PractiveSecurity.com
Practical, Active, Effective Cybersecurity Solutions

Education Blog

Practive Security Education and Knowledge

Practive Security 101: Digital Health Essentials

I’m sure you’ve heard the story and have read the headlines, “hackers breached defenses and stole customer data.” You may have even had your information stolen in a breach, and received a letter notifying you along with an offer for free identity theft monitoring. When this happens, oftentimes the breached organization has to pay tens of millions of dollars to recover from the damages caused.

In 2016, Uber’s data breach cost them $146 million to recover from.

Target’s 2013 breach had a $300 million recovery price tag.

The 2011 Epsilon breach is said to have reached $4 billion in damages. 

Aside from these big breaches, I’m sure you have also personally had suspicious or unsolicited contacts online or via your phone that seemed…well…odd, and left you thinking you were being directly targeted. 

All of this implies there is value to something you have. But what is it that these hackers are after? Why? What is this “data” that is so sensitive hackers will break into websites or manipulate you and I into giving it to them? What is “sensitive information?" What should we be keeping safe, and how?

Before I answer that, it’s important to remember that part of your safety and security extends beyond protecting against “hackers.” There are all sorts of malicious actors and predators operating on the Internet. Indeed there are entire criminal enterprises that operate fraud campaigns as a business model, that never cause the massive data branches we hear about, yet net millions of dollars each year using the data stolen in the breaches. Nation states run massive and persistent espionage campaigns against a wide variety of targets, sometimes entire people groups or populations. And there are individual predators who live a twisted life via the Internet where they actively seek avenues and methods to prey on people.

You need to remember that when you engage on the Internet, it is much like traversing a foreign land with no maps and no real governing authority nor law enforcement. Where you browse with your device is like traveling to different properties, and just as is the case in the physical world, there are other travelers who may be picking your pocket or snagging whatever you have left behind. As is the case in the real world, you’ll also meet scammers who fully intend to trick you into giving up your property. The Internet is also a place where anonymity and physical disparity cause humans to misbehave. It is truly a place where you should trust nothing, until you have verified it. Even then, once you hand over your information, you lose control of it.

But how do we protect ourselves? Against who? What? Why?

Answering these questions is part of why Practive Security exists. In this article I’ll give you brief answers and strategies to fill some knowledge gaps, and get you started. We’ll review by category, but think of each of these as security strategies themselves. What you need to protect includes: 

Your actions from being co-opted

Your money from being stolen

Your personal data from being used against you

Your property from being hijacked

Your body from being abused

Your story from being manipulated

Your mind from being poisoned

Your heart and your soul from being corrupted 

Your dependents from being exposed

Your Actions

First up on the list of what our adversary wants, is essentially, you. For ages, scammers and manipulators have been seeking ways to get their victims to act on their behalf or as a proxy, or as an accomplice. All the better if they are an unwilling or unknowing one. If an adversary can get you to perform an action they want, then they create a layer of protection for themselves and increase the likelihood that they will succeed. You can bypass layers of protections they can’t get through, at least not easily. Why break in and steal when they can get an authorized person to willingly give the information or access they want?

You may have heard of the classic Internet scam where a supposed Nigerian prince is trying to quickly move his vast fortunes out of his home country as a means of protecting it from theft by rebels. The prince promises you can retain a fraction of the wealth, if you will accept a deposit from him and await further instructions. Well, this is a classic example. If these scammers can get you to willingly give them your bank account number so they can move money into a foreign account (yours), you may be willingly participating in money laundering or some other financial fraud scheme.

Another modern example, is a means of conducting identity theft in which our adversary calls you pretending to be your bank and attempts to get you to say things, do things, and share information that they can use to set up a new line of credit or to open a new credit card in your name but for their use. Using this tactic, the adversary impersonates a representative of your bank and peppers you with questions under the guise of “validating” who you are, all while taking note of the information you divulge. In some of these scams, the adversary will record parts of the conversation so they have your voice making certain requests, speaking certain confirmations, granting certain permissions. This is all a form of manipulating you to participate in your own identity theft. You are giving your information and verbally authorizing its use.

I recently came across a case where an adversary was attempting to get their victim to set up call forwarding on their smartphone, which is likely a means of spoofing identities or evading detection by tricking callerID systems into thinking the call is coming from you.

