
What is Cybersecurity?
Defending yourself against cyberattacks starts with understanding the risks associated with cyber activity, what some of the basic cybersecurity terms mean, and what you can do to protect yourself.
It seems that everything relies on computers and the internet now.
Communication like email, and smartphones.
Entertainment like digital cable, and mp3s.
Transportation like car engine systems, and airplane navigation.
Shopping like online shopping, and credit cards.
Medicine like medical equipment, and medical records...
And the list goes on.
How much of your daily life relies on computers?
How much of your personal information is stored either on your own computer or on someone else's system?
Cybersecurity involves protecting that information by preventing, detecting, and responding to cyber attacks.
What are the risks to having poor cybersecurity?
There are many risks, some more serious than others.
Among these dangers are malware erasing your entire system…
an attacker breaking into your system and altering files,
an attacker using your computer to attack others,
or an attacker stealing your credit card information and making unauthorized purchases.
Unfortunately, there's no 100 percent guarantee that even with the best precautions some of these things won't happen to you, but there are steps you can take to minimize the chances.
What can you do to improve your cybersecurity?
The first step in protecting yourself is to recognize the risks and become familiar with some of the terminology associated with them.
Hacker, attacker, or intruder.
These terms are applied to the people who seek to exploit weaknesses in software and computer systems for their own gain.
Although their intentions are sometimes fairly benign and motivated solely by curiosity, their actions are typically in violation of the intended use of the systems they are exploiting.
The results can range from mere mischief like creating a virus with no intentionally negative impact to malicious activity such as stealing or altering information.
Malicious code.
Malicious code, also called malware, is a broad category that includes any code that could be used to attack your computer.
Malware can have the following characteristics:
It might require you to actually do something before it infects your computer.
This action could be opening an email attachment or going to a particular webpage.
Some forms of malware propagate without user intervention and typically start by exploiting a software vulnerability.
Once the victim computer has been infected, the malware will attempt to find and infect other computers.
This malware can also propagate via email, websites, or network-based software.
Some malware claims to be one thing, while in fact doing something different behind the scenes.
For example, a program that claims it will speed up your computer may actually be sending confidential information to a remote intruder.
Examples of malware include: viruses, worms, and ransomware.
Vulnerabilities.
Vulnerabilities can be caused by software programming errors.
Attackers may try to take advantage of these errors to infect your computer, so it is important to apply updates or patches that address known vulnerabilities.
I’ll cover this more in our “Understanding Patches” module.
I’ll see you in the next video!
Let’s go over a few Good Security Habits to help you stay safe.
There are some simple habits you can adopt that, if performed consistently, will dramatically reduce the chances that the information on your computer will be lost or corrupted.
How can you minimize the access others have to your information?
It may be easy to identify people who could gain physical access to your devices.
Family members, roommates, coworkers, people nearby, and others.
Identifying the people who have the capability to gain remote access to your devices is not as simple.
As long as your device is connected to the internet, you are at risk for someone accessing your information.
However, you can significantly reduce your risk by developing habits that make it more difficult.
Improve password security.
Passwords continue to be one of the most vulnerable cyber defenses.
Create a strong password.
Use a strong password that is unique for each device or account.
Longer passwords are more secure.
An option to help you create a long password is using a passphrase.
Four or more random words grouped together and used as a password.
To create strong passwords, the National Institute of Standards and Technology (NIST) suggests using simple, long, and memorable passwords or passphrases.
Consider using a password manager.
Password manager applications manage different accounts and passwords while having added benefits, including identifying weak or repeated passwords.
There are many different options, so start by looking for an application that has a large install base so 1 million users or more and an overall positive review, more than 4 stars.
Properly using one of these password managers will help improve your overall password security.
Use two-factor authentication, if available.
Two-factor authentication is a more secure method of authorizing access.
It requires two out of the following three types of credentials:
something you know like a password or PIN, something you have like a token or ID card, and something you are like a biometric fingerprint.
Because one of the two required credentials requires physical presence, this step makes it more difficult for a threat actor to compromise your device.
Use security questions properly.
