4 Holiday Cybersecurity Projects to Fill Some Quiet Time


Ah, the holiday season—and some long overdue time off!

Maybe you’ve got a good book you want to read or some sleep to catch up on. Maybe you live in a part of the world where it’s beautiful outside and you plan on getting some exercise.

But maybe, just maybe, you’ll find yourself with a couple free hours at a time when it’s dark and rainy or snowy outside (here in Seattle, I can count on dark and rainy). What better use of your time than to get to those cybersecurity projects languishing on your to-do list?

Which projects? I thought you’d never ask!

Here are four holiday projects you can do to bring yourself peace of mind through better security and privacy practices.

Set Up a Password Manager

When people ask me what is the single best thing they could do to improve their personal security, I’m quick to respond: adopt a password manager. It’s hands down the most secure way to manage the hundreds of logins most people use on a regular basis.

A password manager helps you generate long and unique passwords for every account, and it also provides a secure place to store digital data, from credit card numbers to government ID cards to anything you want to keep behind a locked door.

There are a number to choose from, and Wirecutter does a great job of covering your options. Their top pick is 1Password; I’m a fan of Dashlane; LastPass also gets high marks.

The trick with a password manager is getting over the hump: deciding that it’s time to do passwords right, and then following through.

There’s an initial learning curve that you’ll need to overcome with the first few passwords you change, but soon you’ll find it’s second nature to replace old passwords with new. Before long, you’ll be smiling and thanking yourself every time you log in quickly and easily. (I get a little burst of joy every time I use my password manager. I recognize that’s weird.)

If you’re not careful, you’ll end up like me, recommending password managers to everyone you meet.

Step Up your 2FA Game

By now, many of us are using multi-factor or two-factor authentication (2FA) for SOME of our online accounts, possibly because we’ve been forced to, generally by a financial institution that sends a code to your phone.

While having a code sent to your phone to ensure it’s you isn’t perfect—there’s a flaw called SIM-swapping—it’s far better than a simple password. CSO did a simple explainer to get you up to speed on basic 2FA.

But if you really want to do two-factor right, you should step up to using an authenticator app. Just like getting a text message, the app gives you a code that verifies that the person logging in is you (after you’ve set it up).

As Wirecutter admits in its excellent overview of 2FA solutions, “Two-factor authentication can be a bit mind-boggling if you haven’t used it before.” But that’s why it’s a perfect project for a quiet, rainy morning when you’ve got nothing more important to do than navigating to a website where you’ve got an account, scanning a QR code to connect it to your app, and then enabling your connection. From that point on, you just pop open your phone, click an icon, and the app generates a code to help log you in. As long as you’ve got your phone, you’re in business.

I’ve been using Google Authenticator for years, but I’m convinced that Authy is now a better choice, so this one is going to be my holiday project. Sorry Sara, I can’t take down the tree yet—I’m working on 2FA!

Tweak Your Social Media and Search Settings

Do you ever find yourself wondering why you keep getting a certain ad on your Facebook feed? Or why Google seems to anticipate your every thought, even before you think it?

Well, like it or not, it’s because of you: somewhere along the way you let Facebook and Google (and Instagram and Twitter and wherever the hell else you roam) know a lot about you. Now they show you things they think you want to buy. Or allow your creepy old friend from high school to find you.

The good news is, you’ve got more control than you suspect over how you appear to the rest of the world on social media, you’ve just got to work for it a little bit.

On Facebook, for example, you can start by digging into the “Settings & Privacy” section (see below) at the upper right, and before you know it you’ll find yourself hip deep in controls for parts of Facebook you didn’t even know existed. With some persistence, you can get this nicely-tuned so that it almost feels like you’re in control.

It’s not hard to tweak Google to work the way you want as well. Their Security and Privacy Checkups (available on your account page) are the entry point to a whole range of modifications you can make.

For example, they give you a high level of control over how ads are personalized for you. If you really don’t want to see ads Google thinks you’re interested in, you can turn it off. But be careful what you ask for: you may find you like personalized ads after all.

Similar settings exist with other social media (though I think these two are the most advanced). It’s not always transparent what happens when you make changes, and it may take some changes a bit to show up in your world.

But what do you have to lose by not letting anyone contact you on Facebook, or by seeing ads that Google shares with any old Joe? If you want to be anonymous again, you can—it just may not be as pleasing as you expect.

Master IoT Device Security

Whether you got a new smart speaker for Christmas or, like my friend Brian, you got a new water heater that connects to your Wi-Fi, it’s time for you to make some critical decisions on how to connect your device.

Your first decision is really simple: connect or not? Just because your water heater or coffee maker CAN connect to the Internet through your Wi-Fi doesn’t meant it should. Brian decided he didn’t need to set his water temperature from his cell phone. After all, he hadn’t changed the temperature on the old one for years, why should he start now?

It’s when you decide to connect that it gets a little more complicated. First, you’ll want to be sure that you can configure the device to connect securely to your network. That means resetting the default password and ensuring that the new device doesn’t leave an open connection. Then, you’ll want to be sure that software updates are pushed automatically.

There’s a lot more to it than this, and it’s different for every device. Norton does a good job of covering some key advice in its “How to Protect Your New Tech” site, but what you need to know is that every device you attach to your network exposes you to risk—so take the time to understand your device and its security. You’ll be glad you did.

Once You’re Done, Get Outside!

If there’s one thing I always look forward to about my holiday break, it’s a good snowshoe adventure. It can be raining down in the lowlands, but once you get high enough the rain turns to snow and it’s a whole different world.

Typically we’ll go up to Table Mountain, near Mt. Baker, which has some of the most scenic snow-shoeing in the state, but we can often go closer to home if there’s been enough early snow (like there is this year). Out amidst the powder, I don’t give a moment’s thought to passwords or ad settings or 2FA at all. I’m too busy trying to keep up with my friends, the Caribunkle Boys.

Wishing you happy holidays … and at least one completed project!


Like What You Read?

Check out more content from Tom Pendergast on his blog Confessions of an Awareness Nerd.

Explore the Blog

Share this Post