In yet another scam I was targeted in, the adversary posed as a tech support representative who said they had detected a virus coming from my computer, and they wanted me to install “protection” software so they could diagnose the issue and fix it for me. Getting me to install their malware is a lot easier than trying to hack into my computer.

These are but a few examples of how adversaries target you to get you to act on their behalf. Other subtle objectives related to co-opting your actions can include:

  • Granting access or authorizing users

  • Installing software, apps, or making configuration changes to devices

  • Giving sensitive information

  • Forwarding emails or invitations

  • Verbally or digitally authorizing actions

  • Sharing details about friends and contacts

Protecting yourself from digital manipulation includes:

  1. Try to avoid Internet ads and scrolling through unwanted content. Oftentimes, manipulators will use these avenues to plant seeds in your mind; things they want you aware of or thinking about, which can set the stage for convincing you to act later on.

    1. Ad networks also have a reputation for installing web browser tracking cookies that monitor you and collect and report information back to the controller.

  2. Never inherently trust anyone on the Internet. Withhold trust until you have validated the identity of whomever you are interacting with, and remember, even “trusted” personas or accounts can be compromised and used by an adversary posing to be the original person behind the account.

  3. Never grant or share access to your accounts, your devices, your files, your subscriptions etc. with anyone else. That includes passwords. For families and heads of households, you can (and should) share within the context of your home, so there is an exception for you.

  4. Never disclose sensitive information unless you initiated the transaction (more on that later).

  5. Do not act as a proxy for someone else. This means do not do something on behalf of someone else that they can naturally do on their own. You may think this rude, but remember that predators are trying to prey on your sense of decency.

  6. Do not answer cold calls. You have no reason to trust the caller and you have no reason to give them any information.

  7. Watch out for a sense of urgency. Adversaries often use scare tactics or a sense of importance and urgency to try to get you to act quickly before you have time to think things through.

  8. Be suspicious of abnormal requests. If someone, even someone you normally trust, contacts you and asks you to do something they normally wouldn’t or something you normally wouldn’t, then be cautious.

    1. Transferring money, buying gift cards, or paying an invoice are common fraud tactics.

  9. Say or communicate as little as possible. In the era of AI, an adversary only needs a few words of your spoken voice, or a few bits of information from you, including pictures, to create a very realistic impersonation of you.

  10. Never give or transmit or share information that would be embarrassing in the hands of the wrong person, or could be used to pressure you into an action. Adversaries will often use impersonation tactics to get you and I to share something sensitive that they will then threaten to expose if you do not do as they demand.

Your Money

Next on our list of targets, is your money. Direct theft of funds is a major form of fraud and online data theft. With online banking and payment services like PayPal and Venmo (to name a few), it has become very easy to access and transfer funds between individuals and accounts through just a few clicks or taps. The danger increases when we have our 3rd party payment apps linked to our credit cards or bank accounts. If an adversary can get access to your payment account, they can make payments, route money, and make purchases as if they are you. But not all attempts to access your money are overt theft. 

Some adversaries use deceptive or hidden tactics to manipulate you into intentionally giving them money. There are also classic fraud operations that run on the Internet with fake stores, or spoofed services, and there are vulnerable websites of legitimate businesses that are unknowingly compromised and used by criminals to siphon payment information from legitimate transactions.

Methods used to access your money can include:

  • Logging into your account using stolen or guessed passwords.

  • Tricking you into a payment or funds transfer through an impersonation scam. This is often done via an SMS message or email.

  • Installing card readers on ATMs, gas station pumps, or other card swiping terminals.

  • Sending a message posing as a government or law enforcement official and claiming you have a payment due.

  • Using malware to steal your credit card information from your computer, browser, or a compromised website when you make a legitimate and intentional purchase.

  • Running “front” businesses that sell goods or services "legitimately" and also siphon financial information which they sell or use for fraudulent purposes.

Protecting access to your money is incredibly important.

  1. Always enable MFA / 2FA on your online bank account and make sure if you use an app on your smartphone to access the account, the app also supports and uses MFA / 2 FA.

  2. Use a unique username and password combination for your bank account, and a different one for your payment apps. It’s helpful to use a password vault or manager such as 1Password, but never store your passwords in your Internet browser or on your smartphone.

  3. Do not link your banking account directly to online payment or money transfer services. Nothing should have direct access to draw from your checking or savings accounts. If you need to grant access for direct deposit of funds or other transfer services, make sure the transfer is one direction only (deposit only).

