Understanding your cybersecurity crown jewels

- Most of us have considerably large online footprints. We have dozens of email accounts, numerous social media profiles, different types of cloud storage like Apple iCloud or Google Drive. We have so many different bank accounts, and lots of computers and devices in our homes. For me, it's almost too much to count. In fact, I was looking at my password manager where I store my unique username and passwords for all of my accounts, I have over 250 different accounts. It can be very overwhelming to think about how to start protecting your personal information when there are so many different possibilities. It can seem almost impossible. I've heard this over and over from people I help that it's so overwhelming, why even bother to start? However, there's a concept that can be very helpful to cut through the noise and make it easier to grasp how to protect yourself, and that's the concept of crown jewels. Crown jewels are a metaphor for the most valuable items of your digital identity that need to be protected. And just like the crown jewels, that are extremely valuable for a kingdom, are locked behind lots of different layers of protection. That's the same philosophy that we want to use to protect the crown jewels of your digital identity. In order to assess which of your digital assets are crown jewels, you should use a risk-based approach. To protect yourself from the vast majority of online harm, you don't have to protect all 250 accounts or the dozens of different devices that you have. Instead, you want to focus on the items that pose the most risk to you if a bad actor were to get access to them. The way I think about risk in this situation is to think about the impact. Again, if a bad actor were to get access to a piece of information, or an account, or device, how much harm could they cause you? And the more harm, that means, the more impact, which means the more risk, which means that item or that account or that device, that should be your crown jewel. A quick example of this is think about your online bank account. If a bad actor were to access your online bank account, they could potentially steal thousands of dollars and transfer it from your bank to their bank. And contrast that to if a bad actor were to get access to your shopping account like Amazon, now, that wouldn't be good, but a bad actor can probably do much less harm to you with access to your Amazon account than they could with access to your bank account. And this concept of crown jewels and thinking about it from a risk management perspective can be applied when you think about all of the different assets in your personal cybersecurity and identity. So one way to start thinking about your crown jewels and your digital identity in a more manageable way is to break down the different types of assets that we have in these areas. And the way I do that is breaking into three groups, devices, accounts, and your identity. If you protect your crown jewels in each of these categories, then you'll be protecting yourself from the majority of harm that a bad actor could do if they got access to any of these entities. So an example for devices is that your cell phone, the one that you carry with you every day, is most likely your most important crown jewel amongst your devices. That's because your phone has lots of information about you, lots of ways to communicate like SMS or email or a phone call, and it has things like your bank accounts, social media, etcetera. For accounts, an example might be your bank account versus a shopping account, or your primary email account where you do correspondence, that's likely a crown jewel. For the rest of the course, we're going to focus on your identity and the crown jewels about your identity. It is important to always protect your crown jewels across these three categories. For the rest of the course, we're going to focus on your identity and preserving your privacy, because at the end of the day, privacy is really about keeping the elements of your identity safe from bad actors.