Stop using passwords. Start using these

It used to be that a super short, super cryptic password was the bee’s knees at keeping people out. Of course, these types of passwords kept us out, too, because we could never remember them!

Unfortunately (or fortunately, depending on how you look at it), this kind of short passwords aren’t much more than a speed bump these days.


Today, use a passphrase instead of using a password.

The difference is how it sounds. A password is generally just a word. Short and to the point.

A passphrase is a phrase made up of multiple words chosen at random, with spaces or other special characters or punctuation you like.

But, a passphrase includes words! I thought that wasn’t allowed?

Ok, I am going to confuse you for a second here. Words still aren’t cool in a password.

When it comes to a passphrase, however, things are a little different. Because you need to string together many words to make a passphrase (and these words are random), the overall length becomes so long the length offsets the problem of using words.


Ok, so how do you build a passphrase?

At its base, a passphrase is at least six randomly chosen words with spaces or other special characters in between.

How you choose those words is up to you; however, they must be random.

One method to choose these words we recommend is called Diceware, a technique developed by Arnold G. Reinhold. 

It creates secure passwords that are easy to remember but extremely difficult for hackers to crack. (If you’d like more information on how to use the Diceware method, you can find more information on this page.)


Why six words?

We start with a minimum of six words because this number of words usually results in a passphrase of 17-20 characters or more. In 2019, at 17-20 characters, the passphrase took a significant amount of computing power to crack.

No matter which method you use to choose your random words, it is possible to develop a 6-word passphrase that’s less than 17-20 characters. If this does happen to you, then it’s best to start over until you create something with 17-20 characters or more.

Of course, if you want to use more than six words, you are free to do so! More words would mean an even stronger passphrase.


A few things to keep in mind

If you don’t use the recommended number of words in your passphrase, or the total number of characters is less than 17-20, then the length is too short. When this happens, the problem of using words becomes a real problem.

It’s essential to keep things random. If you use phrases or words that go together, your passphrase becomes much more guessable because phrases are predictable.


Wrapping it up

How do you create your passwords? Your action item here is to evaluate how you could generate stronger passwords.

Try creating some passphrases and see if these will work for you. If you’re worried about remembering your passphrases, don’t be. Next, we will have a tip for you on how to remember your passphrases!


Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?


Finally, the best way to backup data

One of the best ways to protect yourself and your business against many the best way to backup your datacybersecurity incidents is backing up.

If you read the previous article, you would have learned some of the most common things people do wrong when it comes to backups.

This week, I wanted to help you further improve your backups by sharing the strategy I think is the best way to backup data.


What is this strategy?

The strategy I use is what I call the 3 2 1 backup plan. If you’ve read on how to backup data before, you may have heard of it. However, I’ve updated it in several places due to the cyber risks we face today, specifically the emergence of ransomware.

The 3 2 1 backup plan goes like this:

3 2 1 Backup Strategy


Have at least three copies of your data

Initially, this can seem like a lot of work. Why wouldn’t one be perfectly fine? Well, yes, sort of, but.

One copy will achieve the goal of backing up your data. This is true. However, it won’t make for a quality and resilient backup.

That’s because it still leaves you vulnerable to data loss. If anything happened to that one copy, such the hardware died, someone breaks or misplaces it, or it’s lost in a flood, you stand to lose it all.


Store at least two of these copies on different storage media

Not all types of storage media are created equal, and they don’t last forever. They all have different failure rates and expected lifetimes. (For expected lifetimes of various media, check out this neat infographic)

To make things even more complicated, how often you use them, how you handle them, and how you store them can also affect how long they’ll last. Then, of course, there is the issue of getting a bad batch of media that fails out-of-the-blue, leaving you without access to your data.

The idea is that you don’t want to put all your eggs in one basket. Just like how you wouldn’t invest all your money in a single stock, by diversifying your backups across different types of storage media, we are hedging against losing everything in the event a kind of storage media fails or becomes unrecoverable. 

One new type of storage media (which can be referred to as a storage solution as well), is cloud storage. Cloud storage is becoming increasingly popular and can be a cost-effective and easy solution to backup your data. 

The primary con to point out here is that the cloud is just someone else’s computer. You don’t control that backup or your access to it. There is always the chance it’s unavailable, or completely gone, in the event you need it. 

Two other cons to point out: depending on the provider, your backup could still be vulnerable to ransomware (more on this below), and if you lose your Internet connection, there isn’t a way to retrieve your backup.


Keep one copy off-site and offline

Having your backups close at hand is great if you need to restore something quickly. However, they don’t do you any good if you suffer a flood, fire, or theft.

