Everyday Cyber Security Practices | Spencer Coursen

Recent news has once again shed light onto the ever increasing need to engage your cyber security with the same vigilance as your personal security.  All too often, our own complacency leaves us vulnerable to the exploitation efforts of the less than noble.  You don’t need to be a skilled practitioner of computer science or a tech guru to keep yourself safe.  You just need to know and employ the basics as discussed below: CyberSecurityPicture

  • Install strong virus and malware protection for all computers that access social networking sites.  Be sure to update the software whenever possible.  When the pop-up screen for an update is available try to always click “download and install” rather than “remind me later.”  Cyber probes and attacks increase greatly in the timeframe between software updates when they have figured out the old system, but have yet to figure out the new.  Don’t tip the advantage to the favor of your adversary.
  • Passwords should be strong and frequently changed.  It is important to not use the same password for more than one site, nor is it good to keep the same passwords in rotation.  Strong passwords are at least 6 characters long and combine numbers, symbols and letters (in varying case)  Do not use any passwords that contain anything that might be found in a dictionary or which have a personal association i.e.; your SS #,  school sports number (Jordan23) or anything with your day, month, year of birth.  The stronger a password, the more difficult it will be to be guessed or hacked.  4U@7Yu is a much stronger password than pass123word
  • Do not visit unknown websites sent to you via private messages and emails from persons you don’t know know – this also goes for website invites which may seem out of character for those persons you do know.  Your mom is very likely not recommending you buy pharmaceuticals from Korea.  If it seems like a fraud…it’s a fraud.
  • Social Media should never include private information.  Don’t put anything on your social media page you would not be comfortable sharing with everyone.  Privacy settings on websites like Facebook, LinkedIn, Twitter, Instagram and a variety of other social-sharing sites change often.  Familiarize yourself with the site’s privacy settings and be sure take advantage of the options offering you the most privacy.  Pictures of your home, car, and associated geotags are all useful pieces of information a potential hacker may use to exploit your cyber identity.
  • Create unique answers to password recovery questions.  Inevitably we will all at one time or another forget a password.  When setting up your recovery options, it is perfectly acceptably to answer the generic questions with something completely random. These answers are not checked for truthfulness and are simply in place to protect your information from unauthorized attempts at gaining access.  Cyber criminals are quite skilled at finding out the real answers to these password challenge questions from friends, colleagues, or from information you or your online acquaintances have previously posted online.  For the purposes of password recovery,  “Abracadabra” is a perfectly acceptable answer to “What is your mothers maiden name?” Your own imagination is often times your best security option.
  • Do not “jail break” your mobile device.  Doing so requires the user to disable the intrinsic security features of the device which means malicious applications will have access to all facets of information on your phone – regardless of your permission.  Applications downloaded from verified vendors like Apple’s App Store have requirements that help protect the user.  These requirements are bypassed once the jailbreak has taken place, which means the applications will no longer need to ask your permission before granting access to your contacts, GPS location or information associated with other files on your phone, like your pictures, text messages and emails.
  • Do not engage in illegal downloads.  Unlicensed internet services offering free downloads, zip files, or torrents of movies, music and other software packages often contain malicious spyware that is specifically designed to exploit your cyber security.  These illegal downloads are often the main distribution method for delivering a virus or a trojan horse to your system.
  • Create specific email addresses for specific uses.  Avoid using the same email account for all of your internet activity.  Employing task-specific email addresses will reduce your vulnerability by having your activities compartmentalized into those specific email accounts, and will limit the amount of damage any one compromised account can do to your overall cyber security.  There is no limit to email addresses you may create.  Trust me, you’ll still be able to find the friends you want to follow, it just won’t be as easy for them to find you…this is a good thing. Having one email account for Facebook, one for twitter, another for correspondence, and yet another for e-commerce is perfectly acceptable and encouraged.
  • Do not label folders or sub-folders with titles that promote intrigue or interest.  Labels such as “Passwords”  “Bank Account” and “Important” are all specifically targeted items of interest in cyber attacks and probing mechanisms.  Instead, label things with specific meaning to you with names of seemingly unrelated associations.  If you’re favorite dessert is chocolate cake this may be the name of your favorites folder, whereas the food that gives your heartburn may be the appropriately named folder associated with your annoying co-worker.  This practice also works great for the “notes” application on your mobile device.
  • Utilize “Drafts” in an unassociated email account.  With every website requiring a unique sequence of usernames, passwords, and additional log in features, it is often hard to keep track of them all – especially when they are all independently changed at varying intervals. Creating an additional email address known only to you, and then storing this information in a “Draft Email”  will afford you a secure online hiding place for your information that you can access globally.
  • Log out of accounts when done.  You don’t have to shut down your computer, but the simple act of logging out of accounts especially on shared wifi, networks or computers (think Starbucks free wifi) will prevent the unfavorable access of your private information.

