Tutorial
Cybersecurity
Protecting yourself, your family, and your data in the digital world. Covers passwords, authentication, phishing, malware, privacy, and incident response.
Chapters
About this tutorial
A practical guide to keeping yourself, your family, and your data safe online.
This is not a hacker's handbook. It's the boring, useful version: what to turn on, what to turn off, what to ignore, and what to do when something goes wrong.
Who This Is For
- People who keep meaning to set up a password manager and haven't
- Parents who want their kids online without it ending badly
- Anyone who has just been told "your data was in a breach"
- Friends and relatives who keep asking you the same five questions
Contents
| Chapter | Topic |
|---|---|
| 01-threat-landscape | Common attacks and attackers |
| 02-passwords | Strong passwords and management |
| 03-authentication | 2FA, MFA, and account security |
| 04-phishing | Recognizing and avoiding scams |
| 05-malware | Viruses, ransomware, and protection |
| 06-network-security | Securing home networks |
| 07-mobile-security | Smartphone and tablet protection |
| 08-privacy | Protecting personal information |
| 09-family-safety | Keeping children safe online |
| 10-incident-response | What to do when things go wrong |
Immediate Actions
Top 5 Things to Do Now
Enable 2FA on all important accounts
- Email, banking, social media
- Use authenticator app, not SMS when possible
Use a password manager
- Unique password for every account
- Let the manager generate strong passwords
Update everything
- Operating systems
- Applications
- Router firmware
Back up your data
- 3-2-1 rule: 3 copies, 2 different media, 1 offsite
Freeze your credit
- All three bureaus (Equifax, Experian, TransUnion)
- Free and effective against identity theft
Password Security
Strong Passwords
| Weak | Strong |
|---|---|
| password123 | K7$mP2@nQ9!xR4 |
| YourDog2020 | correcthorsebatterystaple |
| 123456789 | Randomly generated 16+ characters |
Password Rules
| Rule | Why |
|---|---|
| Unique for every account | One breach doesn't compromise all |
| At least 16 characters | Length beats complexity |
| Use password manager | You can't remember good passwords |
| Never reuse passwords | Credential stuffing is common |
| Change after breach | Check haveibeenpwned.com |
Password Managers
| Manager | Notes |
|---|---|
| 1Password | Excellent, paid |
| Bitwarden | Great, free option |
| Dashlane | Good, paid |
| KeePassXC | Free, local storage |
One master password to remember. Make it strong and memorable.
Two-Factor Authentication (2FA)
Types (Best to Worst)
| Type | Security | Convenience |
|---|---|---|
| Hardware key (YubiKey) | Best | Moderate |
| Authenticator app | Very good | Good |
| SMS/Text | Better than nothing | Very easy |
| Weak | Easy |
Authenticator Apps
- Google Authenticator
- Microsoft Authenticator
- Authy (cloud backup)
- 1Password (integrated)
Enable on: Email, banking, cloud storage, social media, any important account.