An off-site copy will ensure that no matter what happens to your primary work environment, you still have a copy you can use to recover. 

This is even more important for those who don’t have a permanent office or are continually traveling (such as consultants) — moving about increases the risk of accidents, forgetfulness, and theft, resulting in the loss of not only your laptop or devices but their backups as well.


Why off-site and offline?

If you’ve heard of the 3 2 1 backup plan before, you might recognize that there is usually one backup off-site, and that’s it.

The reason this needs to be updated is the risk of ransomware. It’s common to use cloud storage or another office’s computer systems to store a copy to achieve the off-site requirement.

However, using cloud storage or copying a backup to another computer system located in a different physical location still leaves your copy vulnerable ransomware, due to the fact it’s still online. 

I’m also not saying here that you shouldn’t use cloud storage or backup solutions. The cloud can be a cost-effective and easy solution to backup your data. However, many cloud storage services work by syncing a folder on your computer. 

This behavior makes it possible for ransomware to encrypt that folder, and for your cloud storage software to then sync the encrypted files to the cloud, overwriting the originals and rendering the backup useless.


Implementing the 3 2 1 backup plan

The 3 2 1 backup plan is a great way to ensure your valuable business data is available. However, like everything else in life, it’s not perfect.

The best way to implement it is first to take the 3 2 1 backup plan and combine it with the recommendations from this article. Then, tailor to what will work best in your business, create your processes, and start backing up.



You invest a lot in your business. Investing the time, energy, and capital into implementing a robust backup method is like investing in an insurance policy for your files. Ensuring that when a disaster or accident does strike, you can restore and resume operations as quickly as possible without losing your critical data.

Are you using the 3 2 1 backup plan to backup your files? If so, leave a comment below and let me know how it’s working for your business!

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?


Avoid the 5 Biggest Mistakes: How to be Cyber Secure Working From Home

how to be cyber secure working from homeWorking from home or places other than the typical office setting is becoming much more common. Many companies are adopting a remote-work first culture. The rise of the gig economy and self-employment is fueled in part by the ability to work from anywhere. 

However, being successful at working from home isn’t just about productivity, and being able to do your job the same as if you were in an office. Being successful at working outside of the usual office is also about being able to overcome the work from home cyber security issues. Ensuring you are continuing to protect your work and your business. 

When working for a company in a traditional office, we can take for granted the cybersecurity comforts of this environment and the fact that it protects us long before we ever start working.

The physical security of the office protects our laptops and documents from espionage and theft. The established company network has enterprise-grade security tools installed and people monitoring it for threats. Your computer web browsing activity is filtered and protected.

However, once we leave the office, we leave all of this behind. Once we’re in the gig economy, or self-employed, all of this becomes our responsibility. Our laptops and documents are as safe from espionage and theft as we make them. There is nobody else looking out for us or our networks. There is nobody to call and no web filtering to step in to stop you if you accidentally click on a malicious link.


How to be cyber secure working from home

However, this doesn’t mean we’re stuck. There is a lot we can do to protect ourselves, our computers and our information. Whether you’re self-employed or even work from home occasionally for a large corporation, a lot of the tips in this article can still apply.

Keep reading for some tips on how to be cyber secure working from home!


Practice good Cybersecurity Hygiene

There is no way to overstate the importance of good cybersecurity hygiene once working from home. Cyber Hygiene is your first line of defense when it comes to protecting yourself.

Good Cybersecurity Hygiene includes 

  • Using strong passwords or passphrases and a password manager
  • Setting up Two-Factor Authentication (Also called Multifactor authentication)
  • Learning how to detect phishing emails and be aware of scams and malicious links
  • Installing updates for your computer and software regularly
  • Install a good antivirus

If you’d like further details sone of these topics, we have a free email course just for you! Click Here to signup!


Use safe networks

Typically, in an office, the network provided by the company has security built into it. Outside of that office, though, is a different story.

Using networks that you know are safe (Not the public WiFi at the local coffee shop) will go along way to protecting your computer and data. 

If you must use unsafe networks, use a VPN. A VPN won’t wholly secure you, but it will help protect you from the hazardous network you’re on by tunneling your traffic to a server outside of that network. 

At home, ensure you’ve securely set up your router, and have a strong passphrase for your WiFi. If your router has a firewall, then make sure that it is enabled as well!


Be conscious of your workspace choice

It can be exciting to explore your new freedom being able to work from anywhere and start working from many new places. However, not all the areas that you think you can work from are good workspace choices.

Even if you’re not going to use the WiFi, you still need to be cautious of where you work. Someone can steal information from you by reading your screen over your shoulder, watching you type, or overhearing your conference call.

