❌ Screenshots of bank accounts
• ❌ Complaining about money problems
• ✅ Keep financial life private

💀 Real Attack

A friend posted on Facebook about going on vacation. Their house was burglarized while they were gone. The burglars literally admitted they found the target on social media.

Privacy Settings I Use

Facebook:

• Posts visible to “Friends only”
• Hide friend list
• Disable facial recognition
• Limit past posts
• Review tags before they appear

Instagram/TikTok:

• Private account
• Don’t accept followers I don’t know
• Disable location services

LinkedIn:

• Don’t share full resume publicly
• Hide connections
• Turn off activity broadcasts

6. Online Shopping Safety

E-commerce is convenient but risky without proper precautions.

Never Use Debit Cards Online

Use credit cards instead:

• Credit cards have fraud protection
• Debit cards drain your bank account directly
• Much harder to reverse debit transactions

Payment Method Hierarchy (Best to Worst)

1. Virtual credit card numbers (best)
   • Some credit cards offer one-time-use numbers
   • If stolen, useless after first transaction
2. PayPal / Apple Pay / Google Pay (excellent)
   • Extra layer between merchant and your card
   • Merchant never sees your card number
3. Credit card (good)
   • Fraud protection
   • Easy to dispute charges
4. Debit card (avoid)
   • Direct access to your bank account
   • Harder to recover funds
5. Wire transfer / Zelle (never for strangers)
   • No fraud protection
   • Instant and irreversible

🛒 What I Do

• All online shopping: Credit card through Apple Pay
• Sketchy sites: Virtual credit card number
• Untrusted merchants: PayPal
• Recurring subscriptions: Dedicated credit card (easier to track)

Shopping Security Checklist

Before entering payment info:

• URL starts with HTTPS (padlock icon)
• Website looks legitimate (check spelling)
• Merchant has reviews / trusted reputation
• Check return policy
• Use payment method with fraud protection
• Save receipt/confirmation

Monitor Your Statements

What I do:

• Set up automatic alerts for transactions over $50
• Review credit card statements monthly
• Check bank account weekly
• Report suspicious charges immediately

7. Monitor Your Digital Footprint

Identity theft often goes unnoticed for months. Catch it early.

Free Credit Reports

By law, everyone is entitled to one free credit report per year from each bureau.

Official site: AnnualCreditReport.com

🔑 Important

This is the ONLY official free site. Beware of imposters like “freecreditreport.com” (paid service).

My strategy:

• Request one report every 4 months
• January: Equifax
• May: Experian
• September: TransUnion
• Continuous year-round monitoring

Credit Monitoring Services

Free options:

• Credit Karma (free, ad-supported)
• Your bank’s built-in monitoring
• Credit card issuer’s free monitoring

What they alert you about:

• New accounts opened in your name
• Hard inquiries on your credit
• Significant score changes
• Public records (liens, bankruptcies)

Google Alerts for Your Name

Set up Google Alerts for:

• Your full name
• Your email address
• Your phone number

You’ll get notified when you appear online.

Freeze Your Credit (Do This!)

Why freeze:

• Prevents identity thieves from opening accounts in your name
• Completely free at all three bureaus
• Temporarily lift when I need credit

How to freeze:

• Equifax Freeze
• Experian Freeze
• TransUnion Freeze

🧊 I Froze My Credit in 2020

• Takes 10 minutes per bureau
• Completely free
• Easy to lift temporarily if needed
• Peace of mind: No one can open accounts in my name

8. What I Did When I Got Hacked

Despite best efforts, it happens. Here’s what I did.

Immediate Actions (First Hour)

1. Change passwords immediately
   • Start with email (most critical)
   • Use your password manager to generate new ones
   • Change passwords on all important accounts
2. Enable 2FA if not already enabled
   • Email
   • Banking
   • Social media
   • Any account that supports it
3. Check for unauthorized access
   • Email: Check “recent activity” / “devices & activity”
   • Banking: Review recent transactions
   • Social media: Check login history
4. Scan for malware
   • Run full antivirus scan
   • Consider Malwarebytes for second opinion
   • Check browser extensions for suspicious additions

First 24 Hours

1. Alert your contacts
   • If email was hacked, warn friends about phishing
   • Don’t be embarrassed - it happens to everyone
2. Check credit reports
   • Look for unauthorized accounts
   • Place fraud alert if needed
3. Contact financial institutions
   • Bank
   • Credit card companies
   • Investment accounts

First Week

1. File official reports
   • FTC: IdentityTheft.gov
   • Local police (if money was stolen)
   • IC3 (for cybercrime): ic3.gov
2. Consider credit freeze
   • Freeze at all three bureaus
   • Prevents new accounts from being opened
3. Document everything
   • Save emails
   • Take screenshots
   • Keep records for insurance/legal purposes

🚨 Emergency Checklist

I keep this printed and in my password manager’s secure notes:

Hacked Email:

1. Change password immediately
2. Enable 2FA
3. Check forwarding rules
4. Check sent folder for spam
5. Review recent activity
6. Warn contacts

Hacked Bank:

1. Call bank immediately: [phone number]
2. Freeze accounts
3. Dispute fraudulent charges
4. File police report
5. Place credit freeze
6. File FTC complaint

Series Recap: The Essentials

This 4-part series covered:

Part 1: Recognizing Scams

• Trust your gut with emails
• Spot social engineering
• Recognize phone scams
• Never share security info

Part 2: Essential Tools

• Use a password manager
• Enable 2FA everywhere
• Keep software updated
• Use antivirus

Part 3: Network Security

• Changing default passwords
• Securing the router
• Segmenting networks
• Protecting IoT devices

Part 4: Daily Habits (This Part)

• Being careful with free stuff
• Teaching family members
• Trusting the browser
• Social media privacy
• Shopping safely online
• Monitoring credit

🎯 The 80/20 Rule

Doing ONLY these 5 things eliminates 80% of risk:

1. Password manager
2. 2FA on email and banking
3. Change router default password
4. Don’t click suspicious links
5. Credit freeze

What I’d Do First If Starting Over

If I were starting fresh, here’s what I’d tackle first (I’d pick three of these):

• Install a password manager - This was my first step, changed everything
• Enable 2FA on all important accounts - I started with email and banking
• Change router password - I did this immediately after the password manager
• Set up guest WiFi network - Took 10 minutes, huge security improvement
• Review social media privacy settings - I do this annually with Mom
• Freeze credit - I froze mine in 2020, completely free and easy
• Set up credit monitoring - I use Credit Karma (free) and check quarterly
• Have security talk with family - My annual chat with Mom has prevented several scams
• Check if I’ve been pwned - I check haveibeenpwned.com quarterly

More Resources

Official Resources

• CISA Cyber Essentials - US government cybersecurity
• FTC Consumer Information - Scam alerts
• Stay Safe Online - National Cybersecurity Alliance

Tools I Use

• Have I Been Pwned - Check for data breaches
• VirusTotal - Scan files for malware
• 2fa.directory - Which sites support 2FA
• Privacy Guides - Comprehensive privacy tools

Learning More

• Krebs on Security - Security news blog
• Electronic Frontier Foundation - Digital rights & privacy
• r/cybersecurity - Community discussion

Thank You!

If you’ve made it through all 4 parts of this series, congratulations! You now know more about cybersecurity than 90% of people.

💬 Final Thoughts

Security is a journey, not a destination. Start with the basics (password manager + 2FA) and build from there. Don’t try to do everything at once.

Share this series with someone who needs it. The more people who practice good security, the safer we all are.

Stay safe out there!

• Nick

Last updated: January 31, 2025