In cybersecurity, we spend a lot of time talking about complex attacks โ zero-days, APTs, nation-state hackers. But the truth is, most people get compromised through basic, preventable mistakes.
I've seen it countless times. The same patterns over and over. And the frustrating thing is โ none of these require technical knowledge to fix. Just habits. Build these 10, and you'll be safer than 95% of people online.
๐๏ธ The KaliTech principle
Security isn't a product you buy. It's a practice you build. Like Kali's discipline โ consistent, relentless, intentional.
The 10 Habits
1
Use a Password Manager Easy
Stop reusing passwords. Stop writing them in a notes app. A password manager (Bitwarden is free, 1Password is excellent) generates and stores unique, strong passwords for every site. One strong master password to remember, everything else is 30-character random strings.
โ Bitwarden (free, open source), 1Password ($3/mo), KeePass (local)
2
Enable MFA on Everything Important Easy
Multi-factor authentication blocks 99.9% of account attacks. Use an authenticator app (not SMS if possible). Priority order: email โ password manager โ banking โ social media. If you haven't read my full MFA guide yet, do that first.
โ Microsoft Authenticator, Google Authenticator, or Authy
3
Think Before You Click Easy
Phishing is still the #1 attack vector. Before clicking any link in an email: hover to see the real URL, check if the sender's domain is legitimate (not "microsoft-support.net"), and ask yourself โ did I expect this email? When in doubt, go directly to the site instead of clicking the link.
โ Hover over links before clicking. Real emails don't need you to click urgently.
4
Keep Everything Updated Easy
Most successful malware exploits known vulnerabilities โ meaning patches already exist. Updates close those holes. Enable automatic updates for your OS, browser, apps, and router firmware. "I'll update later" is how you get ransomwared.
โ Turn on auto-updates. Router firmware needs manual checking every few months.
5
Use a VPN on Public Wi-Fi Easy
Coffee shop, airport, hotel โ public Wi-Fi is dangerous. Attackers can set up fake hotspots or intercept traffic. A VPN encrypts your connection. Not required at home on a trusted network, but essential on any public network. Don't use free VPNs โ they often sell your data.
โ Mullvad (anonymous, $5/mo), ProtonVPN (free tier available), NordVPN
6
Back Up Your Data โ 3-2-1 Rule Medium
Ransomware encrypts your files and demands payment. The best defense: backups that aren't connected to your main system. The 3-2-1 rule: 3 copies, on 2 different media types, with 1 offsite. At minimum: one external drive + one cloud backup (not just OneDrive sync).
โ 3 copies, 2 media types, 1 offsite. Test your backups โ a backup you've never restored is a guess.
7
Lock Your Devices & Use Screen Timeouts Easy
Physical access bypasses most digital security. Set your screen to lock after 5 minutes of inactivity. Use a PIN, password, or biometric to unlock. This applies to laptops, phones, and tablets. A sticky note password on a locked screen defeats the purpose.
โ 5-minute screen lock, strong PIN/password, don't leave devices unattended in public.
8
Audit Your App Permissions Medium
That flashlight app doesn't need access to your contacts and location. Periodically review what permissions your apps have. On Android: Settings โ Privacy โ Permission Manager. On iOS: Settings โ Privacy & Security. Remove access that doesn't make sense for what the app does.
โ Do this quarterly. Delete apps you haven't used in 6 months.
9
Separate Your Email Addresses Medium
Use different email addresses for different risk levels: one primary for important accounts (banking, work), one for shopping/newsletters (gets spammed), and optionally one for throwaway signups. This limits the blast radius if one account is compromised. Use aliases in Gmail (yourname+shopping@gmail.com) or get a privacy-focused email like ProtonMail.
โ Primary + secondary minimum. Use SimpleLogin or AnonAddy for aliases.
10
Know What a Breach Looks Like โ Stay Informed Easy
Check haveibeenpwned.com to see if your email has appeared in known data breaches. Turn on breach alerts. Follow security news sources โ not to be paranoid, but to know when a service you use has been compromised so you can act fast. Early knowledge = limited damage.
โ haveibeenpwned.com โ check your email and phone number right now.
Your 10-Minute Security Audit
โ
Do these right now:
Install Bitwarden and import/save your passwords
Enable MFA on your primary email account
Check haveibeenpwned.com for your email
Set your screen lock timeout to 5 minutes
Check your phone app permissions (remove anything suspicious)
Make sure your OS and apps are up to date
Verify you have at least one offline backup of important files
๐ก The mindset shift
Security isn't about being paranoid. It's about making yourself a harder target than average. Attackers are lazy โ they go for easy wins. If you do half of what's on this list, most automated attacks will move past you to an easier target.
None of these habits require technical expertise. They just require consistency. Build one per week for 10 weeks and you'll be fundamentally safer online than you are today.
Questions? Drop them in the comments or find me on @thekalitechie. More security content coming every week ๐๏ธ
โ Back to all posts