When you choose a place to work, look around, and ask yourself a few questions:

  • Can anyone read my screen? Not just in the building, but is there a window behind me that gives a view of my screen?
  • Could someone read or snap a picture of the papers or notes I have on my table without me noticing?
  • Is there anyone in earshot? Is this an appropriate location to discuss the topics I have to talk about today?
  • Is the ambient noise at a higher level? Am I going to need to raise my voice on the phone? If so, will that cause anyone around me to be able to listen to the conversation?
  • Is there the possibility of someone interrupting me and being able to read or hear things they shouldn’t?


Lock everything up after work

In the office, we can take for granted the security that protects the documents and computers we have.

Outside of the though, that protection is up to us. After you’ve completed your work, documents and laptops should be secured and protected.

If you’re working at a co-working space today, and plan to meet up with friends at the bar afterward, consider how you’re going to secure your laptop and documents after work. 

Leaving them unattended at the co-working space, or unattended at the bar exposes them to potential espionage and theft.  

When from home, we can tend to leave everything out, the same as if we were in the office.

However, if you were to leave documents lying out on a desk or allow someone else to use your computer during non-work hours, they could have access to materials and information that they otherwise shouldn’t be able to whether with or without your knowledge.


If you need to leave it, lock it up

Of course, we can’t sit and do 8 hours straight of work without having to get up to go to the bathroom or fill the coffee cup.

Since you probably don’t want to take your laptop and documents with you each time you go to the bathroom, ensure they’re secured before you go.

Use a laptop lock to lock your laptop to the desk, so it’s still there when you come back, and it doesn’t become stolen.

Set up the lock screen on your laptop. Each time you leave, lock the screen so that someone can’t simply lift the lid and start browsing through your files while you’re gone.



Working from home can be a lot of fun, and provide a different perspective on the workday. However, while being productive is important, its also essential to consider your cybersecurity.

We can take for granted the cybersecurity comforts of being in the office. 

Have you been working in locations other than the usual office? Let me know in the comments how you’ve been ensuring you’re cyber secure!

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?


Six things you’re doing wrong when it comes to backups

No matter how agile your business is, or how good your employees are, one backupsaccidental tap of the “delete” key on your customer database, or one ransomware infection could cripple (or worse, end) your business.

There has to be a way to avoid this, right?

There is! It’s called backups.

I know, I know, I can hear the groans. Backups? We already do those!

You might be backing up already, but I bet you’re doing it wrong.

See, most people and businesses know they need backups, but don’t back up at the right frequency or do one and then put doing more off entirely. 

Or they think that their yearly backup is sufficient to get them back on their feet and never test it until ransomware has taken out all their computers, only to realize that their backup is too old or doesn’t work.

So, how could you be doing backups wrong?


Only doing full backups

When most people think about backups, they think about full backups. 

These backups are where you include everything on every computer, device, and online storage you have. It would be best if you also created full backups of the configuration of IoT devices, online account settings, and files.

A full backup is what you would use to restore each computer, device, or account from scratch.

While full backups are the best to recover when things go south, with data changing so rapidly and the amount of time and effort it takes to do full backups, they’re not always feasible to do regularly.

That’s where incremental backups come in. 

Incremental backups only backup changes since the last full backup. They’re beneficial because they’re much quicker (so you can do them more often) and usually smaller. 

If you use backup software, you shouldn’t have to worry about the full and incremental backups (of course, confirm with your documentation!). Your software will usually do a full backup every so often, and then use incremental backups to keep updating that full backup. 

However, if you’re one of those that backups files by hand, be sure to start doing both full and incremental backups!


Not backing up frequently enough

Of course, you should backup as often as you can since the more you update your backups, the less information you’ll lose in the event of an issue. Though, doing that is not always realistic. 

That’s where using a combination of full and incremental backups at different frequencies can help.

The idea is to take full backups at regular intervals and then at shorter intervals take incremental backups to adjust for changes.

The most common recommendation is to complete full backups every month, and incremental backups every week. 

Ultimately though, you should choose a backup frequency that works for your business and will give you the best head-start if you need to rely on that backup.

Some things to consider when choosing a backup schedule:

  • The data on each computer or device, its importance, and how frequently it changes.
  • The chances of something happening to your computer or device.
  • The amount of data you could lose and still be able to operate effectively.

The more critical the data is to your business, and the less data you could afford to lose and still be able to operate, the more frequently you should backup.

For example, if you have a computer that only provides read-only access to historical records that never change, and each backup would be identical, then full backups each month probably aren’t the best use of your time.