For accounts that ask you to set up one or more password reset questions, use private information about yourself that only you would know.
Answers that can be found on your social media or facts everyone knows about you can make it easier for someone to guess your password.
Create unique accounts for each user per device.
Set up individual accounts that allow only the access and permissions needed by each user.
When you need to grant daily use accounts administrative permissions, do so only temporarily.
This precaution reduces the impact of poor choices, such as clicking on phishing emails or visiting malicious websites.
Choose secure networks.
Use internet connections you trust, such as your home service or Long-Term Evolution or LTE connection through your wireless carrier.
Public networks are not very secure, which makes it easy for others to intercept your data.
If you choose to connect to open networks, consider using antivirus and firewall software on your device.
Another way you can help secure your mobile data is by using a Virtual Private Network service,.
This allows you to connect to the internet securely by keeping your exchanges private while you use Wi-Fi.
When setting up your home wireless network, use WPA2 encryption.
All other wireless encryption methods are outdated and more vulnerable to exploitation.
In early 2018, the Wi-Fi Alliance announced WPA3 as a replacement to the longstanding WPA2 wireless encryption standard.
As WPA3-certified devices become available, users should employ the new standard.
Keep all of your personal electronic device software current.
Manufacturers issue updates as they discover vulnerabilities in their products.
Automatic updates make this easier for many devices.
Including computers, phones, tablets, and other smart devices.
But you may need to manually update other devices.
Only apply updates from manufacturer websites and built-in application stores.
Third-party sites and applications are unreliable and can result in an infected device.
When shopping for new connected devices, consider the brand’s consistency in providing regular support updates.
Be suspicious of unexpected emails.
Phishing emails are currently one of the most prevalent risks to the average user.
The goal of a phishing email is to gain information about you, steal money from you, or install malware on your device.
Be suspicious of all unexpected emails.
I’ll cover this in more depth in our “Avoiding Social Engineering and Phishing Attacks” module.
I’ll see you in the next video!
Next we’ll talk about Cybersecurity for Electronic Devices
When you think about cybersecurity, remember that electronics such as smartphones and other Internet-enabled devices may also be vulnerable to attack.
Take appropriate precautions to limit your risk.
Why does cybersecurity extend beyond computers?
Actually, the issue is not that cybersecurity extends beyond computers.
It's that computers extend beyond traditional laptops and desktops.
Many electronic devices are computers.
From cell phones and tablets to video games and car navigation systems.
While computers provide increased features and functionality, they also introduce new risks.
Attackers may be able to take advantage of these technological advancements to target devices previously considered "safe."
For example, an attacker may be able to infect your cell phone with a virus, steal your phone or wireless service, or access the data on your device.
Not only do these activities have implications for your personal information, but they could also have serious consequences if you store corporate information on the device.
What types of electronics are vulnerable?
Any piece of electronic equipment that uses some kind of computerized component is vulnerable to software imperfections and vulnerabilities.
The risks increase if the device is connected to the internet or a network that an attacker may be able to access.
Remember that a wireless connection also introduces these risks.
The outside connection provides a way for an attacker to send information to or extract information from your device.
Let’s talk about a few ways you can protect yourself:
First, Remember physical security.
Having physical access to a device makes it easier for an attacker to extract or corrupt information.
Do not leave your device unattended in public or easily accessible areas.
Second, Keep software up to date.
If the vendor releases updates for the software operating your device, install them as soon as possible.
Installing them will prevent attackers from being able to take advantage of known problems or vulnerabilities.
Third, Use strong passwords.
Choose devices that allow you to protect your information with passwords.
Select passwords that will be difficult for thieves to guess, and use different passwords for different programs and devices.
Do not choose options that allow your computer to remember your passwords.
Fourth, Disable remote connectivity.
Some mobile devices are equipped with wireless technologies, such as Bluetooth, that can be used to connect to other devices or computers.
You should disable these features when they are not in use.
Fifth, Encrypt files.
If you are storing personal or corporate information, see if your device offers the option to encrypt the files.
