Tutorial
Cybersecurity
Protecting yourself, your family, and your data in the digital world. Covers passwords, authentication, phishing, malware, privacy, and incident response.
Chapters
About this tutorial
Protecting yourself, your family, and your data in the digital world.
Why Cybersecurity Matters
- Protect your identity and finances
- Keep your family safe online
- Secure your personal information
- Avoid scams and fraud
- Maintain privacy
- Recover from incidents when they happen
Contents
| Chapter | Topic |
|---|---|
| 01-threat-landscape | Common attacks and attackers |
| 02-passwords | Strong passwords and management |
| 03-authentication | 2FA, MFA, and account security |
| 04-phishing | Recognizing and avoiding scams |
| 05-malware | Viruses, ransomware, and protection |
| 06-network-security | Securing home networks |
| 07-mobile-security | Smartphone and tablet protection |
| 08-privacy | Protecting personal information |
| 09-family-safety | Keeping children safe online |
| 10-incident-response | What to do when things go wrong |
Immediate Actions
Top 5 Things to Do Now
Enable 2FA on all important accounts
- Email, banking, social media
- Use authenticator app, not SMS when possible
Use a password manager
- Unique password for every account
- Let the manager generate strong passwords
Update everything
- Operating systems
- Applications
- Router firmware
Back up your data
- 3-2-1 rule: 3 copies, 2 different media, 1 offsite
Freeze your credit
- All three bureaus (Equifax, Experian, TransUnion)
- Free and effective against identity theft
Password Security
Strong Passwords
| Weak | Strong |
|---|---|
| password123 | K7$mP2@nQ9!xR4 |
| YourDog2020 | correcthorsebatterystaple |
| 123456789 | Randomly generated 16+ characters |
Password Rules
| Rule | Why |
|---|---|
| Unique for every account | One breach doesn't compromise all |
| At least 16 characters | Length beats complexity |
| Use password manager | You can't remember good passwords |
| Never reuse passwords | Credential stuffing is common |
| Change after breach | Check haveibeenpwned.com |
Password Managers
| Manager | Notes |
|---|---|
| 1Password | Excellent, paid |
| Bitwarden | Great, free option |
| Dashlane | Good, paid |
| KeePassXC | Free, local storage |
One master password to remember - make it strong and memorable.
Two-Factor Authentication (2FA)
Types (Best to Worst)
| Type | Security | Convenience |
|---|---|---|
| Hardware key (YubiKey) | Best | Moderate |
| Authenticator app | Very good | Good |
| SMS/Text | Better than nothing | Very easy |
| Weak | Easy |
Authenticator Apps
- Google Authenticator
- Microsoft Authenticator
- Authy (cloud backup)
- 1Password (integrated)
Enable on: Email, banking, cloud storage, social media, any important account.
Phishing
How to Spot Phishing
| Red Flag | Example |
|---|---|
| Urgency | "Account will be closed in 24 hours!" |
| Generic greeting | "Dear Customer" instead of your name |
| Suspicious sender | amazon-support@gmail.com |
| Mismatched links | Hover shows different URL |
| Grammar/spelling errors | Poorly written message |
| Unexpected attachment | "Invoice.pdf.exe" |
When in Doubt
- Don't click links in emails
- Go directly to the website by typing the URL
- Call the company using a known number (not one in the email)
- Report suspicious emails
Common Scams
| Scam | How It Works |
|---|---|
| Package delivery | Fake tracking link |
| IRS/Tax | Threatening message about taxes |
| Tech support | "Your computer is infected" |
| Romance | Fake relationship for money |
| Crypto investment | "Guaranteed returns" |
Home Network Security
Router Security
| Action | Why |
|---|---|
| Change default password | Factory passwords are known |
| Update firmware | Fix security holes |
| Use WPA3 (or WPA2) | Never WEP, never open |
| Disable WPS | Easy to hack |
| Enable firewall | Block unwanted access |
| Consider guest network | Isolate IoT devices |
Network Hygiene
- Inventory connected devices
- Remove/disable unused devices
- Segment IoT on separate network
- Use VPN for sensitive work
- Monitor for unusual activity
Device Security
All Devices
| Action | Frequency |
|---|---|
| Install updates | Immediately |
| Run antivirus | Always on |
| Enable encryption | Always |
| Lock screen | Always |
| Backup data | Regular |
Computers
- Full disk encryption (BitLocker, FileVault)
- Standard user account (not admin) for daily use
- Don't install unknown software
- Be careful with browser extensions
Mobile
- Enable biometric + PIN
- Only official app stores
- Review app permissions
- Enable remote wipe
- Don't jailbreak/root
Privacy
Reducing Your Footprint
| Action | Benefit |
|---|---|
| Use privacy-focused browser | Less tracking |
| Use VPN | Hide IP address |
| Limit social media sharing | Less personal info exposed |
| Review privacy settings | Control what's shared |
| Delete old accounts | Reduce attack surface |
Data Minimization
- Don't give info you don't need to give
- Use fake birthday/info for unimportant accounts
- Use email aliases for signups
- Opt out of data brokers
Family Safety
Children Online
| Age | Focus |
|---|---|
| Young children | Supervised use, kid-safe content |
| Tweens | Privacy settings, safe sharing |
| Teens | Digital footprint, predator awareness |
Conversations to Have
- What information should never be shared
- How to recognize predatory behavior
- What to do if something makes them uncomfortable
- Screenshots and digital footprint permanence
- Cyberbullying response
Technical Controls
- Content filtering (OpenDNS, router-level)
- Screen time limits
- App approval
- Location sharing (for safety)
- Regular check-ins on usage
When Things Go Wrong
Signs of Compromise
| Sign | Possible Meaning |
|---|---|
| Unexpected password changes | Account hijacked |
| Strange account activity | Unauthorized access |
| Unfamiliar devices logged in | Someone else has access |
| Ransomware message | Malware infection |
| Slow/strange device behavior | Possible infection |
Incident Response Steps
- Contain - Disconnect affected device
- Assess - What's affected?
- Remediate - Change passwords, run scans
- Recover - Restore from backup if needed
- Learn - How did it happen? Prevent repeat
Who to Contact
| Situation | Contact |
|---|---|
| Identity theft | identitytheft.gov, credit bureaus |
| Financial fraud | Bank, FTC, local police |
| FBI for serious cybercrime | ic3.gov |
| Data breach | State attorney general |
Security Checklist
Monthly
- [ ] Check bank/credit statements
- [ ] Review account activity
- [ ] Update devices
Quarterly
- [ ] Review account access
- [ ] Check for breaches (haveibeenpwned.com)
- [ ] Review security questions/recovery options
Annually
- [ ] Review credit reports
- [ ] Audit old accounts (close unused)
- [ ] Review password manager
- [ ] Update emergency contacts
- [ ] Test backups
Resources
Tools
| Tool | Purpose |
|---|---|
| haveibeenpwned.com | Check if email was in breach |
| Privacy Badger | Browser tracking blocker |
| uBlock Origin | Ad/malware blocker |
| Malwarebytes | Malware scanner |
Information
- CISA.gov (official US cyber advice)
- Krebs on Security (blog)
- National Cyber Security Centre (UK)
- EFF (Electronic Frontier Foundation)
Key Takeaways
- Basics matter most - Strong passwords + 2FA stop most attacks
- Updates aren't optional - They fix security holes
- Think before clicking - Phishing is the #1 attack vector
- Backup, backup, backup - Ransomware can happen to anyone
- You're a target - Everyone has something worth stealing
- It's never "too late" - Start improving security today
- Security is ongoing - Not set-and-forget