  4. Limit the number of Internet properties you shop at and limit the number of financial accounts / credit cards you use online.

  5. Credit is always better than debit, because credit card companies are excellent at reversing fraudulent charges whereas with debit transactions, as soon as the money is sent, it is gone, and getting it restored by your bank can be more difficult.

  6. Make online purchases and payments through sites and services that have a strong and established reputation and history. Avoid marketplace purchases or rare/unique websites.

  7. Keep your computer up to date with software updates.

  8. Run a strong AntiVirus or AnitMalware product on your computer at all times.

  9. Use a VPN service to protect your data from unauthorized monitoring and collection.

  10. Do not make online purchases when on public WiFi networks.

Note: there are multiple 3rd party payment services that enable participants to exchange money in a peer-to-peer translation. PayPal and Venmo are good examples of this. Business apps such as Stripe, Square, and QuickBooks are other examples. These are generally safe to use, if you are diligent about protecting your account and limiting the credit card or bank accounts linked to them. But as a rule, I suggest avoiding any payment service that works by connecting directly to your checking or savings account at your bank.

Your Personal Data

Related to identity theft and money theft is your personal data. There is a category of data types formally recognized as Personally Identifiable Information (PII) that represents the information that is unique to you and is often what is used by financial institutions, government agencies, schools, and other authorities to validate your identity. Given the nature of this information and how it is legitimately used, our adversary actively hunts for this information, collecting whatever bits and fragments they can find. They sell this information via the underground marketplace (also known as the darkweb) to others who are piecing together this information as well. As soon as someone has all they need, the value of your data increases and it can either be sold again or directly used to commit various acts of fraud.

While PII is typically used to conduct forms of financial fraud, including opening new lines of credit or credit cards, some more sophisticated adversaries gather this information for human espionage, coercion, and political or military research and weaponization. One prime example of the latter is the nation of China who openly conducts PII theft of US Citizens for political and military gain.

Traditionally, PII includes certain information that uniquely identifies you. This can include:

  • Credit card information (full number, part of the number, expiration date, PIN)

  • Social security number (in part or in full)

  • Date of birth

  • Place of birth

  • Driver’s license number

  • Mother’s maiden name

  • Financial information such as a bank account number

  • Address (current or historical) or physical location

  • Medical records

  • Passport number

  • Birth certificate

There are some additional types of information that are secondary to traditional PII but should still be considered sensitive and protected as such, because they can be joined with other data to directly identify you or to impersonate you. This can include:

  • IP address of your computer or device

  • Your voice or images of you

  • Phone number (if not in public records)

  • Previous addresses

  • Anecdotes from your past such as schools you attended, vehicles you owned, cities you have lived in, people you have lived with, city in which you were married

Common methods for gaining your data include:

  • Directing you (typically via email) to fake websites that spoof one you use or trust that require you to enter your personal information for access (think of a spoofed bank login page).

  • Sending fake notifications that a payment is due for some reason, such as an alleged traffic citation or an alleged payment due for a toll road you used.

  • Phone-based scams where a fraudster calls you and claims to be from your bank and is investigating suspicious activity on your account. With this method they will ask you for sensitive information to allegedly validate you or your account.

  • Malware that runs on your computer and collects sensitive information.

  • Websites that have been compromised and collect your information as you enter it.

  • Breaking into companies that collect and store your sensitive information.

Protect this data with the following tactics:

  1. Never give this information to anyone who requests it until you are certain of their identity and that the information is required by them to complete the transaction you want.

    1. Note: credit card companies will never request this information over the phone.

  2. When entering this information online or via an app, make sure the connection is secure. You can check this by viewing your browser’s address bar to make sure the website starts with https or has a lock icon. With an app, make sure it is a trusted one created by a reputable company and is the legitimate version created by them.

    1. Note: the Android and Google Play stores are notorious for having malicious apps that impersonate legitimate businesses. Be very careful before installing an app from these stores.

  3. Never send this information via email. If you do need to send it or a scan or picture of sensitive documentation (such as a birth certificate), validate the recipient address and reason for needing it and use an offline encryption method to password protect the file before attaching and sending it.

    • Note: winzip or 7zip can be used to easily encrypt and password protect files on your computer. Share the password with the recipient via the phone so that you do not transmit the protected file and access method (password) at the same time and in the same method.

