#24: How To Upgrade Your Cyber Security In 30 Minutes Or Less

Welcome to episode 24 of The Growth Booth where today we're talking about internet security and things that you can do in 30 minutes or less to protect yourself from getting hacked and other threats that exist with online activities.

I think the first thing to realize is that many people make the assumption that they're just not going to get hacked. They're not going to get into trouble because a hacker is not going to target them. Now, that's fundamentally flawed though, because hackers don't tend to target individual people. They just cast a very wide net. They've got their little robots that go out there and attempt to break into as many websites as they can.

If you happen to have a username and a password associated with a website, and if they manage to breach that website database, then you can get hacked. It's not that you've been specifically targeted, it's just the fact that you were in the wrong place at the wrong time, and now your information has been exposed and hackers are everywhere.

The security threats are becoming more and more prevalent in 2022 and beyond, and because we're spending so much more of our lives online, getting hacked is more common than you probably realize. The threats are growing more and more sophisticated. As we spend more and more of our lives online, there's more things that can be exposed and there's more things that can be sold from us, and there really is a lot to lose.

I mean, things like identity theft. In fact, just a few weeks ago, I was the result of what I thought was a hack. In reality, it was someone that had copied a social media profile. It was the profile of Internet Marketing with Aidan Booth online Facebook account, and someone had copied it and they had created a name, they had created a profile which looked identical. The only difference was there was a period at the end of the name of the page. This person was out there commenting in ways on my Facebook page. And I was like, how is this happening?

They were sharing links out to other unusual websites like crypto websites and things like this. It's like someone must have hacked into my account. That's the only way they could make those comments. In reality, they were pretending to be me by having an account that looked almost identical to mine. This wasn't a hack, but it was something that raised a red flag for me. And I thought, well, I better have a look at this.

That's really what triggered a complete overhaul of my own internet security and the way that I protect myself online so identity theft can be one thing. People can steal money from you if they get into your bank accounts or get into accounts where you've got your credit card details on file. Say, for example, you buy things on e-commerce stores or you buy something on Amazon and you've got your credit card saved in there, you can go to check out without putting your credit card information in the game. If someone gets into that site, they might not be able to steal money from you, but they can still use the details that you've got on file to buy a lot of things and send them to themselves. Essentially, they are stealing money from you.

Access and then also blackmail is a real threat as well. And again, people aren't individually targeted for the most case. It's just that unfortunately, many products that people sometimes use are either not that secure or have been breached because of the sophistication of the way that these hackers work nowadays. There are lots and lots of ways that you can get hacked, but there are four of the most common suspects that result in people getting hacked.

The first is that a company that you use and you trust with your information has had a security breach. Maybe they've screwed up, maybe they've made a mistake, or maybe hackers have just managed to exploit them and they might not have made a mistake. In that case, if you are someone that uses that company and you've got your email and your password or whatever your credentials are in their database, then that would have been exposed.

Another way that people often get hacked is because their passwords are too easy, they're too weak, or they are reused, or maybe it's the same password for a long, long time. Maybe you're using the same password across dozens of different accounts on the web, and if this is the case, if just one of those accounts gets hacked into, then the way these robots work, they can try and use your credentials in thousands of other websites and they will eventually find others where you've used the exact same information, and that's how hacking can spread. Sometimes passwords are just easily guessed and all they are outdated. 

Other ways that people get hacked is because they don't have a second layer of security in place called two-factor authentication. We'll talk about what this is and how to use it shortly. Then another way people get hacked is through social engineering. This one is really scary because when done well, it's almost impossible to detect. This form of hacking is called phishing, and the way that phishing works or social engineering is when you might receive an email and it might look like an email coming from your bank, everything will look identical. If your bank is Wells Fargo, maybe the sender address is wellsfargosecurity.com or wellsfargoonline or wellsfargo and then some number or something. It looks to be an email, an official email from your bank, and the email will just be typically saying something quite vague and with an element of urgency.

It might say something like, "Hey, Aidan, there's a document that you need to see related to your taxes. Log in to see it now," and that will be the extent of the email, and there'll be a link there. If you click on that link and then go into your bank account using that link, when you go to that link, you're going to go to a page that looks like your bank account. It's got a form in there where you need to insert your information. Everything is going to be identical. The only difference is you're not really going into your bank. You are feeding your information to the hackers when you insert it in that website, and then they can use that information to go and get into your bank account.

You have to be very careful with this. One way that you can protect yourself from this is using the Two-Factor Authentication. We'll talk more about this in a moment. Just being aware that anytime you want to log into something, try to avoid clicking on links and rather go to the place that you're trying to log into. That way, you're much better protected when you get hacked or when a website or a database or an account of some kind gets breached.