However, if you use one laptop for your entire business and you’re prone to forgetting it at coffee shops, then at least daily incremental backups are a good idea.


Not creating offsite backups

In today’s world of access to the Internet everywhere and always-available online services, it’s easy to forget that the real world is fallible.

Fires, floods, natural disasters, break-ins, and thefts can and do happen.

Believe it or not, storing a backup in an offsite location could be your saving grace in one of these situations. It won’t help you avoid any of these issues, but the moment your office suffers a fire, or all your computers stolen, you’ll be glad you have another copy of your data elsewhere. 


Not creating offline backups

Just a few years ago, creating backups and storing them on a network-connected storage drive was sufficient. 

However, with ransomware steadily increasing (XX% in 2019!), things have changed.

These days, if you were to leave your backup on a network-connected computer, and your network becomes infected with ransomware, that ransomware could end up encrypting your backup. 

If that happens, you’d be unable to restore your computer using that backup. You’d be in the same situation as if you didn’t backup at all.

Talk about a waste of time!

The best way to protect against this is to keep a copy of your backups offline. Not just on a computer or device that is powered off, either. But on a device (such as a portable hard-drive) that is unplugged from power and your network.

That way, there is a reduced chance of the backups accidentally being encrypted in a ransomware infection because someone turned on or plugged in the backup drive.


Not testing backups

Of those that do backups, few test those backups.

When I say testing backups, I don’t mean testing that your backups are completing successfully, but testing that the backups you’ve made are going to work to restore your computer. 

That way, when you need them, you know they’re going to work, and you can quickly restore and get back to business.

Don’t wait to test your backups when you need to restore!


Not encrypting backups

One final thing you’re probably doing wrong with your backups is encryption. If your backups include any confidential or sensitive information, it’s essential to encrypt them before they’re stored. 

The main reason here is loss or theft. If the hard drive containing your backups is stolen or lost, there is a reduced chance of your confidential or sensitive information getting into the wrong hands.



Now while most the backups here are dependent on your risk level, many of them are essential regardless.

Are you doing backups correctly? Leave a comment here and let me know if you are going to be adding anything to what you do for backups!

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?


Solve the top cybersecurity risk by doing this one thing

Do you know what the top cybersecurity risk for many organizations is?top cybersecurity risk

If you said patching, vulnerability management, or email, you’d be wrong.

The top cybersecurity risk for many organizations is the human factor. 

Yet, for many organizations, working on the human factor and embedding cybersecurity into your people’s decision-making process is always left for “another day.”


Why should you build a culture of cybersecurity?


In cybersecurity, we’re used to being reactive. Cleaning up a malware infection, regaining control of an account that an employee gave away the credentials for, the list goes on.

A culture of cybersecurity is all about being proactive. Just like we’re used to doing in our safety culture.

What if employees were empowered to think cyber-secure before they act, never compromise cybersecurity for quick results, and apply cyber-secure practices in every task completed?

Would this proactive approach give you better confidence that your business is cyber-secure?

If you’re still on the fence, consider this:

Proofpoint, a cybersecurity and compliance company, found in its 2019 Human Factor report that 99% of the cyber attacks they analyzed required human interaction to execute.

That means that of the attacks they analyzed, only 1% didn’t require someone in the organization to take some action. Imagine if we could stop just some of these actions. Would that reduce our risk?

By encouraging employees to report unsafe cybersecurity practices, we can also reduce the risk of internal threats as well. In 2018, the numbers were climbing when it comes to internal threats, too: 54% more organizations recorded a growth of insider threats in 2018 (ENISA Threat Landscape Report 2018).


We’re not talking about just writing a policy and having the CEO promote it at the quarterly town hall. 


We’re talking about working to ensure everyone includes cybersecurity in every decision they make.

That includes everyone from the CEO, down to the front-line workers.

Encourage the cyber secure and cyber-safe behaviors you see and take action to implement corrective actions for the cyber-unsafe practices you also see.


Leadership modeling cybersecurity solidifies buy-in.


One common misconception is that cybersecurity is just for the “workers.” Unfortunately, everyone in an organization plays a collective role in the organizations’ cybersecurity.

Any effective culture stems from employee buy-in. However, to achieve that buy-in, employees need to feel that the desired outcome is believed and practiced by leaders in the organization.

Leaders are the ones who set tone in an organization. They model what is acceptable and valued in an organization. In other words, you need to practice what you preach. If leaders require employees to practice good cybersecurity behaviors, then leaders should as well.

Understanding this from the executive level will remove the barriers in promoting and enforcing the culture change and demonstrate that doing work in a cyber-secure manner is a priority from the top down.