  4. If you store any of these documents or pieces of information on your computer, make sure you have the files encrypted. You can encrypt the files individually using a file compression tool like winzip or 7zip, or you can use an encryption service that is part of your AntiVirus/AntiMalware software.

    • Note: for laptops, you should also have full disk encryption turned on so that everything on your computer is secure.

  5. If you have shared this information inadvertently, or think someone has tricked you into sharing it, sign-up for an identity theft protection or credit monitoring service, such as Experian, right away.

  6. Keep your computer up to date with software updates.

  7. Run a strong AntiVirus or AnitMalware product on your computer at all times.

  8. Use a VPN service to protect your data from unauthorized monitoring and collection.

  9. Do not transmit sensitive information when on public WiFi networks.

Your Digital Data

All the data you generate and store on your computers or via cloud accounts is also of interest to adversaries. This other digital data you gather may not be usable for fraud or for identity theft purposes, but it is meaningful to you. This can include documents, digital projects, email, photos, music recordings, scanned records, really anything else you have chosen to create and store on your device. Adversaries know this is important to you and they know that if there is a risk of you losing all this information permanently, you would likely pay a lot of money to save it. This is where ransomware and ransom attacks thrive.

These attacks share a name with the physical tactic that is essentially the same; capture, hold, threaten, and release only if certain terms are met.

In a ransom attack, the adversary gains access to your data and removes your access to it. Sometimes this is by gaining control of your account (online or on your device) and locking you out, and sometimes this is by installing malware on your computer that encrypts all your files, making them inaccessible and unreadable. Another tactic I have seen used is actually removing all your files from their normal storage location (transferring them and then deleting the local copies). In cloud computing this is often done by moving data off of its original storage location, or encrypting it where it sits.

In a ransom attack, you will receive a notice from the adversary outlining their terms for restoring your data. Typically this is a demand for payment, often in digital currency such as Bitcoin. Once payment is sent, the adversary may or may not restore your files. Recovering from a ransom attack without meeting the specified terms is sometimes impossible, so it is very important to get ahead of these attacks and prevent them from happening in the first place.

Common tactics to capture your digital data include:

  • Take over your account (using a stolen or guessed password) and change the password or otherwise lock-out the original owner (you).

  • Install ransomware malware that encrypts all the files on the local computer and any attached hard drive.

  • Use a cloud-native solution to encrypt stored data and then copy and delete the decryption key from the key management system.

  • Copy your files to another location and delete the local (original) copies.

  • Ransom notes are typically delivered via email or on-screen.

To protect your digital data, use these strategies:

  1. Use unique user accounts (username and password) for different properties along with complex passwords.

  2. Enable MFA on any account that you login to on the Internet.

  3. Install a full-service AntiVirus or AntiMalware solution and run scans periodically.

  4. Use an external hard drive to periodically backup (copy) all your files.

    1. Note: do not keep the drive plugged in all the time as ransomware can find and encrypt data on attached USB drives

  5. Update your operating system and applications with patches, bug fixes, or upgrades on a regular basis (check weekly).

  6. Practice diligent email security

    1. Do not open attachments or click links in unsolicited emails

    2. Check the sender address to make sure it is legitimate

    3. Make sure the message conforms to the structure and text expected from the alleged sender

Your Property

Adversaries need Internet property from which to operate. This can include websites, servers, laptops or home computers, WiFi networks, and even services or accounts within these properties. Like you and I, they can of course buy their own computers or setup their own websites, or rent their own services, but doing so creates a connection to them personally and that creates an evidence trail for attribution and legal accountability. They would much rather operate with multiple layers of separation, especially across geo-political boundaries. By using someone else’s property, they inherit a few things that benefit them:

  • You pay the cost for their operation.

  • They can hide behind your identity or even impersonate you.

  • They inherit whatever access your property already has and can sometimes bypass security controls to access other systems or information.

  • They can install or plant content or evidence as a means to manipulate you.

Primary methods used to gain access to your property include:

  • Logging in with a stolen username or password, or guessing a non-complex password.

  • Exploiting a vulnerability in your software, application, or operating system.

  • Installing malware that creates a digital backdoor which they can use to remotely access and control your computer.

  • Hijacking unsecure or open access.

Use the following strategies to protect your property:

  1. Use strong passwords and MFA / 2FA for all online accounts.

  2. Keep your devices up to date with the latest security updates, patches, and bug fixes. This includes the operating system of your devices as well as the applications you run on them.

