101 | HOW-TOS

The lazy person’s guide to

cybersecurity: minimum effort for
maximum protection
Posted: February 21, 2019 by Pieter Arntz
Last updated: February 22, 2019

Are you tired of that acquaintance who keeps bugging you with
computer questions? Do you avoid visiting certain people because
you know you will spend most of the evening cleaning up their
machine?
My uncle Bob is one of those people. He’s a nice guy, but with
computers, he’s not just an accident waiting to happen—he’s an
accident waiting to become a catastrophe. To keep Uncle Bob’s
computer safe without blowing up the Internet, we need to give
him the simplest of instructions that result in protecting him
against as much as possible. Uncle Bob needs a lazy person’s
guide to cybersecurity.
It’s not that Uncle Bob is lazy. It’s that he’s overwhelmed by the
amount of stuff he has to do to keep his data and devices secure.
Multiple passwords, reading through EULAs, website cookies that
he clicks “agree” to without really paying attention—they’re
giving him a serious case of security fatigue. And as his helper,
you’re probably pretty over it, too.
The funny thing is, with adequate cybersecurity, Uncle Bob’s—
and by extension all of our—problems would be much less
frequent and less severe. So, let’s see if we can work out a system
of minimum effort that renders reasonable results.
Before we begin, we will should note that lazy cybersecurity
should not apply to devices used to store sensitive data, conduct
financial transactions, or communicate confidential or
proprietary information. Lazy security is a good way to protect
those who prefer to do nothing rather than be overwhelmed by
50 somethings, but it shouldn’t have severe consequences if it
goes wrong.
User education

