The personal threat landscape: securing yourself smartly | Kaspersky official blog
If you try to protect yourself against every threat in the world, you’ll soon run out of energy and make your life unbearable. Three-factor authentication here, a twenty-character password with musical notes and Chinese characters there, different browsers for different websites, and abstinence from social media don’t exactly sound life-asserting.
What hurts the most is that using practically all such security measures won’t help protect you against every threat: new ones just keep on sprouting up, and they call for new protection methods. Meanwhile, most new layers of security lower usability: having two-factor authentication will never be easier than not having it. And that’s the least obnoxious example. So what can you do about this? Create your own threat landscape, as corporations do when they design their security processes, and secure yourself only against those threats within that landscape.
What a threat landscape is, and what it has to do with you
In the field of corporate security, a threat landscape is the aggregate of cyberwoes that threaten a company in a certain industry within a certain period of time. These include vulnerabilities, malware, and ransomware groups and the techniques they use.
An overview of the threat landscape helps define what exactly the company needs to be protected against. Some threats will be more pressing than others, depending on the company’s location and business. And since a security budget always has its limits, just like the number of security staff, it makes sense to secure against the truly relevant threats.
Why not create a threat landscape like that for yourself and base your own personal security strategy on it? This would keep you from getting bogged down with multiple layers of protection and help you keep on using the internet with at least some degree of comfort.
Building a personal threat landscape
Every individual, just like every company, has a threat landscape of their own. Whether you use, say, TikTok or Instagram, and whether you have a password manager or not influences which threats are more relevant to you. Many other factors have an influence too, such as where you live, what operating system you have on your computer, what instant messaging apps you use, and who you text with using these apps.
That said, all these personal threat landscapes have certain elements in common, as we all live in the 21st century, all use computers and smartphones, and all browse the Web. Therefore, for the purposes of this discussion, a personal threat landscape can be divided into common and individual parts, with the common part mostly applicable to everyone, and the individual part determined by the person’s particular situation.
The common part of a threat landscape
If you’re a regular reader of this blog, you have a rough idea of the types of threats that are most frequent and relevant regardless of country of residence. First and foremost, these are phishing, data leaks, and various scams. Every single person needs to stay protected against these.
The best safeguard against phishing is learning to detect it. To do this, you should do the following:
- Learn what phishing is;
- Get an idea of the main tricks that phishers use;
- Learn the typical signs of phishing, such as a fishy (pun intended) sender address, suspicious links, and so on.
Securing yourself against data leaks is harder, as these are most often not your fault, but that of some service you’re a user of. As every one of us uses many online services — from social media to online stores, and from insurance companies to delivery services — it gets hard to keep an eye on every single one.
Generally, you need to be prepared for leaks, while [placeholder corpsite]any of the new Kaspersky products[/placeholder] with a data-leak alert feature can help you monitor the ones relevant to you. Monitoring is, for sure, a good thing, but what about the data that gets leaked? Well, this is something you can only respond to: change passwords swiftly, get your bank cards blocked if needed, and keep in mind that being addressed by your full name in an e-mail signed with your personal account manager’s name is no guarantee the e-mail really is from your bank. The bank might have had its database leaked and scammers could be using it for phishing.
Finally, there are all sorts of scams around the world, which do differ significantly among countries. Still, they do have common features. As in the case of phishing, knowledge is your best protection. So, keep reading our blog to learn about various scam types, and take a critical look at everything that’s either too good to be true or screams danger and calls for an immediate response: scammers typically either play on human greed or try putting their victims under stress to unnerve them and have them drop their guard.
Phishing, data leaks and scams are the three most common threat types that are relevant to everyone. Next, let’s discuss the individual part of a threat landscape, which depends on who you are and your online habits.
The individual part of a threat landscape
To create a personal threat landscape, first you need to get introspective and describe yourself and your habit. What websites and instant messaging services do you use? Do you have a separate business phone? Do you work from home or an office, and what computer do you use?
Next, depending on your answers to the above, you can start creating a landscape of relevant threats and security measures simply by going through the list.
Let’s say you’re an active user of social media. In that case, you need to secure yourself against account hacks, ban attacks, and account hijacking (Instagram, Facebook). You also need to set proper privacy settings in Instagram, Facebook, TikTok, and Twitter.
The state of privacy in niche social media, such as Vivino (for wine lovers) and Untappd (for beer lovers), is lamentable: your alcohol discoveries are visible to anyone by default. If you’d rather not share your lost weekend with the world, be sure to configure these apps so that your wine or beer adventures remain your little secret.
Or, say, you’re an avid gamer and a Steam user. If so, you should safeguard yourself against Trojan stealers targeting user accounts and scammers who run schemes inside games that make such activity possible. What can you do about this? Read up on Steam scams, and configure the security features of that service.
Suppose you’re a blogger or the owner of a popular Telegram channel. Well, your biggest threats are account theft and doxing — the latter more commonly experienced by women. What can you do about this? Learn how accounts typically get hijacked, and get a reliable security product to neutralize Trojans and alert you about phishing and personal data leaks.
Even if you decide you’re no longer interested in social media or games, don’t leave your accounts hanging, unattended: they could be hacked and used against you by accessing your personal data. The worst bit is: you won’t learn about this any time soon — or ever. Therefore, we recommend you look at our guide on managing accounts you don’t use/need.
Many naively believe that they may only encounter cyberfraud in their personal space, whereas work is safe, guarded by trained professionals, and generally, no place for scams or phishing! Nothing could be further from the truth. If you’re looking for a job, you could be the perfect target for scammers. If you started working at a new company recently, keep your eyes open for fake coworkers. If you’re remote or use a personal computer for work, set up your workspace so as to avoid harming your employer, and research what software you shouldn’t use for work.
Finally, be especially careful if you’re a crypto investor: since cryptocurrency transactions are not protected by laws, it’s critical to: choose the right storage strategy, remember that even cold wallets can be hacked into, and take every measure to secure your wallets, private keys and seed phrases.
However, even those who’ve covered all bases, installed a reliable program for storing passwords and personal data, and protected every possible account with two-factor authentication, should think ahead about what they’d do should their smartphone with the authenticator app on it break, get lost or stolen. Reach out for our tips on how to back up an authenticator app, or try recovering it if you lost your phone before you could make a backup.
This is how you build your own personal threat landscape: by reviewing every area of your cyberlife. Sad as this may sound, the last step in creating a threat landscape is making a digital last-will-and-testament.
If you design your own personal security strategy around your own threat landscape, you’ll do it faster and keep things simpler than if you try protecting yourself from everything at once. You’ll naturally need knowledge of cybersecurity and online privacy to succeed at this. Subscribe to our mailing list to get new posts in your mailbox and study the threats that belong in your personal threat landscape. Our security solutions can help you neutralize these threats, monitor data leaks, and store personal data safely.