By encrypting files, you ensure that unauthorized people can't view data even if they can physically access it.
When you use encryption, it is important to remember your passwords and passphrases; if you forget or lose them, you may lose your data.
Finally, Be cautious of public Wi-Fi networks.
Follow these recommendations when connecting to any public wireless hotspot like on an airplane or in an airport, hotel, train/bus station or café:
Confirm the name of the network and exact login procedures with appropriate staff to ensure that the network is legitimate.
Do not conduct sensitive activities, such as online shopping, banking, or sensitive work, using a public wireless network.
Only use sites that begin with “https://” when online shopping or banking.
Using your mobile network connection is generally more secure than using a public wireless network.
I’ll see you in the next video!
Let's talk about Protecting Your Privacy.
Before submitting your email address or other personal information online, you need to be sure that the privacy of that information will be protected.
To protect your identity and prevent an attacker from easily accessing additional information about you, be cautious about providing your birth date, Social Security number, or other personal information online.
How do you know if your privacy is being protected?
Read the Privacy policy
Before submitting your name, email address, or other personal information on a website, look for the site's privacy policy.
This policy should state how the information will be used and whether or not the information will be distributed to other organizations.
Companies sometimes share information with partner vendors who offer related products or may offer options to subscribe to particular mailing lists.
Look for indications that you are being added to mailing lists by default—failing to deselect those options may lead to unwanted spam.
If you cannot find a privacy policy on a website, consider contacting the company to inquire about the policy before you submit personal information, or find an alternate site.
Privacy policies sometimes change, so you may want to review them periodically.
Look for Evidence that your information is being encrypted
To prevent attackers from stealing your personal information, online submissions should be encrypted so that it can only be read by the appropriate recipient.
Many sites use Secure Sockets Layer (SSL) or Hypertext Transport Protocol Secure (https).
A lock icon in the bottom right corner of the window indicates that your information will be encrypted.
Some sites also indicate whether the data is encrypted when it is stored.
If data is encrypted in transit but stored insecurely, an attacker who is able to break into the vendor's system could access your personal information.
What additional steps can you take to protect your privacy?
Do business with credible companies
Before supplying any information online, consider the answers to the following questions:
Do you trust the business?
Is it an established organization with a credible reputation?
Does the information on the site suggest that there is a concern for the privacy of user information?
Is legitimate contact information provided?
If you answered “No” to any of these questions, avoid doing business online with these companies.
Do not use your primary email address in online submissions
Submitting your email address could result in spam.
If you do not want your primary email account flooded with unwanted messages, consider opening an additional email account for use online.
Make sure to log in to the account on a regular basis in case the vendor sends information about changes to policies.
Avoid submitting credit card information online
Some companies offer a phone number you can use to provide your credit card information.
Although this does not guarantee that the information will not be compromised, it eliminates the possibility that attackers will be able to hijack it during the submission process.
Devote one credit card to online purchases
To minimize the potential damage of an attacker gaining access to your credit card information, consider opening a credit card account for use only online.
Keep a minimum credit line on the account to limit the amount of charges an attacker can accumulate.
Avoid using debit cards for online purchases
Credit cards usually offer some protection against identity theft and may limit the monetary amount you will be responsible for paying.
Debit cards, however, do not offer that protection.
Because the charges are immediately deducted from your account, an attacker who obtains your account information may empty your bank account before you even realize it.
Take advantage of options to limit exposure of private information
Default options on certain websites may be chosen for convenience, not for security.
For example, avoid allowing a website to remember your password.
If your password is stored, your profile and any account information you have provided on that site is readily available if an attacker gains access to your computer.
Also, evaluate your settings on websites used for social networking.
The nature of those sites is to share information, but you can restrict access to limit who can see what.
Now you understand the basics of protecting your privacy.
I’ll see you in the next episode!
You will be able to recognize and avoid malicious emails plus you'll be able to identify the hallmarks of phishing attacks.
Let’s talk about the importance of reviewing End-User License Agreements
Before accepting an end-user license agreement, make sure you understand and are comfortable with the terms of the agreement.
What is an end-user license agreement?
