Disclaimer: I am not a security expert, I will probably never be one. These people are security experts go trust them.

Who are you trying to defend against?

Different tools and practices defend against different levels of threats. See Threat model. As the resources of the attacker goes up so does the cost (as in time, monetary, or effort) increase.

For example: A different set of tools are used to defend against your little sibling from reading your emails then defending against China/USA government.

  1. (Low) Siblings
  2. Local Network (School, or inside your house)
  3. ISP (Shaw, Telus, etc..)
  4. Local Government (City, State or Provence)
  5. Foreign Governments (China, Russia, USA, etc...)
  6. (High) National Government (Country, CSEC, NSA, etc.. )

It becomes very expensive and time-consuming to protect against your national government. As they can physically arrest you and put you in jail until you give them your passwords or use the wrench method.

alt text

http://xkcd.com/538/

I personally try to defend against my local government, as well as do some of the easy stuff to defend against foreign governments.

Tools

I have arranged this section from the easiest tools/practices that will have a low-high impact on your life. Do the low hanging fruit (Easy stuff) first and work your way up as you get more confortable.

Low impact on your life

  • https-everywhere - This is a browser extension that checks and auto reroutes your traffic from the non secure "http" to the secure "https" version of a website if the website supports it. Low Impact on your life, just install it and forget about it.

  • Screen saver, On resume display lock screen - When you walk away from your computer you want your computer to automatically lock. Low Impact on your life, configure it once.

  • System Update (aka windows update) - Its annoying I get it, but install all system update as soon as they appear.

  • Signal Private Messenger - Phone app that replaces your default SMS/Text messaging app with a secure messaging app. Low impact on your life. Android, iOS

Moderate impact on your life

  • LastPass or an alternatives - A password database. Never use the same password twice. This allows you to use a different password on each website that requires you to create an account. If one website gets hacked and your password gets stolen they can't log into every other site that you used that password on. Moderate impact on your life, You need to login to the password database before logging into any other website.

  • Bios password

  • Any deal that is too good to be true, probably it isn’t. Be cautions every time you encounter such offers (or emails).

  • Full disk encryption.

High impact on your life

  • 2-factor (or more) authentication.

  • Nothing is free. This is particularly true for apps or software. Free often means if you give us access to your personal data.

  • If you use public WiFi, use a VPN.

Extreme impact on your life

  • You can’t lose what you don’t have. - Think twice before creating anything digital you wouldn’t want exposed including malicious email and nudie pics.