  3. Keep your devices locked or powered off when not in use (including in your home) and use unique pins or passwords that are not easily guessable.

  4. Never leave your mobile property unattended, including in a locked car or even in a hotel room. If you travel and need to leave a device behind, consider a portable safe or lockable case.

  5. Protect your home WiFi with a unique network name and password.

    • Setup a Guest WiFi channel for sharing with visitors to your home

  6. Monitor your home WiFi and validate all devices that are connected.

  7. Never share access to your devices or accounts outside of members of your immediate family. This includes handing your device off to someone else to use temporarily (except the occasional quick photo opp).

  8. Use a strong, full-featured AntiVirus/AntiMalware service on your personal computers and run scans on a regular basis.

  9. Monitor your Internet usage statistics (via your ISP or cellular provider) and look for unusual increases in data usage.

  10. Periodically remove unused apps or accounts.

  11. Avoid installing and using technology that records voice and video inside your home. If the device is cloud-based, you must assume that voice and video recordings (even live feeds) are at risk of being accessed by unauthorized parties. 

Your Body

It has been reported by the UN’s Human Trafficking commission that the majority of human trafficking cases start online through some form of social interaction, and nearly 80% involve sexual exploitation. This is not limited to women. Traffickers, like most predators, are actively looking for new victims, and often they use relational tactics to engage and build trust with those they are trying to capture. Some attacks against your body are digital only and tend to be used in what is called sexploitation scams where the adversary uses an image of you or a faked image of you to manipulate you into doing something or paying them money. Not all of these later types of adversaries are engaged in trafficking, and sometimes they are actually known personally by the victims. 

Common tactics used include:

  • Impersonating friends by either creating fake accounts or compromising the social media or email accounts of your legitimate friends.

  • Creating a false persona and interacting with you personally to build your trust until you divulge your location (approximate or precise), or getting you to meet up with them.

    • Note - traffickers will use any form of social communication available to them, including messaging features within games, or often via dating websites or other social platforms.

  • Requesting images of you, especially ones of a highly personal nature that they then threaten to expose publicly or to friends or family.

  • Monitoring you and then creating false evidence or fake pictures which they send to you along with a threat unless you do what they request.

  • Physical stalking and attempts to kidnap when you are lured to a place of their choosing.

  • Taking pictures of you in “compromising” situations that they can manipulate.

Tactics to protect your body:

  1. Never take, store, or share photos of yourself that you would not want made public, and guard even those you would be ok with sharing. Anything stored on your device or through a cloud-based service is just one piece of malware or one manipulation away from being used against for manipulative purposes.

    • Note: in the age of AI, images can be easily edited to create fake versions.

  2. Never share your location with anyone until you have established confidence that they are who they claim to be and that you trust them to be in the same place as you. Unfortunately, many apps today have built-in location sharing features. Avoid these apps and avoid using the feature, this includes “checking in” to physical stores or events.

  3. Never meet up with someone you have “met” online by yourself or in a private location. This is tricky with online dating and social apps, but if you mean to physically meet up with someone, take these precautions without fail:

    1. Meet in a public place with lots of people directly around you.

    2. Tell a trusted friend or family member where you will be, who you are meeting, when to expect you back.

    3. Ask a trusted friend to check-in on you periodically to make sure you are ok.

    4. Protect what you consume. Get your own food and drinks and if you leave them unattended, ask for a replacement.

    5. When you leave, travel to another location that has friends or family present. Consider spending the night with them.

  4. Never consume anything sent to you that you did not order or did not expect was coming.

  5. If you choose to use ride-share transportation services like Uber or Lyft, take every means possible to validate the operator of the vehicle is who they claim to be. Never enter a vehicle without first validating the driver.

  6. Avoid using the vacation rental industry via providers like Airbnb. You cannot know if there are hidden cameras or other recorders in the property, nor who is on the other side viewing or listening in.

  7. Avoid using security cameras inside your home. Although it is very common to do so to monitor pets or kids that are home alone, there have been many cases of in-home cloud-based security camera services having been hijacked, compromised, or accessed by unauthorized parties. Instead, mount security cameras outside your home pointing away from the building or with an outside view of doors and windows.

Your Story

This may seem hard to believe, but your story - what you do or have done, even simply who you are - is another form of sensitive information, because in the hands of professional fraudsters or predators, that information can be used to abuse trust, perform manipulations, impersonate you, or otherwise perform actions we call “social engineering.” 