An end-user license agreement (EULA) is a contract between you and the software's vendor or developer.
Some software packages state that by simply removing the shrink-wrap on the package, you agree to the contract.
However, you may be more familiar with the type of EULA that is presented as a dialog box that appears the first time you open the software.
It usually requires you to accept the conditions of the contract before you can proceed.
Software updates and patches may also include new or updated EULAs that have different terms than the original.
Some EULAs only apply to certain features of the software, so you may only encounter them when you attempt to use those features.
Unfortunately, many users don't read EULAs before accepting them.
The terms of each contract differ, and you may be agreeing to conditions that you later consider unfair or that expose you to security risks you didn't expect.
What terms may be included?
EULAs are legal contracts, and the vendor or developer may include almost any conditions.
These conditions are often designed to protect the developer or vendor against liability, but they may also include additional terms that give the vendor some control over your computer.
The following topics are often covered in EULAs:
Distribution - There are often limitations placed on the number of times you are allowed to install the software and restrictions about reproducing the software for distribution.
Warranty - Developers or vendors often include disclaimers that they are not liable for any problem that results from the software being used incorrectly.
They may also protect themselves from liability for software flaws, software failure, or incompatibility with other programs on your computer.
The following topics, while not standard, are examples of other conditions that have been included in EULAs.
They present security implications that you should consider before accepting the agreement.
Monitoring - Agreeing to the EULA may give the vendor permission to monitor your computer activity and communicate the information back to the vendor or to another third party.
Depending on what information is being collected, this type of monitoring could have both security and privacy implications.
Software installation - Some agreements allow the vendor to install additional software on your computer.
This may include updated versions of the software program you installed.
The determination of which version you are running may be a result of the monitoring described above.
Vendors may also incorporate statements that allow them or other third parties to install additional software programs on your computer.
This software may be unnecessary, may affect the functionality of other programs on your computer, and may introduce security risks.
Now you know the basics about reviewing end-user license agreements.
I’ll see you in the next video.
Let’s take a minute before we move on to debunk some common myths about cyber security.
How are these myths established?
There’s no one cause for these myths.
They may have been formed because of a lack of information, an assumption, knowledge of a specific case that was then generalized, or some other source.
As with any myth, they are passed from one individual to another, usually because they seem legitimate enough to be true.
Why is it important to know the truth?
While believing these myths may not present a direct threat, they may cause you to be more lax about your security habits.
If you are not diligent about protecting yourself, you may be more likely to become a victim of an attack.
So let’s go over some common myths and what the truth is behind them:
Myth #1: Anti-virus software and firewalls are 100% effective.
Truth: Anti-virus software and firewalls are important elements to protecting your information.
However, neither of these elements are guaranteed to protect you from an attack.
Combining these technologies with good security habits is the best way to reduce your risk.
We’ll cover both of these in more depth in Understanding Anti-Virus Software and Understanding Firewalls later on in the course.
Myth #2: Once software is installed on your computer, you do not have to worry about it anymore.
Truth: Vendors may release updated versions of software to address problems or fix vulnerabilities.
We’ll cover this process in Understanding Patches later on.
You should install the updates as soon as possible.
Some software even offers the option to obtain updates automatically.
Making sure that you have the latest virus definitions for your anti-virus software is especially important.
Myth #3: There is nothing important on your machine, so you do not need to protect it.
Truth: Your opinion about what is important may differ from an attacker's opinion.
If you have personal or financial data on your computer, attackers may be able to collect it and use it for their own financial gain.
Even if you do not store that kind of information on your computer, an attacker who can gain control of your computer may be able to use it in attacks against other people.
You’ll learn more about these kinds of attacks in our “Understanding Denial-of-Service Attacks” module and our “Understanding Hidden Threats: Rootkits and Botnets” modules later on in the course .
Myth #4: Attackers only target people with money.
Truth: Anyone can become a victim of identity theft.
Attackers look for the biggest reward for the least amount of effort, so they typically target databases that store information about many people.
If your information happens to be in the database, it could be collected and used for malicious purposes.
