“Cyber Attack Survival Manual” (Book Summary)

I’d like to share with you my summary of the book Cyber Attack Survival Manual: From Identity Theft to the Digital Apocalypse and Everything in Between by Nick Selby and Heather Vescent.

Note: this post contains affiliate links.

Book Summary

The book contains pretty good personal cybersecurity advice covering a range of topics, but it’s not as helpful as other books I’ve read, and it’s not very engagingly written. Each chapter ends with takeaways in 3 levels: basic security, advanced measures, and tinfoil-hat brigade (for the extremely cautious or paranoid). The book has a realism and grittiness that probably comes from co-author Selby’s police work. I like the artwork throughout the book (see sample below).

Co-author Nick Selby is a police detective who investigates computer crime, fraud, and child exploitation. He consults law enforcement agencies on cyber intelligence and investigations. He has fought cybercrime for over a decade and is clearly well-acquainted with online scams, fraud, and hacks.

Co-author Heather Vescent is a futurist with expertise in cyber-economics and cryptocurrency.

Here are my notes from each chapter.

Keep Your Identity Safe

Password managers: LastPass, Dashlane, 1Password.

Takeaways

  • Use a different strong password for every login (websites, desktop programs, phone apps).
  • Use a password vault program (password manager).
  • Don’t get your kids social security cards unless necessary.
  • Check kids’ credit at least quarterly.

Where the Money Is

  • If you get a message from your bank asking you for info, call bank’s known number to ensure it’s legit.
  • Check credit reports regularly.
  • Use only cards with chips (don’t swipe).

Protect Your Privacy Online

Hackers can “sniff” insecure public W-Fi to see what you’re doing. Hackers can set up a second network with the same or a similar name as a trap. Always ask for the name of the network, and use a secured network whenever possible.

Think twice about storing sensitive data online (identification, tax docs, etc.).

Takeaways

  • Set all social media privacy settings as high as possible.
  • Protect home Wi-Fi with WPA2.
  • Don’t accept friend requests from strangers.
  • Never use public Wi-Fi without a VPN.
  • Restrict what you share on social media.
  • Consider covering cameras and microphones with electrical tape.

Keep Kids Safe Online

Kids shouldn’t assume nude photos they send will stay private.

Use OpenDNS to control the sites kids can visit.

To prevent kids from using a bootable operating system (OS) on your computer, set a BIOS password on a Windows machine or a firmware password on a Mac.

Teach kids that they’re not anonymous online, and there are bad people online. Don’t scare them, but help them understand the threat is real.

Set alerts for when a kid tries to access a blocked site or search certain words.

Check browsing history in router or with ISP.

Regularly discuss online safety with kids as they grow. Praise good behavior. Let them know they can come to you if they get into trouble.

Review teen’s online footprint together; act like a college admissions officer or potential employer.

Takeaways

  • Monitor kids’ social media (with software, or manually).
  • Talk to kids about what’s safe to share.
  • Log traffic.
  • Enable GPS tracking on kids’ phones.

The Internet of Things

Protect yourself from Internet of Things (IoT) devices

  • Read everything you can about a device, especially data-use policies.
  • Opt out of data collection and/or use offline or airplane mode.
  • Change default passwords immediately.

Secure messaging systems: Signal, Wickr, Tor.

Takeaways

  • Change default modem and router passwords.
  • Use screen lock codes on all mobile devices.
  • Isolate IoT apps from sensitive data.
  • Ensure medical devices are locked to only critical services.
  • Consider a separate home network or VLAN for IoT devices.

Not Just Phoning It In

Enable screen lock. Use password instead of PIN, if possible. Set screen to lock after a short amount of time (2 minutes or less).

Disable communication (Wi-Fi, hotspot, Bluetooth, NFC, etc.) and only enable when necessary.

Don’t use phone on public Wi-Fi without a VPN. Or, use mobile data.

In US, government can use your fingerprints to unlock, but they can’t force you to give your password.

To totally secure phone, turn it completely off and remove battery if possible.

Takeaways

  • Set good password (7+ characters or numbers, or good pattern).
  • Encrypt phone.
  • Enable phone locator in case phone is stolen.
  • Limit number of days of email stored on phone.
  • Use two-factor authentication (2FA) whenever possible.
  • Disable location services and only enable when necessary.

Cyber Security and Small Business

When selling online (e.g., Craigslist), limit the info you reveal. Consider a burner app (for a temporary phone number) and meet in public. Ensure a friend knows where you are.

Cloud backup: Dropbox, SpiderOak, Backblaze.

The Deep Dark Net

  • Surface Web: public websites, indexed by search engines.
  • Deep Web: websites not indexed by search engines, but can be visited using a standard browser if you know the address.
  • Darknet: websites that can’t be visited using a standard browser, and typically require a Tor browser to view. Also includes other protocols and environments (IRC, I2P, etc.).

International Cybersecurity

Burner apps for creating anonymous phone numbers: Burner One, Hushed, CoverMe.

If you travel out of country, consider renting a phone or computer in the country you travel to, to avoid searching of devices when you return home.

Takeaways

  • Encrypt all products and communications.
  • Use separate devices when outside your country.

Summary

  • Password-protect and disable remote management on modem, router, any other Internet-connected devices.
  • Never give private info over email or text. Always call bank, utility, service that’s claiming to request info.
  • When shopping online, consider using guest checkout and one-time credit cards.

Further Reading

If you found this summary helpful, then read the book, Cyber Attack Survival Manual: From Identity Theft to the Digital Apocalypse and Everything in Between by Nick Selby and Heather Vescent.

The Resources page has additional cybersecurity and privacy books.

What You Should Do

Here are several tips I’ve hand-picked from the book.

  1. Use a different strong password for every login (websites, desktop programs, phone apps).
  2. Use a password vault program (password manager). (I like LastPass.)
  3. Use only cards with chips (don’t swipe).
  4. Protect home Wi-Fi with WPA2.
  5. Use OpenDNS to control the sites kids can visit.
  6. Teach kids that they’re not anonymous online, and there are bad people online. Don’t scare them, but help them understand the threat is real.
  7. Regularly discuss online safety with kids as they grow. Praise good behavior. Let them know they can come to you if they get into trouble.
  8. Change default modem and router passwords.
  9. Disable phone communication (Wi-Fi, hotspot, Bluetooth, NFC, etc.) and only enable when necessary.
  10. Encrypt phone.
  11. Enable phone locator in case phone is stolen.
  12. Use two-factor authentication (2FA) whenever possible.
  13. Disable location services and only enable when necessary.
  14. Password-protect and disable remote management on modem, router, any other Internet-connected devices.
  15. Never give private info over email or text. Always call bank, utility, service that’s claiming to request info.


*** This is a Security Bloggers Network syndicated blog from Defending Digital authored by Chad Warner. Read the original post at: https://defendingdigital.com/2019/02/20/cyber-attack-survival-manual-book-summary/