Today, many people use Social Media to describe themselves, their activities, their interests, and all sorts of things about their personal story. In doing so, small bits of information leak that can be gathered together for misuse or abuse. Consider if you post a lot of pictures about cats to your public social media profile. Someone watching you can see that, and they can use cats as a topic for engagement since they know you are likely to respond. Or, if you are posting pictures of your vacation or evening out, live, then you are telling the public that you are not at home.

Posting pictures of people or locations you attend can also create vulnerabilities for others or for yourselves, especially if the location becomes politically or culturally attached to a sensitive event or topic.

Realize also that there are many predators who are on the Internet to feed twisted obsessions and fetishes. You might be feeding their appetite and growing it, which can lead to them stalking you or otherwise targeting you in other ways.

Your story also reveals your connections. Other people who share your life. Often, it is these other people who may be the target of an adversary and you are simply an intermediary or a means to get access to them. The things you share online can be exposing other people or details about other people that can be used maliciously to target them. 

Consider these tactics to keep your story protected:

  1. Do not post “publicly” on social media unless you intend to, and when you do remember that the Internet is forever and whatever you have posted you have lost all control over.

    1. Note: consider that employers monitor social media of their employees and will review social media use by potential employees.

  2. Before connecting with someone via social media as a “friend,” do all you can to validate they are who they claim to be, and that you can trust them with your story.

    1. Remember, in social media you cannot control what others choose to do with your content.

  3. Avoid talking about other people or posting pictures of them or mentioning them without their permission. You may have a shared experience that they want to keep private, or at least not shared with your circles.

  4. Limit the details of your life and share sparingly. The more details you provide, the more opportunity there is to accidentally leak information you didn’t mean to. Also, the more details you share, the easier it will be for someone else to impersonate you or claim they had a similar experience.

  5. Remember that everything you like, comment on, or share is creating a profile about you; your interests, your connections, what you choose to engage in etc. and all this can be used by adversaries or predators to create lures and traps to ensnare you.

  6. Limit messaging to basic engagements and do not share sensitive information via messaging apps.

Your Mind

Not all adversaries are outright criminals. Some who I consider predators on the Internet are actually wolves in sheep’s clothing. They are the providers of the Internet platforms themselves. In the world of online monetization, your attention is currency, and the big providers know this. If they can capture your attention, and keep it, they can turn that into income for their business. It is how social media platforms work. Carefully monitoring you, building a profile about you, and selectively feeding you content they think will keep your attention is what powers the feeds and how they curate your social media experience.

By managing what you are exposed to and what you are aware of, these providers can to a large extent influence what you are thinking about and what you know. This influences what you do.

Tactics used to influence your mind include:

  • Monitoring your engagement in social media and building a profile that describes you, including what you like, what you comment about, what you share, how long your screen lingers on certain posts, the types of people / profiles you follow etc.

  • Inserting stories and content into your feeds that match your profile.

  • Recommendations for friends or accounts to follow.

  • Targeted ads

  • Monitoring your browsing habits via website tracking

Methods to counter attempts to influence your mind:

  1. Be very diligent about what you choose to follow, like, comment on, and share in social media.

  2. Disable auto-video or auto-content loading in your social media app.

  3. Use a web browser such as DuckDuckGo, Safari, or FireFix with cookies and tracking disabled.

  4. Stay grounded in the real-world by making sure you spend the majority of your time away from social media and engaged personally with friends and family.

  5. Remember that social media is a predatory space and is designed to be addicting. Take active steps to manage this personally.

Your Heart and Your Soul

Sadly, there are malicious people who operate on the Internet with the intent of sharing illicit or provocative content (words, images, videos) that are meant to entice your senses into actions or other forms of engagement. Oftentimes, they are trying to get you engaged through the allure of the forbidden, using sexuality as a common hook. If they can get you to view their content, click a video, or like a post, then they bring you into their monetization scheme and further exposed to a web of darkness.

In addition to this, in the West we live in what is often called a “post-Christian” society. In the online world, many people behave in ways they would never do in person. Unfortunately, the tendency is to behave in a more negative manner due to perceived layers of anonymity. This again includes what people say or what they share. If you are not diligent, you can be accidentally exposed to things you will wish you had never seen or had not heard.

Use these tactics to protect your soul:

  1. Stay grounded in the truth and reality outside of the Internet. Read the Bible everyday and especially before you engage online social content.