It is important to pay attention to your credit information so that you can minimize any potential damage.
You’ll learn more about this in our “Preventing and Responding to Identity Theft” module later on in the course.
Myth #5: When computers slow down, it means that they are old and should be replaced.
Truth: It is possible that running newer or larger software programs on an older computer could lead to slow performance…
but you may just need to replace or upgrade a particular component like the memory, operating system, CD or DVD drive, etc..
Another possibility is that there are other processes or programs running in the background.
If your computer has suddenly become slower, it may be compromised by malware or spyware, or you may be experiencing a denial-of-service attack.
You’ll learn more about this in our Recognizing and Avoiding Spyware module and our Understanding Denial-of-Service Attacks module.
I’ll see you in the next video.
Congratulations!!!
You made it through Cybersecurity for User 101.
And remember, If you see something say something.
Here are a few indicators that something might be wrong.
Your computer may unexpectedly crash without clear reasons.
New files or programs with strange names will mysteriously appear.
There will be sudden high system activity like your harddrive or your processor.
You'll see bizarre changes in filings or modification dates on your files.
There'll be a denial of service to whatever system or application you're trying to use.
You'll have unexplained poor system performance or you'll receive suspicious communication from unknown sources.
Now a little caveat here, just because you don't have access to the Internet or your system is slower than usual, doesn't necessarily mean you've been compromised or that you're experiencing a denial of service attack.
The best thing to do here is to reach out to your IT department and give them a heads up on the changes that you've noticed.
Strange system performance is one thing but if you do believe that you've been a victim of a phishing attack or some type of infection, immediately report the incident to your IT helpdesk or your security office.
The more information you can give them, like what you were doing around the time that you noticed things were
different the better they can assist you.
If you're a home user, live in the United States, or you think or know that your identity has been compromised, use the Federal Trade Commission's resource at identitytheft.gov to report the incident and get guidance on your recovery plan.
If you believe that you might have revealed sensitive information about your organization even by accident and especially by accident, please report it to the appropriate people within your organization, including network administrators.
This can help your organization be on alert for any type of suspicious communications or unusual activity.
Thank you so much for joining me.
If I can explain something better or add something that you think is important.
Please let me know.
I'm more than happy to keep this course updated in order to serve you.
Please leave an honest review, as this does help me get more eyes on the course.
Other than that please have a great day and be safe out there.
Thank you so much for joining me.
So you’re probably asking, what are the next steps?
If you want to continue building your security awareness, you can find my cybersecurity survival guide on Amazon.com.
You can also continue with the next course in this series, Cybersecurity for Users 102.
If you’d like to get more technical, I recommend taking Mike Myers Security+ Course here on Udemy.
And if you’d like my help assessing gaps in your company’s security posture, or you just have cybersecurity questions or suggestions for this course, you can email me at david@hailbytes.com.
Thank you again for spending this time with me, and please consider leaving an honest review to help others find this course!
Why security awareness?
According to the Verizon 2026 Data Breach Investigations Report, the human element was involved in 62% of all breaches. Attackers rarely need to break the technology when they can simply trick a person. And with generative AI now used to industrialize phishing and social engineering, the lures are more convincing than ever.
Here is the part most people miss: the 2025 DBIR found that 8% of employees account for 80% of security incidents. The risk is human and it is concentrated, which means a little awareness in the right hands goes a long way.
This course gives you that awareness in under an hour. No jargon, no fear-mongering, no victim-blaming. Just the practical knowledge to recognize the threats that target ordinary people every day, and the habits that stop them.
What you will learn:
- How to recognize phishing and social engineering before you click
- The security habits that protect your devices, accounts, and privacy
- Why these attacks succeed, so you can spot the red flags yourself
- What to do the moment you suspect something is wrong
Who it is for:
This course is built for people, not security teams. If you use email, browse the web, or store anything digitally, it is for you. Employees, remote workers, team leads building a security culture, and complete beginners will all leave more confident and harder to fool.
You do not need any technical background. Bring any device and an open mind, and you will finish with skills that protect both you and the organization you work for.