Why should I start from the top? Why can’t I delegate building a culture of cybersecurity?


Many organizations delegate the task of cybersecurity to a team within IT. From there, that team will implement the “task” of increasing the organization’s awareness of cybersecurity through usually one yearly awareness training exercise.

The issue with this approach is that cybersecurity made into a compliance task. A task to quickly complete the yearly training module, and then it’s back to the old habits.

It shouldn’t be a surprise that cybersecurity is a process of continuous improvement, just like other organizational issues such as safety. Why not continuously monitor and promote good cybersecurity behaviors year-round, and reinforce those that are going to protect your employees and your company?

Not only that, but cybersecurity needs to be taken into account in all decisions, and coaching right from the top down. Having the executive level down to the front-line workers participating ensures no gaps are leaving you vulnerable.


How can I begin creating a culture of cybersecurity in my business?

Develop a system to encourage positive cybersecurity behaviors and correct negative behaviors

It can be built effectively by using the same approach as done with safety. Encourage the cyber secure and cyber-safe behaviors you see and discuss the practices and corrective actions that are not.


Include cybersecurity in performance reviews

Document how active employees are at practicing good cybersecurity behaviors in their daily work within their performance reviews and include KPIs to measure.

Different than the usual generic compliance training, this allows the employee and their leader to identify specific gaps and find training specific to those topics.


Provide mandatory cybersecurity training for new hires.

Not everyone that comes into your organization is going to have top-notch cybersecurity skills. Including cybersecurity in new-hire training can help ensure all employees start at a baseline. It is also the first place where you can educate on how to report suspicious behavior or incidents, and get help.


Implement cyber-safety moments

Do you have safety moments at the beginning of your meetings? Encourage the addition of cyber-safety moments.

What’s critical here is to provide a copious amount of cyber-safety moments for your employees to use. The more comfortable you make it for people, the higher the probability it will catch on. 

Plus, they’ll still be learning even if they didn’t come up with the cyber-safety moment.

What are some cyber-safety moments you could write?

  • Basic hygiene (Examples are: passwords, emails)
  • Examples of publicly-reported breaches or near-misses in your industry, or related industries
  • Success stories in avoiding breaches or cyber incidents due to the action of employees in your business reporting suspicious activities or practicing cyber-safe behaviors
Mentor top-level management, and business leaders 

As we’ve mentioned above, culture change starts with everyone living and breathing it, from the top down.

Educate management and leaders on good cybersecurity behaviors. Actively mentor them on implementing these behaviors in their daily work and mentoring their direct reports to do the same.


Summing it up


If you’re looking to start combating the top cybersecurity risk of the human factor in your organization, developing a culture of cybersecurity is one way to work towards it.

Have you developed a culture of cybersecurity in your business?


Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?


Do You Have a Cybersecurity New Year’s Resolution?

new year resolution

The new year is here. You’ve already started working toward your New Year resolution for this year. Did you include a cybersecurity resolution?

If not, why not? 

If nothing else, what we’ve seen from the past few years is that with the increasing amount of information about ourselves that we share online, and with the rate cybercrime is increasing, it’s only becoming more critical that we protect ourselves. 

Regardless of who you are, what you do, or how much you use the Internet and connected devices, cybersecurity shouldn’t be an afterthought. 

So why not use a New Year’s resolution to make some headway on your cybersecurity?

Why add cybersecurity as a New Year’s resolution?

No doubt, you already knew that creating New Year’s resolutions could be useful. One reason for this is because the new year feels like a fresh start and a clean slate.  

We already have the sense that the new year is an opportunity to enact whatever change or self-improvement we desire.

If you’re not so sure a New Year resolution is useful, consider this study conducted by researchers at the University of Scranton.

They found that at six months into the new year, 46% of the people they studied who made a New Year’s resolution were continuously successful compared to only 4% of those who did not.

They found that those who made a New Year resolution were ten times more likely to achieve the changes they set out to make compared to those who wanted to change but didn’t create a one.

Another reason is that a New Year’s resolution also affords us the time to plan and easily track on any calendar. Are you halfway to your goal in June? Not sure how long you have left – Total the months or days left in the year!

What to Choose for a New Year’s Resolution

Especially if you’re only starting to work on your cybersecurity this year, choosing a resolution can seem daunting. Where the heck do you start?

One good starting point is to look at an area of your cybersecurity that you haven’t focused on much. Choose one thing from that area to focus on that you know will help improve your cybersecurity.

Another good starting point is to complete a cybersecurity assessment or have a look at one you’ve done previously. Choose one of the higher-rated items to focus on for your resolution this year.

