I ntroduction 1 About This Book 1 Foolish Assumptions 3 Icons Used in This Book 4 Beyond the Book 4 Where to Go from Here 4 Part 1: Getting Started With Cybersecurity 5 Chapter 1: What Exactly Is Cybersecurity? 7 Cybersecurity Means Different Things to Different Folks 7 Cybersecurity Is a Constantly Moving Target 9 Technological changes 9 Social shifts 14 Economic model shifts 15 Political shifts 16 Looking at the Risks Cybersecurity Mitigates 20 The goal of cybersecurity: The CIA Triad 21 From a human perspective 22 Chapter 2: Getting to Know Common Cyberattacks 23 Attacks That Inflict Damage 24 Denial-of-service (DoS) attacks 24 Distributed denial-of-service (DDoS) attacks 24 Botnets and zombies 26 Data destruction attacks 27 Is That Really You? Impersonation 27 Phishing 28 Spear phishing 28 CEO fraud 28 Smishing 29 Vishing 29 Pharming 29 Whaling: Going for the "big fish" 29 Messing around with Other People''s Stuff: Tampering 30 Captured in Transit: Interception 30 Man-in-the-middle attacks 31 Taking What Isn''t Theirs: Data Theft 32 Personal data theft 32 Business data theft 32 Data exfiltration 33 Compromised credentials 33 Forced policy violations 34 Cyberbombs That Sneak into Your Devices: Malware 34 Viruses 34 Worms 35 Trojans 35 Ransomware 35 Scareware 36 Spyware 37 Cryptocurrency miners 37 Adware 37 Blended malware 38 Zero-day malware 38 Fake malware on computers 38 Fake malware on mobile devices 38 Fake security subscription renewal notifications 39 Poisoned Web Service Attacks 39 Network Infrastructure Poisoning 40 Malvertising 40 Drive-by downloads 41 Stealing passwords 41 Exploiting Maintenance Difficulties 43 Advanced Attacks 43 Opportunistic attacks 44 Targeted attacks 44 Blended (opportunistic and targeted) attacks 45 Some Technical Attack Techniques 45 Rootkits 45 Brute-force attacks 46 Injection attacks 46 Session hijacking 47 Malformed URL attacks 47 Buffer overflow attacks 48 Chapter 3: The Bad Guys You Must Defend Against 49 Bad Guys and Good Guys Are Relative Terms 50 Bad Guys Up to No Good 51 Script kiddies 51 Kids who are not kiddies 52 Terrorists and other rogue groups 52 Nations and states 52 Corporate spies 54 Criminals 54 Hacktivists 54 Cyberattackers and Their Colored Hats 55 How Cybercriminals Monetize Their Actions 56 Direct financial fraud 56 Indirect financial fraud 57 Ransomware 59 Cryptominers 60 Not All Dangers Come From Attackers: Dealing with Nonmalicious Threats 60 Human error 60 External disasters 62 Defending against These Attackers 67 Part 2: Improving Your Own Personal Security 69 Chapter 4: Evaluating Your Current Cybersecurity Posture 71 Don''t be Achilles: Identifying Ways You May Be Less than Secure 71 Your home computer(s) 72 Your mobile devices 73 Your Internet of Things (IoT) devices 73 Your networking equipment 74 Your work environment 74 Identifying Risks 74 Protecting against Risks 75 Perimeter defense 76 Firewall/router 76 Security software 79 Your physical computer(s) and any other endpoints 79 Backups 79 Detecting 80 Responding 80 Recovering 80 Improving 80 Evaluating Your Current Security Measures 80 Software 81 Hardware 82 Insurance 83 Education 83 Privacy 101 84 Think before you share 84 Think before you post 85 General privacy tips 86 Banking Online Safely 88 Safely Using Smart Devices 90 Cryptocurrency Security 101 91 Chapter 5: Enhancing Physical Security 93 Understanding Why Physical Security Matters 94 Taking Inventory 94 Stationary devices 96 Mobile devices 97 Locating Your Vulnerable Data 97 Creating and Executing a Physical Security Plan 98 Implementing Physical Security 100 Security for Mobile Devices 101 Realizing That Insiders Pose the Greatest Risks 102 Chapter 6: Cybersecurity Considerations When Working from Home 105 Network Security Concerns 106 Device Security Concerns 108 Location Cybersecurity 109 Shoulder surfing 109 Eavesdropping 110 Theft 110 Human errors 110 Video Conferencing Cybersecurity 111 Keep private stuff out of camera view 111 Keep video conferences