Phishing
How to Spot Phishing
| Red Flag | Example |
|---|---|
| Urgency | "Account will be closed in 24 hours!" |
| Generic greeting | "Dear Customer" instead of your name |
| Suspicious sender | amazon-support@gmail.com |
| Mismatched links | Hover shows different URL |
| Grammar/spelling errors | Poorly written message |
| Unexpected attachment | "Invoice.pdf.exe" |
When in Doubt
- Don't click links in emails
- Go directly to the website by typing the URL
- Call the company using a known number (not one in the email)
- Report suspicious emails
Common Scams
| Scam | How It Works |
|---|---|
| Package delivery | Fake tracking link |
| IRS/Tax | Threatening message about taxes |
| Tech support | "Your computer is infected" |
| Romance | Fake relationship for money |
| Crypto investment | "Guaranteed returns" |
Home Network Security
Router Security
| Action | Why |
|---|---|
| Change default password | Factory passwords are known |
| Update firmware | Fix security holes |
| Use WPA3 (or WPA2) | Never WEP, never open |
| Disable WPS | Easy to hack |
| Enable firewall | Block unwanted access |
| Consider guest network | Isolate IoT devices |
Network Hygiene
- Inventory connected devices
- Remove/disable unused devices
- Segment IoT on separate network
- Use VPN for sensitive work
- Monitor for unusual activity
Device Security
All Devices
| Action | Frequency |
|---|---|
| Install updates | Immediately |
| Run antivirus | Always on |
| Enable encryption | Always |
| Lock screen | Always |
| Backup data | Regular |
Computers
- Full disk encryption (BitLocker, FileVault)
- Standard user account (not admin) for daily use
- Don't install unknown software
- Be careful with browser extensions
Mobile
- Enable biometric + PIN
- Only official app stores
- Review app permissions
- Enable remote wipe
- Don't jailbreak/root
Privacy
Reducing Your Footprint
| Action | Benefit |
|---|---|
| Use privacy-focused browser | Less tracking |
| Use VPN | Hide IP address |
| Limit social media sharing | Less personal info exposed |
| Review privacy settings | Control what's shared |
| Delete old accounts | Reduce attack surface |
Data Minimization
- Don't give info you don't need to give
- Use fake birthday/info for unimportant accounts
- Use email aliases for signups
- Opt out of data brokers
Family Safety
Children Online
| Age | Focus |
|---|---|
| Young children | Supervised use, kid-safe content |
| Tweens | Privacy settings, safe sharing |
| Teens | Digital footprint, predator awareness |
Conversations to Have
- What information should never be shared
- How to recognize predatory behavior
- What to do if something makes them uncomfortable
- Screenshots and digital footprint permanence
- Cyberbullying response
Technical Controls
- Content filtering (OpenDNS, router-level)
- Screen time limits
- App approval
- Location sharing (for safety)
- Regular check-ins on usage
When Things Go Wrong
Signs of Compromise
| Sign | Possible Meaning |
|---|---|
| Unexpected password changes | Account hijacked |
| Strange account activity | Unauthorized access |
| Unfamiliar devices logged in | Someone else has access |
| Ransomware message | Malware infection |
| Slow/strange device behavior | Possible infection |
Incident Response Steps
- Contain - Disconnect affected device
- Assess - What's affected?
- Remediate - Change passwords, run scans
- Recover - Restore from backup if needed
- Learn - How did it happen? Prevent repeat
Who to Contact
| Situation | Contact |
|---|---|
| Identity theft | identitytheft.gov, credit bureaus |
| Financial fraud | Bank, FTC, local police |
| FBI for serious cybercrime | ic3.gov |
| Data breach | State attorney general |
Security Checklist
Monthly
- [ ] Check bank/credit statements
- [ ] Review account activity
- [ ] Update devices
Quarterly
- [ ] Review account access
- [ ] Check for breaches (haveibeenpwned.com)
- [ ] Review security questions/recovery options
Annually
- [ ] Review credit reports
- [ ] Audit old accounts (close unused)
- [ ] Review password manager
- [ ] Update emergency contacts
- [ ] Test backups
Resources
Tools
| Tool | Purpose |
|---|---|
| haveibeenpwned.com | Check if email was in breach |
| Privacy Badger | Browser tracking blocker |
| uBlock Origin | Ad/malware blocker |
| Malwarebytes | Malware scanner |
Information
- CISA.gov (official US cyber advice)
- Krebs on Security (blog)
- National Cyber Security Centre (UK)
- EFF (Electronic Frontier Foundation)
Key Takeaways
- Basics matter most. Strong passwords plus 2FA stop the vast majority of attacks.
- Updates aren't optional. They patch the holes attackers already know about.
- Think before clicking. Phishing is still the most common way in.
- Back up, back up, back up. Ransomware happens to ordinary people.
- You are a target. Everyone has something worth stealing.
- It is never too late to start. Today is fine.
- Security is ongoing. Set-and-forget does not exist here.