4 New Year Resolution Ideas

A cybersecurity resolution can be but doesn’t need to be lofty. If you’re still stuck, think about starting with something simple like the new year resolution ideas below:

  • Make a complex password for every new password created this year; Change all your passwords to be different at every site and keeping them that way. Have a hard time remembering passwords? Check out: Two Simple Tips to Remembering Passwords
  • Review the configuration of all existing and new devices bought during the year (the wireless router included!) to ensure the security settings are set as secure as possible.
  • Read and review each of the Terms of Service and Privacy policies for all of all cloud and online services you use to understand how they affect your security and your privacy.
  • Review every social media post to make sure none reveal anything they shouldn’t.

It’s important to remember that when choosing a resolution, it should be realistic, specific, and something that you know you can achieve. Even if it’s lofty, it should still meet these criteria.

A New Year Resolution Needs a Plan

Of course, a New Year resolution by itself isn’t going to get us anywhere. They require work to achieve success, and a great way to achieve success is to plan!

Once you’ve decided on what your New Year’s resolution is going to be, the next step is to set up some goals.

When we set up our resolutions each year, we like to break them down into multiple SMART goals, each of which we intend to meet throughout the year.

Setting SMART Goals

SMART is an acronym that stands for:

  • Specific
  • Measurable
  • Attainable
  • Realistic
  • Time-Bound


The goal has a particular outcome in mind and isn’t something general. 

For example, if you’re going to change your passwords to be different at every website, then your goal could be specific by saying that you’re going to change 4 per month.


You can write down concrete criteria to measure your progress towards the goal.

For example, you can note the running total of how many passwords you’ve changed, or note down 12 groups of 4 and cross them off as you work on them each month.


Being attainable means that the goal is one that you are reasonably confident that you can achieve. It also helps if the goal is something you have control over. If not, the goal could become much harder to attain or become unreachable entirely by factors out of your control.

It can also help if the goal is something you have control over.

For example, stating that you’re going to change all your passwords in 1 month when you know you won’t have the time or the task itself seems daunting might leave you frustrated and without the motivation to continue. On the other hand, stating that you’ll change four might make the goal much more obtainable.


The goal is something you are not only able to work towards but one that matters to you and that you are willing to put effort towards until it’s complete.

For example, you aren’t too concerned about the strength of your passwords, changing four each month might slowly slide down the to-do list until it eventually sits at the bottom for the rest of the year.


The goal needs to be bound to a timeline. Setting a timeframe to your goal not only creates a sense of urgency around reaching the target, but also provides a marker to march toward and aspire to achieve.

For example, if you’re changing all your passwords, not only will all the changes be completed by a specific date, but commit to changing a number by the 15th of each month.

How Many Goals Do I Need?

The number of goals you want to set is entirely up to you. 

We like to break down our resolutions into several smaller goals that we can achieve during the year. It gives us measurable results at shorter intervals and helps us keep the motivation by seeing the small achievements along the way.

Let’s make this the year you do something about your cybersecurity

Make a security resolution, set some goals, and follow-through. The return on your investment of effort may not be as immediate as you’d like. However, when you do see that return and avoid becoming compromised in a cyber-attack, you’ll be glad you took the time to put in the effort. 

Have you made New Year’s resolutions to improve your cybersecurity this year?

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?


Free Email Course – Jumpstart Your Cyber Security

The new year is all about making changes to have a better year ahead.

If you’re looking to start the year off by starting to get the year off right by learning how to improve cybersecurity, then we have something that might help!

We are proud to announce the launch of our new free email course, Jumpstart Your Cyber Security!

We’ve been busy putting the finishing touches on it and are excited to launch it to help anyone jumpstart their cybersecurity!

In the course you’ll learn:

  • How to improve your passwords while making them easier to remember
  • An easy way to avoid one of the barriers to creating and using strong passwords
  • One way to make your password logins even stronger
  • How to click with confidence and know when an email is out to get you

Sound great? Exactly what you need? Perfect!

To signup and begin receiving the email course, click on the following link and enter your email address!

Click Here to Register for the Jumpstart Your Cyber Security email course!

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?


3 Mindset Shifts to Improve Your Cybersecurity

I’m sure it’s not surprising that cybersecurity isn’t a destination, but a process of continuous improvement that’s always evolving.

If cybersecurity is constantly evolving, then how could we possibly learn how to keep ourselves cyber secure?

By using a mindset shift

Shifting away from looking at cybersecurity as a task to be completed, or a problem to be solved and towards a continuous process of analyzing whatever situation we find ourselves in along the way and making the best cybersecurity choices.