  2. Prioritize social time in-person with real friends.

  3. Remember that your eyes are the gateway to your heart and your mind. What enters your body affects you, whether you are aware of that or not.

  4. Avoid “public” news feeds in social media or accounts that share publicly, except those you actually follow.

  5. Try not to click on or access accounts or pages in social media that share unwanted content. Doing so can load trackers into your web browser that will feed you more of that, or will trigger the social media algorithms to think you want to see more posts like that.

  6. Disable auto-content loading in social media apps so videos do not auto-play.

  7. Use content filters to prevent accidental exposure to online content that you regard as sinful in nature.

  8. Use a web browser such as Safari or FireFox that blocks ads and trackers.

  9. Use the “safe search” function of your browser or search engine.

  10. Be careful what you search for and the use of search result images. You can easily inadvertently expose yourself to content that was similar to your search and you didn’t anticipate.

Your Dependents

We would do well to remind ourselves often, that the Internet is forever. The moment we create something digitally and publish it to the Internet, whether that is sharing publicly or privately, we lose control over it. You may accidentally overshare something that was meant to be private, or you may share something privately that the recipient chooses to share with others, or you may click the wrong button and inadvertently push something to more people than you intended. Whatever the reason, the Internet will remember, and when you share content about others you are potentially making known what was unknown about them.

There are Internet services as well as malicious bots that constantly crawl the Internet and collect information that has been posted. This is in addition to the Internet service providers who monetize your data. These crawlers seek to know all that is knowable, and to archive it for use later on. These various Internet archives serve as a sort of historical record keeper. Diligence is needed to make sure what is recorded is what we want to be.

In the era of GenAI, some of the AI models are being trained on whatever is publicly available via the Internet. As the militarization of GenAI increases, you can be sure that governments will be using the technology to know and monitor their citizens. In tyrannical states that are obsessed with monitoring the activities, movements, and associations of their people, sharing a minor bit of information about someone else can establish a link that leads to prosecution or worse.

We also need to remember that each of us has different perspectives and contexts by which we decide what is personal, private, and sensitive in nature. What you may think of as trivial information, if it involves or exposes something about someone else, you have to consider how it may affect that other person.

Finally, we need to remember that the long-term nature of the Internet combined with a shifting political and cultural reality, can mean something benign and even obvious today, may be controversial and prohibitive later on. That is a risk we may be willing to take individually, but imposing that risk decision on others may be unfair and it may be forcing them into a situation that they are not willing to accept.

And so, part of practicing safe Internet hygiene is thinking about the implications of how what you create and share will affect anyone involved, when you lose control of that artifact and how it may resurface in the future to impact those involved.

Consider these strategies to help protect your dependents:

  1. Consider if the person involved would want the content shared about them. Ask permission before sharing content or information involving others. If they decline, then respect that.

  2. Assume that what you share in private will be shared to others without your knowledge. Sometimes people do this through gossip, sometimes they do it with malicious intent.

  3. Remember that what is sensitive to you may be different from what is sensitive to others.

  4. Avoid tagging or mentioning people by their account names when you do share. Consider instead using short names or nicknames that are not linked directly.

    1. Associations you make by sharing content that links a person to an event, an organization, or even an idea can have unknown consequences on them.

  5. Avoid disclosing or discussing truly personal information about someone under your care. This can include medical conditions, personal issues/struggles, legal issues, or any other detail that a reasonable person would consider “private.”

In Closing

I realize this article shares a lot of detail as well as tactics and tips that are very important to consider and to adopt. I know this can seem overwhelming, but I would like to leave you with a parting strategy that overrides all of what I have shared. Consider this:

When engaging online, you truly cannot trust anything or anyone. Instead you must be on guard and be diligent about validating and establishing trust before you give up anything, and you should limit what you expose so you can limit the opportunity for abuse or personal damage.

As much as I wish it was not the case, privacy and security are not the priority of the businesses or properties you interact with online, except for the rare exception, and the Internet does seem to draw out the worst in humanity. Sin is rampant, indulged, and monetized on the Internet. 

But you can engage the Internet with a reasonable degree of safety and security through diligence. Follow your intuition. Follow common sense. Do not do anything online that you would not do in person. Safeguard what is important.

And remember, we all eventually fall victim to an online scam. There are plenty of services to help you recover, especially financially.

EducationMatt Johnston101, Essentials