secure from unauthorized visitors 111 Social Engineering Issues 113 Regulatory Issues 113 Part 3: Protecting Yourself From Yourself 115 Chapter 7: Securing Your Accounts 117 Realizing You''re a Target 117 Securing Your External Accounts 118 Securing Data Associated with User Accounts 119 Conduct business with reputable parties 119 Use official apps and websites 120 Don''t install software from untrusted parties 120 Don''t root your phone 120 Don''t provide unnecessary sensitive information 120 Use payment services that eliminate the need to share credit card numbers 120 Use one-time, virtual credit card numbers when appropriate 121 Monitor your accounts 122 Report suspicious activity ASAP 122 Employ a proper password strategy 122 Utilize multifactor authentication 122 Log out when you''re finished 124 Use your own computer or phone 124 Lock your computer 124 Use a separate, dedicated computer for sensitive tasks 125 Use a separate, dedicated browser for sensitive web-based tasks 125 Secure your access devices 125 Keep your devices up to date 125 Don''t perform sensitive tasks over public Wi-Fi 125 Never use public Wi-Fi in high-risk places 126 Access your accounts only in safe locations 126 Use appropriate devices 126 Set appropriate limits 126 Use alerts 127 Periodically check access device lists 127 Check last login info 127 Respond appropriately to any fraud alerts 127 Never send sensitive information over an unencrypted connection 127 Beware of social engineering attacks 128 Establish voice login passwords 129 Protect your cellphone number 129 Don''t click on links in emails or text messages 129 Securing Data with Parties You''ve Interacted With 130 Securing Data at Parties You Haven''t Interacted With 132 Securing Data by Not Connecting Hardware with Unknown Pedigrees 133 Chapter 8: Passwords 135 Passwords: The Primary Form of Authentication 135 Avoiding Simplistic Passwords 136 Password Considerations 137 Easily guessable personal passwords 137 Complicated passwords aren''t always better 138 Different levels of sensitivity 138 Your most sensitive passwords may not be the ones you think 139 You can reuse passwords -- sometimes 139 Consider using a password manager 140 Creating Memorable, Strong Passwords 142 Knowing When to Change Passwords 143 Changing Passwords after a Breach 144 Providing Passwords to Humans 144 Storing Passwords 145 Storing passwords for your heirs 145 Storing general passwords 145 Transmitting Passwords 146 Discovering Alternatives to Passwords 146 Biometric authentication 146 SMS-based authentication 148 App-based one-time passwords 149 Hardware token authentication 149 USB-based authentication 150 Chapter 9: Preventing Social Engineering Attacks 151 Don''t Trust Technology More than You Would People 151 Types of Social Engineering Attacks 152 Six Principles Social Engineers Exploit 156 Don''t Overshare on Social Media 156 Your schedule and travel plans 157 Financial information 158 Personal information 158 Work information 160 Possible cybersecurity issues 160 Crimes and minor infractions 160 Medical or legal advice 160 Your location 161 Your birthday 161 Your "sins" 161 Leaking Data by Sharing Information as Part of Viral Trends 162 Identifying Fake Social Media Connections 162 Photo 163 Verification 163 Friends or connections in common 163 Relevant posts 164 Number of connections 164 Industry and location 165 Similar people 165 Duplicate contact 165 Contact details 165 Premium status 166 LinkedIn endorsements 166 Group activity 166 Appropriate levels of relative usage 167 Human activities 167 Cliché names 167 Poor contact information 168 Skill sets 168 Spelling 168 Age of an account 168 Suspicious career or life path 168 Level or celebrity status 169 Using Bogus Information 170 Using Security Software 170 General Cyberhygiene Can Help Prevent Social Engineering 171 Part 4: Cybersecurity for Businesses, Organizations, and Government 173 Chapter 10: Securing Your Small Business 175 Making Sure Someone.