Does that seem crazy?

Mindset shifts to improve your cybersecurity? Doesn’t make much sense, right?

Think about your personal safety in the real world. Do you put a lock on your front door and call yourself safe? Or do you analyze if its safe to cross the street, make that left turn in your car, or jump off that cliff into the lake below?

Some of this analyzing might be second nature or subconscious, sure. But you’re still analyzing each situation and making a call based on the safety risks you find.

The goal is to begin doing the same for cybersecurity and shift our mindset to thinking this way.

There are three mind shifts we need to make. What exactly are they? Lets look at them below:


Mind Shift #1: Stop thinking of cybersecurity as tools and methods

Most of the traditional cybersecurity advice includes what tools and methods you should be employing right now. Tools such as Antivirus or Multi-Factor Authentication and methods such as how to identify phishing emails are all important.

While these are good right now, at the end of the day they’re all solutions designed to reduce certain cyber risks. They’ll also change as technology or your situation changes.

How do you know how many tools and methods you need, and which ones are applicable to your situation? How do you know how much security is acceptable?

The first mind shift is to understand that cybersecurity tools and methods are solutions to reduce certain risks, such as flu shots are solutions to reduce your chances of getting the flu, or seat belts are a solution to reduce your chances of getting seriously hurt in a car accident.


Mind Shift #2: Start thinking of cybersecurity the same way we think of safety

You wouldn’t leave your home with the front door unlocked, leave your tax returns or personal documents in a public place or cross the street without looking to ensure its safe to do so. So why would you do that on the Internet?

Just as we evaluate each situation we find ourselves in to ensure we’re safe in the real world, we need to shift our perception of cybersecurity from the idea that we can’t “see” the risks, so we don’t need to worry about them to the idea that even though we can’t “see” any cyber risks, there are still some there and we need to be able to identify them for ourselves.


Mind Shift #3: Not everyone has the same risk or cybersecurity needs

While everyone has the potential to be a victim of cybercrime, the more we share, communicate and integrate our lives and businesses with the internet the more we open up ourselves to the risk of being caught up in cybercrime.

While for most of us the risk is manageable, there are many factors which can increase your risk level and make you a more appealing target to cybercriminals. Some of those factors include:

      • Wealth
      • Business Status
      • Publicity, Fame or large social media followings
      • Frequent travel
      • Internet-connected  Technologies or Internet of Things (IoT)
      • Business or domestic employees

The traditional cybersecurity advice intends to cast the widest net as possible and secure the most people possible. The goal of the third mind shift is for you to understand what your personal situation is, and what in your life might be exposing you to cybersecurity risk. Then you can employ the tools and to reduce the risk most applicable to you.

Of course, the list above isn’t exhaustive. It’s meant to get you thinking and considering all aspects of what could impact your cybersecurity, both online and offline.

So, how can we shift our mindset? Stay tuned for our next post!

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?


6 Factors That Can Increase Your Cybersecurity Risk

The Internet has become a mainstay in our lives in recent years. With that trend, it should be no surprose that there are some factors that can increase your cybersecurity risk.

While everyone has the potential to be a victim of cybercrime, not everyone has the same chances. The more we share, communicate and integrate our lives and businesses with the internet, the more we increase our chances.

While for most of us the risk is manageable, there are many factors that can increase your cybersecurity risk level and make you a more appealing target.

#1 Your Wealth

It should be no surprise that cyber attackers are interested in those with lots of wealth. While there are other motivations, one motivation of cyber attackers is financial gain. Those with obvious wealth are prime targets because it signals that there is a high chance of a good payday.

#2 Your business status

Companies usually have significant resources to dedicate to protecting themselves. 

Cyber attackers are keying into this. Instead of attacking companies directly, they are turning their focus to key individuals within those companies. Key individuals are those which have the access, authority or influence to help carry out the cyber attackers’ intentions.

These roles may be in the target company itself, such as executives, finance or accounting, IT, vendor relations, etc.

They could also be at other companies related to the target, such as trusted partners which could be used as a gateway.

#3 Publicity or Fame

If you are a public or famous individual, there are the people who love you and those that don’t love you as much. 

Especially if you create photos or videos for social media, revealing too much information even only a couple of times can give a cyber attacker enough to put the pieces together.

This goes further than your location as well. Confidential and personal information could be hiding in the background of photos or videos.

#4 Frequent Travel

Nowadays we’re so connected, almost any coffee shop, restaurant, and hotel now offers free WiFi. However, cyber attackers are wise to our need to stay connected.