If you are part of that, if you're one of the users of that service or whatever it may be, the hackers will be able to find that information, get your information, and then try using those credentials in many, many other websites. This is why reusing the same password on lots of websites is a really bad idea. In fact, one of the simplest things you can do if you want to beef up your Internet security is just make sure that you don't reuse the same password website after website after website. Internet security can protect you from the problem of hacking. I think it's an opportunity to apply the 80/20 rule and sort of get the most bang for your buck, if you like, with your security just by doing a few simple things.

This is what I'm going to talk about in the next few moments here. The first thing that you can do is to make an inventory of all of your accounts, specifically the accounts that need to be protected. I'll talk about how we do this in just a moment, and then we can apply the 80/20 rule to secure the accounts that are the most important ones. Because if you get hacked and let's say you're using some online tool for image design or photo design or editing or something, like this, some simple little tool, one that comes to mind is Canva, if you've got an account with Canva and you use that to create images for social media or something like that, if that gets hacked, there's probably not a lot of damage that can be done to you just by that account getting hacked. But that becomes a problem if the credentials are used in lots of other places, but that Canva account, that image editing account is not what we call a gateway account.

Gateway accounts are the most important ones, and these are the ones that you really need to lock down, sort of in an ironclad vault. I used to hold all of my passwords in a spreadsheet, and it had hundreds, maybe even thousands of passwords on it. Credentials to absolutely everything: bank account, social media, email, the works. I did have that spreadsheet did have a password on it, but it wasn't very strong.

If someone had been able to get into that, then I would have been in a world of trouble. Because, like I said, it just had the passwords to absolutely everything. This is the system that I used for quite a long time. It was like I say quite recently that I decided that I really needed to take a more mature approach to Internet security, and I did a complete overhaul. 

Now, the other thing that I used to do was use a password manager. I'm not going to mention the one that I used to use because I think there's a much better one. But the one that I used to use was one that I think was probably okay, but I don't know for sure how well encrypted the passwords were. I just thought that even though I was using that, I could probably do a lot better. That's why I eventually transitioned to a new security system, a new password manager.

I'm going to go through exactly what I did in the next four steps, so that hopefully if you want to, you can do the same. This is something that you'll be able to implement yourself probably in 20 or 30 minutes. If you want to dedicate a little bit of time now or after you finish listening to this podcast, you'll be able to go a long way towards protecting yourself from these online threats.

The first thing that I did when giving myself all my online activities and overhaul with regards to the security was I made an inventory of all of the accounts focusing on the gateway accounts. What I did here was I broke up the account into four different buckets, and these buckets were around email, that was the first bucket, finances, platforms, and social media. What I did was I got a piece of paper, I made four columns on it, and in the first column, I put email. This is where I listed out my different email account. I've got multiple email accounts. I put them down there, my Gmail account, my Yahoo account, my online business account, and so on and so forth.

The second column was finances. This is where I put links to my banks, to stock trading accounts, to cryptocurrency accounts and other investments that was in the finances. The third column was platforms, and this is where I put things like Apple. I use Apple. I've got Apple accounts. That's a platform that I use. I've also got Google and I made a list of these different platforms and the ones that I'm using.

Then in the fourth column, social media. This is where I put things like Facebook, Instagram, LinkedIn, so on and so forth. Once I've got that, these are what we call the gateway accounts. The reason they are gateway account is because if you think about what you do when you forget a password to start with. If you're trying to log in to something and you forget a password, what do the websites tend to do? They say, "Enter your email and we will send you a link so that you can reset your password." That's all good and well, and that system works. But if someone were to breach your email, they would then be able to breach a whole range of other accounts because the email that you use is the core of the access that you've got to these other places.

Also, finances, this is where you stand to be have a lot stolen from you financially platforms because they connect you to everything. Apple, I mean, if someone to get into my Apple account, they'll be able to access many different things and then social media is similar.

What we're trying to do here is instead of saying, "Look, you've got hundreds of different accounts online," let's focus on the gateway accounts because they are the ones that you can have real damage done to you if people are able to hack into them. Applying the 80/20 rule, making sure that these gateway accounts are super secure and moving forward from there, that's the first step.

You don't need to worry about writing down or changing passwords or anything like that right now. We'll do that shortly.  Now, the second thing that you want to do is use a password manager, and I recommend 1Password. There are a bunch of different password managers out there. Last pass is another one. They've got a free option, but 1Password is the one that I use. As far as I'm aware, 1Password has never been breached. But if they were to get breached, if they were to get hacked, then the information that we've got inside the password manager will be encrypted anyway. That's how they are designed to work.

What password managers do is they can manage and remember all of your passwords for different accounts that you've got what you do. For example, when I log into my computer in the morning, or if I'm trying to log into different accounts on my phone, I've got an app which I log into with a master password, and then that enables me to access all of the other passwords.

Now, with my email account, for example, my Facebook account, I've got no idea what my password actually is, but that doesn't matter. In fact, it's a good thing it's all remembered inside the password manager. Password managers will encrypt your passwords and allow you to use super strong and unique passwords on every single account. You can do this without storing them on a notepad or in a spreadsheet or in a book or something like that.

