c/cybersecurity-tips

Saw a stat that 60% of data breaches come from insider threats not hackers and I'm torn on who to trust more

I found this on a Verizon report and it's making me question if I should focus more on training my own team or locking down the network, which side do you lean toward?

Saw something smart at the library computer lab

Tbh I was just printing some forms at the public library on Grand Ave and noticed they had all the monitors angled away from the windows. Asked the librarian about it and she said it stops people from reading screens through the glass with binoculars from outside. Never thought about physical spying like that but it makes total sense. Anyone else do stuff like this at home?

That stat about reused passwords blew my mind

I was reading through the Verizon Data Breach report last night and saw that 80 percent of hacking breaches are still from weak or stolen passwords. That number surprised me because I thought most attacks were from some fancy malware or zero day exploits. Turns out people just reuse the same password across 10 different sites and one leak screws them all. I looked at my own list and sure enough I had 3 accounts sharing a password from 2018. Has anyone else cleaned up their password habits after seeing a stat like that?

Can we talk about charging stations at cafes after my visit to Bean Cafe in Austin?

I sat down at a busy Austin coffee shop yesterday and noticed half the USB ports were loose or dead, which got me thinking about device security risks in public spots. Is it safer to carry your own power bank or risk the sketchy public outlets with a data blocker?

Hot take: My coffee shop Wi-Fi gave me a wake up call about public networks.

I was at a busy Starbucks in Austin last Tuesday sipping a latte and using their free Wi-Fi to log into my bank account (dumb move, I know). Then a guy at the next table got a notification that his login credentials were being used from a different device, and he started yelling at the staff. How do you all handle banking or sensitive stuff when you're stuck working from a public spot?

Learned the hard way about public WiFi at a coffee shop last Tuesday

I was checking my bank balance at a Starbucks in Austin and someone on the same network grabbed my login. Lost $240 before I caught it, now I only use a VPN on public networks. Has anyone else had a close call like this?

Heard my coworker say "just use Dad123" for passwords and it clicked for me

I used to think password managers were overkill. Like, who's really trying to hack my school lunch account? Then I heard my coworker telling a student to use "Dad123" as their computer lab password because it was easy to remember. That made me realize how many people do stuff like that. I signed up for Bitwarden that same week and now I make all my accounts use random passwords. Has anyone else had a moment where they suddenly saw how bad their own password habits were?

That IT guy at my office told me to stop reusing passwords and it hit different

I was at my desk last Tuesday complaining about having to reset another account password, and our IT guy Dave just looked at me and said 'you know every single one of those is probably on a dark web list already, right?' Then he pulled up my work email on his screen and showed me it appeared in 3 different breaches from sites I used 5 years ago. It really made me think about how lazy I've been with my logins. Anyone else ever had someone call them out like that and actually change their habits?

My brother's random comment made me rethink my whole password system

I was talking to my brother Dave last Tuesday about how I use the same base password with different numbers for every site. He just laughed and said 'so if one leaks, they can guess the rest in like 2 minutes.' Honestly never thought of it that way before. Has anyone else had a family member point out something obvious you were missing about your security habits?

Had to choose between a free VPN and paying $5 a month for one after getting hacked last month

Logged into my bank account and saw 3 charges from a game site I never heard of. Total was about $180. I had been using a free VPN from some random app for 6 months because hey, free is free right. Switched to a paid one after that mess, ProtonVPN for $5 a month. Cost me way more to deal with the fraud stuff than just paying for decent protection upfront. Anyone else get burned by a free service and learn the hard way?

Pro tip: dont fall for those cheap password manager ads

I spent $50 on a random password manager I saw on a podcast ad last month and it locked me out of 12 accounts after a glitch. Support didnt reply for 3 days and I had to reset everything manually. Anyone else get burned by an off-brand security tool like that?

Paid $80 for a password manager after a phishing scare last month

Almost lost access to my bank account from a fake email, so I bit the bullet on 1Password and it already caught two sketchy login attempts. Anyone else pay for one and actually feel safer?

Just spent 2 hours fighting with a router because of one loose coax cable

I was troubleshooting network drops at a client's office near downtown. Everything pointed to the router being bad. Replaced it, still had issues. After 2 hours of checking settings and cursing, I noticed the coax cable was barely finger tight. Tightened it with a wrench and boom, everything worked. Has anyone else spent way too long on a simple fix like that?

