09/12/2016 12:07 EDT | Updated 09/12/2016 12:07 EDT

The Everyday User's One-Stop Cybersecurity Primer

This primer is the "two-bite brownie" response to online safety, or "cybersecurity." A security fanatic could write a few books on this topic, but this is what you need to know to cut out most of the risks online (making it safer than crossing the street).

Antique lock and key sitting on a blue illuminated keyboard.

I've heard a lot of people talking about online security lately.

Some people are still confused about when to open up an email.

Some people are frustrated about juggling so many passwords, while others still have 123abc for a password -- yes, I ran into this the other day.

Others are worried about letting people see personal information on Facebook.

This primer is the "two-bite brownie" response to online safety, or "cybersecurity." A security fanatic could write a few books on this topic, but this is what you need to know to cut out most of the risks online (making it safer than crossing the street).


If you have only a few passwords, make them unique. No problem. Something like Qt43abst. Here are some fun ideas for choosing unique passwords.

If you have several hundred to remember, that is just not practical. For most websites, you will need a base password, or a series of base passwords, each for a different kind of website.

But make sure that passwords to anything critical are unique. By "critical" I mean where money can be accessed or vital personal data altered. For instance:

  • Bank accounts
  • PayPal
  • LinkedIn
  • Email account
  • Domain name
  • Home WiFi

Make each of these unique, because if somebody hacks one website and gets a list of passwords, their bots will try them out very quickly on all sorts of important websites (especially PayPal and banks).

Personal Information

Some people still think they can hide personal information from the world. And maybe they can. How far you want to go to hide your identity is up to you. But there are two key principles to remember:

  1. Whatever information you put on Facebook, Twitter or anywhere else can be used to identify you. So make sure those aspects are not the identifiers used to unlock your bank account or give access to anything else that is critical.
  2. Never post online about what a great vacation you are having or that you are at the intersection Tenth and Main. There is a good chance that somebody somewhere is just waiting for you to announce that you have left your castle unattended. If you insist on torturing your followers and friends with a pic of your dinner at Chez Mario, wait until you get home and start the post with "Just got home from..." The same goes for vacation photos.


So many people blog, run their own business or have a second online career on the side. That means you have a website that can be hijacked for a plethora of nefarious purposes.

There are too many things that can just shut down your business. Whether the website is your lifeblood or a little extra income on the side, you don't want those headaches. Follow the security tips here to at least cover the basics.


In 2016, do I have to remind anybody of the importance of anti-virus software? Unfortunately, yes. I use Kaspersky. Norton and MacAfee are also mainstream. If you are not in-the-know, don't trust any others, because there are always some hackers trying to get into your computer through their so-called anti-virus products.


Hackers are constantly trying to get into your bank account through email. And there are an amazing number of people who are not sure when they should click on a link in an email.

Here are four rules of thumb to keep you safe:

1. Check if the email is from someone you know and trust, or a company you do business with.

2. Hover your mouse over the link to click, and see what URL (web address) shows up in the bottom left of your browser window. It should match what the email claims it is.

This can be tricky.

Look only at the word before the .ca or .com. For instance:

Real URL:

You know this is really Amazon, because Amazon comes right before the .ca

Fake URL:

You know this is fake, because Wonfict comes right before the .ca

In the second example, somebody who owns wants you to think that you have landed on Amazon. This is a lot like the Queen transforming herself to look like a trustworthy old hag, so that Snow White will bite the poison apple.

In real life, biting the poison apple is logging into the fake Amazon site, thereby sharing your login credentials with its owner. Big deal, you say? Who cares if someone gets access to your Amazon account? True... but if you ignore my earlier advice, his bot can send your Amazon login credentials across the web to see if they will also unlock your PayPal account or your bank account. That's what happened recently with hacked LinkedIn accounts.

3. If it's from a friend and it smells funny, email them back to see if they really sent you the email, or if a hacker had hi-jacked their account.

4. If the email is from a company, bank or otherwise, never click on the link. Go into your browser and type in the real address of the company and log in directly from your browser. Don't follow a link in an email.


The Internet has the power to destroy a person's reputation forever. Feel like swearing at somebody? Want to show off a tattoo in an extraordinarily private place? Don't. Instead, ask yourself this question:

Would I want to see this announced on a marquee on Main Street?

If the answer is "No," don't post it, even privately in a direct message or chat. Once posted, it is no longer in your hands, and someday a hacker might have way too much fun with it.

There is much more to cybersecurity than can fit in an article or even in a dozen articles. But with this simple cybersecurity primer, you'll be well-armed against most threats.

Follow HuffPost Canada Blogs on Facebook


Photo gallery Seven More Secure Alternatives To Passwords See Gallery