1Password has got a mobile app, so I'm able to use that on my phone. It's also got the ability to be shared amongst my family. My wife and I, we can both use the same password manager and we can all get into the same account and so on and so forth. You can set this up different ways. It's also got Two-Factor Authentication built into it, which, as we'll talk about in just a moment, is quite important. Again, the way that these password managers work is they store all of your passwords you can do away with storing your passwords in any other way. When you need to log into something online, it offers you a tool that will be able to fill in your password for you. It's a much more secure way to manage your passwords. If you want to find out more, head over to 1password.com and you can get more information about that.

The second step is to create an account with a password manager. Just to recap the first step, we made an inventory of all of your gateway accounts, dividing them into four different buckets, emails, finances, platforms and social media. The second step, we signed up for an account with a password manager, and I'm recommending 1Password.

The third step is to now go in and change all of your passwords at your gateway accounts, and you might have ten or 20 of these. It's probably going to take ten or 20 minutes. What I recommend that you do is you use strong passwords that are generated by the password manager.

Now, you could use a random set of numbers and characters and letters, and this could be your password. These tend to be good passwords, but you could also use a phrase of some kind like, Didyoupickup2steaksfordinner? and if you think about that, Didyoupickup2steaksfordinner? has got a capital letter with the first letter of the first word. It's got a question mark at the end. It's got the number two. We are already combining uppercase, lowercase letters and characters in there. It's got quite a few characters as well.

You can use a weird phrase as a password if you want to. However, I'm more of a fan of just using a random jumble of letters, numbers and characters. I think that's much more secure when you're using a password manager, though. That is one password that you will need to remember the password that gets you in to the password manager. This is kind of like your master key, if you like, and you need to remember that one, because if you forget that one, you won't be able to get access to any of your passwords.

Now there is a backup plan in place here. When you create an account with 1Password, they give you a piece of paper that you can print out. This has got secure access keys and bits and pieces on it. You can use this as a fallback plan in case you ever forget your master password.

So again, just something to be aware of. You will need to remember one password, and you might be able to use a word phrase Didyoupickup2steaksfordinner? or some random string of words that only makes sense to you to be your password there. That's the third step. When you change these passwords in your gateway account, you want to add them into the password manager as well. But even if you're bypassing the password manager account, you can get a lot of sort of bang for your buck. You can go a long way to protecting yourself just by upgrading all of your passwords and changing your passwords on these gateway accounts.

Now the fourth step in the security overhaul method that I'm recommending is to enable Two-Factor Authentication. You may be familiar with this. This is when you might log into a bank account and they send you a text message or you log into some account and you've got a string of numbers that pop up on your phone and you need to put these in.

What two-factor authentication is, it's when you combine something that you know, which is your password, with something that you have, which is access to a string of numbers that are created in a certain moment that you can then put in when you're logging into an account. There are different apps that you can get for this on your smartphone, things like Authy is one, Authenticator is another. Or if you're using 1Password, it's actually got one built into it, which is quite good and helps streamline a lot of this as well.

This is an overview of how I've gone about upgrading my cybersecurity. I think it's really simple. It doesn't have to take long. I think you could implement all of this in under 30 minutes, and if you apply the 80/20 rule here and just focus on the accounts where you stand to lose the most. If you were to get hacked, I think you can go a long way to ensuring that you are protected from the worst kind of hacking that could have.

Now if this sounds too complicated to you, just simplify it. If that's too complicated, just go and upgrade your passwords and make sure you're using unique passwords for everything. I would strongly recommend that you get away from having a little notebook or a spreadsheet with your passwords written down in it. I think that's risky because if that gets found, then you're going to be in a world of trouble because all of your passwords will be able to be exposed. Make sure you use different passwords for different tools, use two-factor authentication. It's really simple. It doesn't take long, and it can be set up in lots of different ways.

I think these authenticator apps are really good, and again, this is just a good way to apply the 80/20 rule and get more bang for your buck with your cybersecurity.

That's an overview of cybersecurity and a few things that you can do in the next 20 or 30 minutes to really ramp up your security and protect yourself from these threats. 

Now, if you found this useful, if you're enjoying the show, something you can do to help me out a little bit would be to subscribe to the show. If you're watching this on YouTube, you can subscribe to the YouTube channel and you can like the video. If you're listening to this on Apple Podcasts, you can rate the show. I think if you can give it a five-star rating, that would be absolutely fantastic if you think it's worth that. Same with Spotify and so on and so forth, or at the very least head over to TheGrowthBooth.com and make sure you get the show notes and the different resources that I'm sharing with this episode.

Remember, this is episode number 24, and while you are at TheGrowthBooth.com, subscribe using the email form so you can get updates about the latest episodes that we've released.

That's a wrap for this episode. I will see you on the next episode where we're talking about how you can turn your passions into massive profits.

See you next time.