Your first step should always be user education. So many of

today’s most dangerous threats are delivered through social
engineering, i.e., by tricking users into giving up their data or
downloading the malware themselves from an infected email
attachment. Therefore, knowing what not to click on and
download can keep a good portion of threats off a lazy person’s
device.
With most people, it helps to know why they shouldn’t download
or click on links in emails that look like they came from a
legitimate institution. Just telling them “don’t do that” may help
for a bit, but advice is better retained if it’s grounded in practical
reasoning. Therefore, each item in this list is accompanied by a
brief explanation.
 Do not click on links asking to fill out your personal
information. Your financial institutions will not send emails
 with links to click, especially if those links are asking you to
update personally identifiable information (PII). If a website
promises you something in return for filling out personal
data, they are phishing. In return for your data, you will
probably get lots more annoying emails, possibly an
infection, and no gift.
 Don’t fall for too-good-to-be-true schemes. If you get
offered a service, product, game, or other tantalizing option
for free, and it is unclear how the producers of said service
or item are making money, don’t take it. Chances are, you
will pay in ways that are not disclosed with the bargain,
including sitting through overly-obnoxious ads, paying for
in-game or in-product purchases, or being bombarded with
marketing emails or otherwise awful user experiences.
 Don’t believe the pop-ups and phone calls saying your
computer is infected. Unsolicited phone calls and websites
that do so are tech support scams. The only programs that
can tell if you have an infection are security platforms that
either come built into your device or antivirus software that
you’ve personally purchased or downloaded. Think about it:
Microsoft does not monitor billions of computers to call you
as soon as they notice a virus on yours.
 Don’t download programs that call themselves system
optimizers. We consider these types of software,
including driver updaters and registry cleaners, potentially
unwanted programs. Why? They do nothing helpful—
instead, they often take over browser home pages, redirect
to strange landing pages, add unnecessary toolbars, and
even serve up a bunch of pop-up ads. While not technically
dangerous themselves, they let a lot of riff raff in the door.
 Never allow web push notifications. I have yet to find a
useful reason for these, beyond advertising.
Beyond staying away from “allow” and “download” buttons, and
steering clear of links asking for PII, users who conduct any kind
of financial transaction on their machines, be it online shopping
or banking, should approach those transactions with extreme
caution. Here’s where we ask users to take action, looking for
security clues and doing a little research before paying that bill or
buying that new book.
 Use a designated browser you trust. This needn’t be for all
surfing, but for purchasing especially, research the different
browsers and see which one you feel safest with, whether
that’s because they have few vulnerabilities, don’t track your
surfing behavior, or encrypt all communication. Major
browsers such as Firefox, Safari, and Chrome have strengths
and weaknesses they bring to the game, so it’s a matter a
personal preference. We do suggest staying away from older
browsers rife with security holes, such as Internet Explorer.
 Look for HTTPS and the green padlock. No, it’s no longer
a guarantee that the site is safe just because it has a green
padlock, but it does mean the communication is encrypted. If
you combine that with being on the true website of a trusted
vendor, you can breathe easier knowing your payment
details cannot be intercepted in transit.
 Use a password manager. Simple as that. Passwords are a
real problem, as users tend to re-use the same ones across
multiple accounts, keep old ones laying around because
they’re the only ones they can remember, or write them
down somewhere they can be easily found. No need for 27
different passwords. Just one manager, preferably with
multi-factor authentication. (Bonus points for healthcare or
bank organizations with logins that use physical or
behavioral biometrics.)
This could turn out to be too confusing for the Uncle Bobs of this
world, however. If so, best to point them in the direction of brick-
and-mortar stores for shopping, the checkbook for paying bills,
and the actual bank to conduct other financial business.
How to set up a system for a non-tech-savvy person
Perhaps Uncle Bob can only manage so much security education
before feeling overburdened with technical knowledge. In that
case, it helps for a tech-savvy friend or relative to pitch in and
tighten up a few things on the backend.
Hardware
First of all, if someone is looking for a new computer for non-
sensitive purposes, such as browsing, social media, games, and
some basic email or chat functions, you can chime in with
recommendations. For someone not invested in heavy gaming, a
Chromebook would be a good option, as it will save them some
money and can perform all those functions, plus any browser-
based gaming. However, someone with an interest in PC gaming
will likely need an entirely different OS and an intense graphics
card (and therefore lots of protection against cryptominers).
Meanwhile, Macs are good options for users looking to get into
graphic design.
Software
Installing software on a system usually comes with the task of
having to keep it up-to-date. Therefore, any software programs
that Uncle Bob selects should minimize the potential pitfalls.
When Uncle Bob is shopping for software, recommend he finds
programs that have a self-updating function. We know this isn’t
always recommended in a work environment, but for the lazy
security person, it’s perfect. One less thing to worry about.
In addition, selecting software that allows users to minimize
notifications to only dire warnings will keep Uncle Bob from
getting confused. Notifications coming from programs can have
strange effects on the less computer savvy for several reasons:
 They don’t understand to which program they belong, which
takes away the context for them.
 The text in the notifications is designed to be short, not
always maximized for clarity.
  Technical terms used in the notification are unknown to the
receiver.
Their reactions may vary. Some will simply click until they
disappear. This is the behavior that usually gets them into trouble,
so you don’t want to give them another reason to click–click–click
away. Others may get worried and call for backup immediately,
asking what’s wrong and why they are getting this “pop-up.” So,
any software that can be set to only issue a warning when
something is really amiss deserves another plus.
Browser add-ons
There are some secure browsers out there that value your
privacy, but I’m pretty sure my Uncle Bob does not like using
them. There is a learning curve involved that may not seem steep
to you and me, but my uncle Bob…you know what I mean. But
there is hope on the horizon. Some of the more user-friendly
browsers can be equipped with extensions/add-ons/plugins that
boost security by adding an extra protective layer.
There are browser extensions that can make your browser more
secure by:
 Blocking advertisements
 Minimizing tracking
 Enforcing https traffic
 Protecting your privacy
 Blocking online scripts

Read: How to tighten security and increase privacy on your browser

It’s a fine line

Everyone deserves to experience a safe Internet, but
unfortunately, this is not always easy to accomplish. Peoples’
skill-sets and levels of experience differ, as does their tolerance
for bad news—or any news at all! What comes naturally to some
can be downright overwhelming for others. While you might wish
that Uncle Bob could have his computer license revoked, it’s
better to sit him down and show him basic survival skills—all the
better to not only protect himself, but others from dangers
lurking on the web.
And if you go that one step further and help those less tech-savvy
folks in your life by setting up some automated support in the
background, you’ll save them time and and money having to run
repairs or clean up an infected machine.
We always sign off by telling our readers to stay safe. This time,
stay safe…and help your friends do the same.