There is the possibility they could be monitoring the WiFi and stealing the information going across it. They could be sitting behind you reading your screen over your shoulder. They could even be stealing your devices out of your hotel room while you’re out enjoying the pool.

#5 Lots of Tech

Lots of unsecured internet-connected or IoT (Internet of Things) tech can be a haven for cyber attackers. They can use them to create botnets, as a foothold in your network, or as they were intended (such as a camera) to monitor your movements.

#6 Employees

Even though employees may not have the same access, authority or influence as an some in an organization or household, they can still be a target. A cyber attacker can use them to access your network. They could use them to access those that do have access, authority or influence, or to achieve the cyber attackers’ goals by other means.

Regardless of whether they’re business or domestic employees, a cyber attacker can use them to obtain information and access to you or your network.

Whatever you do online could impact your finances, reputation, career, business and even personal safety. Protecting yourself and being mindful of the factors which can increase your cybersecurity risk can help you reduce the chances of getting caught up in cybercrime.

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?


Here’s Why You Need to Level-Up Your Cybersecurity This Year

Remember the days when a household would have one computer, and that was only if you were fortunate enough to have one?!

The days when we didn’t do much on a computer other than sending emails with funny cat pictures, and motivational sayings? When leveling-up your cybersecurity wasn’t much of a concern?

Today the average household has not only one, but a growing number of connected devices. A survey in 2016 by Business Insider estimated that by 2020, there would be more than 4 devices for every person on earth! (Source)

Not only is the number of devices growing quickly, but they’re growing smarter as well. As they become smarter, do more tasks for us and become a more integral part of our lives, the bigger the consequences could be to you and your business if they were to be hacked, stolen or under the control of an attacker in some way. 

You’re probably thinking:

 “Yeah, so what. I don’t have any sensitive information. Attackers would want to go after a company, not me. I don’t need to level-up my cybersecurity.”

And, partly that is right. Companies would seem like a much more lucrative target.

The problem is…

While we are becoming more tech-savvy, so are cyber attackers. They’ve recognized that while large companies have become better at protecting themselves, individuals haven’t had the same opportunity. 

Cyber attackers are increasingly targeting individuals because it is easier, more profitable, and requires less investment. The chances of their attack failing are also much lower than going up against the defenses of a company.

Ok, but what if you think you don’t have any sensitive information? Should I still level-up my cybersecurity?


#1 Not all sensitive information is obvious

With convenience comes a lot of sensitive information, though not all of it is obvious. 

Not all of this information is what information give to a device or store on a device (such as your email or passwords). But what these devices collect as well (such as your location, or usage patterns).


#2 Attackers aren’t just after your information anymore

While they will take any sensitive information they can get from you to resell later, your information isn’t the only thing attackers are after. 

They may want you to do something for them. Such as initiating a fraudulent payment transfer or purchase gift cards and send them the numbers on the card.

They may not want anything from you at all, but instead, use your access and influence for another goal. If you are a trusted partner or executive of a business, they may use your influence to get that business to re-route payments to the attackers’ bank account. They could also use your accounts to publicly humiliate or damage your reputation.

They could even just use your devices as a jumping-off point in part of a larger attack.


#3 Being cyber-aware is becoming an advantage

Employers are becoming more concerned with their employees’ susceptibility to cyber-attacks. Some even review social media as part of the hiring process. 

It is also only a matter of time before customers start to prefer companies who are cyber secure or cyber aware.

Being cyber secure yourself will ensure that your online presence doesn’t reveal more than you’d like. It’ll also enable you to translate that cybersecurity to your job or business and do your part in keeping what you do for a living cyber secure.


#4 Setting and forgetting doesn’t work – technology and attacks are constantly changing

Being cyber secure isn’t just changing your passwords once, or buying antivirus and forgetting about it. 

Whatever tools and tactics we use to keep ourselves cyber secure today won’t be the same in another decade, nor will cyber attackers be using the same tactics against us either.  It is about being able to adapt and evolve your cybersecurity as situations and technologies change and evolve. 


#5 No cybersecurity is perfect, stuff will fail

Of course, no cybersecurity is perfect. Good cybersecurity practices will help you create a plan for what to do when everything fails. When your passwords are stolen or information is breached and help decrease the stress when this happens because you have a plan to respond.

It’s no surprise that cyber attackers are becoming more tech-savvy and are increasingly targeting individuals. Protecting yourself and being mindful of your cybersecurity can help you reduce the chances that whatever you do online could impact your finances, reputation, career, business, and even personal safety.

Are you planning to level-up your cybersecurity this year?

Interested In More?

Join our newsletter to learn more and get regular updates! Did we mention it's free?

Share via
Copy link
Powered by Social Snap