Hello everyone, my name is Cass and I’m concerned about cyber security. Not just my own, but yours too.
Everyone from state-sponsored professional hacking groups down to pimple-faced teens with too much tech and time on their hands are keen to steal what you’ve earned. By the end of this article, I would like you to understand your own personal cyber security better and inspire your own creative thoughts around security. In the end, it is only ourselves that are truly responsible for our personal security.
First, some more about me, I’m a member of the Byte Mason’s security team and I specialize in organizational and operational security. I’ve spent the last decade working as a quality assurance engineer and I have formal training in network administration and enterprise-level systems administration.
PerSec for each Person
Now that I have introduced myself, let’s talk PerSec, or Personal Security. The first thing you should know is that the most significant risk to your personal security or assets is YOU. If you get nothing else from this article, make it this. From the dawn of time, most hacks have required some form of social engineering. This involves someone unwittingly handing over private information to an attacker. This fact will never change, and crypto cannot solve it.
As cryptography gets better and PerSec tooling gets stronger, hackers will get more determined and creative. You must learn to think adversarially and match their creativity with your own. It’s almost as if you’re playing a game of chess. You are trying to outsmart your opponent by understanding every possible move and then planning ten moves ahead.
As web3 continues to grow and early adopters amass wealth, they will increasingly become targets, and personal security will gain importance. People will become self-sovereign by bringing large portions of their life savings into crypto. Before bank accounts, people had to protect their belongings, and if you’re managing your own private keys, it’ll be much the same for you.
Tips of the Trade
We need to continue to be mindful of the risks and how we can try to mitigate those risks. I would like to provide you with a few helpful tips (in no particular order) that can start you on your journey to a better PerSec:
- Password Security: Password security is crucial. And I\\\’m not talking about just your seed phrase here. Yes, you need your seed phrase for your crypto but think about what else you can access with just your password. Passwords need to be very strong, containing all types of characters and preferably a sentence. An excellent example of this would be “Th3_f@RmEr’s-Dau73r_we4T~t0_$Ch0oL”. You should be regularly changing these passwords and do not reuse old passwords. Passwords should never be saved or written down. If necessary, enterprise solutions that encrypt your passwords, such as LastPass, have been accepted, but I wouldn’t recommend their use.
- Layers: Security is about layers. So, try to put as many layers between you and your digital presence as you feel necessary to protect your level of risk. A good example of an additional layer is a VPN or virtual private network.
- Cost-Effectiveness: When considering your risk, think about what you have, and who would take the time to steal it. North Korea doesn’t care about your 20k in dogecoin but u/TommyTwoHacks might, and they have very different resources at their disposal. Do you go out of your way to flaunt how amazing you are or try to piss people off? The riskier you are and the more you have, the more layers of security you will need.
- Accessibility: Cold devices and wallets are a precious addition to your layers of security, but you should also always be mindful of who has access to your devices and where you use them. Connecting to unsecured Wi-Fi is a great way to get all your data snatched. After all, A spurned ex-spouse might remember to grab your Trezor on the way out.
- Data Security: Does the Doggy Daddy blog really need your mother’s maiden name to sign you up for the newsletter? Be mindful of the data you give out to people. Think about how they would be able to verify the information they are asking you for. Do they really need it? What is the purpose of them asking you for this data?
Hopefully, this has piqued your interest in the exciting field of PerSec. After all, we have only scratched the surface. There are many areas vulnerable to attack and ways to attack them, so please be diligent and consider all your risks. In the end, we are solely responsible for our own cyber security.
Stay tuned for more in this continuing series from Cass. Check him out on Twitter or get in touch on the Discord.