Spotted a guy at Starbucks using password123 on his laptop in plain view

I was sitting at a Starbucks in Austin last Tuesday and this dude next to me logs into his work VPN with his password just visible on the screen. Made me realize how easy it is for anyone shoulder surfing to grab credentials, especially in crowded places. Anyone else catching people being careless with their logins in public spots?

My IT friend told me to never use public USB charging stations

He said juice jacking was a real thing, so I bought a data blocker dongle for $12. A month later at the Denver airport, I plugged into a station and my phone just charged without any pop-ups or weird behavior. Has anyone actually gotten malware from one of those stalls, or is this mostly theoretical?

That $200 'military grade' VPN was a complete waste of money

I bought into the hype around VPN Secure Shield Pro last year because they kept bragging about military grade encryption. After 6 months I realized it was slowing my connection to a crawl and their no-log policy turned out to be pretty flimsy when some user data leaked. I lost basically $200 and a lot of patience dealing with their support team. Has anyone else gotten burned by a VPN that promised way more than it delivered?

Used to update passwords every 30 days until a security consultant told me to stop

Ran into a guy from a local cybersecurity firm at a diner in Greenville back in March. I told him how I had everyone at my small business rotate passwords monthly like clockwork. He laughed and said I was actually making things worse. People just tack a "2" on the end or swap one character. Said it was better to use a long passphrase and only change it when there's a real breach. That conversation flipped my whole approach. Anyone else get told the opposite of what you thought was standard practice?

My office laptop got ransomware at a Starbucks in Atlanta

I was working on a client proposal at a Starbucks in Midtown Atlanta when my screen just froze and a ransom note popped up. Turns out I had connected to a fake free wifi network that looked exactly like the real Starbucks guest wifi. I immediately unplugged the ethernet adapter and shut the laptop down completely. After getting back to the office, IT found and quarantined the infection from a backup from 12 hours earlier. So I lost just that day's work, not the whole project. Has anyone else gotten tricked by those fake public wifi hotspots with similar names?

The library wifi incident that made me ditch public hotspots for good

Got phished through a fake login page at work

Clicked a link in an email that looked exactly like our office 365 login. Typed in my credentials before I noticed the URL was off by one letter. IT locked my account within 2 minutes but the damage was done. Someone tried to forward all my emails to an external address. Now I check every URL twice and use a password manager that won't autofill on suspicious sites. Anyone else almost fall for something that looked that real?

Got a weird email from my own address and it freaked me out

So about a month ago, I was just checking my inbox at home and saw an email from myself. The subject was just 'Re: Our chat' and the body was a link. I knew right away it was a phishing scam, probably a spoofed sender address, but it still felt super creepy. I didn't click it, obviously, and ran a malware scan on my computer just in case, which came back clean. But it got me thinking about how to actually stop these from even hitting my inbox. I've heard two main ideas: one side says you need a really strong spam filter and to report every single one, while the other side says you should just ignore them completely because engaging at all, even to report, can flag your address as active. I'm leaning toward reporting them, but I'm not totally sure. What's the best move here for dealing with spoofed emails from your own account?

Talked to a neighbor about phishing and it made me ditch my password manager

I was chatting with this older guy down the street last week, he works in IT security. He told me that a lot of password managers are getting hit with data breaches themselves now, and that's how his friend got his email compromised. He said just use a physical notebook for passwords and keep it in a drawer. At first I thought he was crazy, but after looking up some recent hacks on LastPass and others, I actually switched to a notebook method. Has anyone else here gone back to paper after being all digital?

I used to think a strong password was enough until last Tuesday

I got a call from my bank in Phoenix about a suspicious login from a device I didn't own, even though my password was a 12-character mix of letters and numbers. Turns out, the site had a breach months ago and my reused password was floating around. Anyone else get caught by password reuse even when the original one was strong?

I used to think my dad was paranoid for writing his passwords on a piece of paper in his desk drawer.

After my cousin's entire Instagram got hijacked last month from a keylogger, I realized that physical paper in a locked drawer at home is way safer than reusing the same password on five different sketchy websites. Has anyone else had a similar wake-up call about an old-school security habit?

My old password manager just gave up on me after 8 years

It happened last Tuesday night, the whole app froze and wouldn't sync my vault anymore. I was using this free tool I found back in 2016, and it just couldn't handle the new update on my phone. Had to do a full export and move everything to a new service, which took about three hours to get all 200+ logins sorted. Makes you think about how much we rely on these old tools that stop getting support. What's a good, simple password manager you all trust for the long haul?