Cybersecurity Basics — The Boring Habits That Stop the Expensive Disasters

Cybersecurity industry sells fear and six-figure appliances — nation-state actors, ransomware gangs, zero-days. Most people get hacked through boring failures: reused password leaked in old breach, clicked fake invoice, postponed iPhone update three months. Basics block majority threats; perfection impossible; improvement cheap.

Not paranoia — hygiene.

Threat model sanity

Average person: Criminals bulk phishing, credential stuffing, SIM swap, stolen laptop.

Journalist/activist: State surveillance — harder tools needed.

Business owner: Ransomware, invoice fraud — separate article scope.

Match effort to risk — our online privacy guide adjacent layer.

Passwords and passkeys

Unique password every site — breach one, others safe.

Password manager — Bitwarden, 1Password, etc.; one strong master; autofill reduces phishing if configured correctly.

Enable 2FA — authenticator app (TOTP) better than SMS; passkeys best where supported.

No sticky notes. No {PetName}123! rotation pattern.

Phishing recognition

Urgent tone — account suspended, boss needs gift cards, package failed delivery.

Hover links before click — domain mismatch amazon-security.ru not amazon.com.

Unexpected attachments — invoice.pdf.exe historic trick; macro docs.

Verify out-of-band — call known number not email reply if wire transfer requested.

AI-generated phishing improving — typos fewer; skepticism still works.

Software updates

OS and app patches close known holes — delay equals vulnerability window. Auto-update on; reboot annoying vs ransomware more.

Old devices off network if unsupported — IoT cameras notorious botnets.

Device physical

Full disk encryption — FileVault, BitLocker.

Screen lock — short timeout; biometrics convenience ok with strong passcode backup.

Lost phone — remote wipe enabled Find My / Google.

Public WiFi — avoid banking without VPN; phone hotspot often safer.

Backup

3-2-1 rule variant — three copies, two media, one offsite. Cloud or external drive. Ransomware recovery impossible without backup.

Photos irreplaceable — travel photography archives matter.

Social engineering

Most breaches human not magic — attacker calls IT helpdesk, pretends CEO. Slow down verification.

Oversharing social media — mother’s maiden name security questions; vacation posts burglary timing.

Business email compromise

Wire transfer fraud — finance processes dual approval; callback verification.

When hacked

Change passwords unique sites; revoke sessions; credit freeze if identity theft; report bank; restore from backup; learn without shame — happens millions annually.

Connection institutional

Deepfakes and misinformation weaponize trust — cybersecurity literacy overlaps media literacy.

Open source dependencies — supply chain attacks rare individual level but real enterprise.

Conclusion

Cybersecurity for normals is habits not heroics — manager, updates, skepticism, backup. Headlines sell APT groups; bills come from reused password on shopping site.

Do boring things consistently. Sleep better.

Lumen is edited by Leo Hartmann. Related: Online Privacy Guide · Passkeys Future