Following these everyday practices will reduce your own likelihood of being victimized, and will help you to prepare today for a safer tomorrow.



Spencer Coursen is a nationally recognized threat management expert who has an exceptional record of success in the assessment, management, and resolution of threats, domestic and global security operations, investigations, policy authorship, and protective strategy.



Spencer Coursen | Understanding Kidnapping

kidnap for ransom | Spencer Coursen

Kidnapping is understood as seizing or detaining a person unlawfully and against their will. Kidnapping in the United States is rare, with most cases involving child custody disputes between parents. Regrettably, the last report on missing children by the National Center for Missing and Exploited Children (NCMEC) was last conducted in 1999.

In this report, approximately 800,000 children were reported missing, 200,00 children were abducted by family members, and 58,000 children were abducted by non-family members.
(Note: It is important to understand that these figures are mostly comprised of children who were reported “missing” but were “found” moments later, or children who had been taken by family or non-family persons (babysitters) with no expectation of harm to the child ever being attempted, envisioned, or planned – often the result of miscommunication. A scenario similar to where a mother “loses” her child in the produce isle of the supermarket, reports it to the associate watering the mellon, who in turns radios for help – only to have the “missing child” be “found” in the candy section within minutes is included in these figures since the “missing child” was reported to “an authority figure” – in this case, supermarket management. Similarly, miscommunications between family and non-family members which involve any contact with the police related to the unknown location of a child are counted in the sampled data of the NCMEC)

The real number of what people generally identify with kidnapping are significantly lower, with 115 children (under the age of 18) involved in scenarios where the child was held overnight, transported +50 miles away, killed, ransomed, or held with the intent of never being released.

Ernst Kahlar Alix, in “Ransom Kidnapping in America” identified 15 categories of kidnapping from case-studies of 100 years of news reports:

•Hostage Situations
•Domestic Relation Kidnapping
•Plot or Abortive Ransom Kidnapping
•Developmental Ransom Kidnapping
•Miscellaneous Kidnapping
•Kidnapping for Robbery
•Kidnapping for Murder or other Non-•Sexual Assault
•White Slavery
•Child Stealing
•Ransom Skyjacking
•Romantic Kidnapping
•Ransom Kidnapping Hoax
•Ransom Threat for Extortion
•Classic Ransom
•Kidnapping or Rape or Sexual Assault

Kidnappers are for the most part professionals, dedicated to their trade and who are willing to invest the time, effort and resources into identifying their target. Kidnappers, like most criminals, will always look to identify the most ideal set of circumstances which will support a successful endeavor.

In the United States, it is important to involve the authorities at the earliest possible opportunity. Adding to this domestic sense of urgency to involve the police is understanding how crucial the first few hours are to the survival of the child – especially the first 3 hours. A 2006 study by the NCMEC indicated that 76.2 percent of kidnapped children who are killed are dead within the first three hours of the abduction.

If overseas, it is important to contact the United States embassy first – not the local authorities. In the United States, kidnap for ransom is very rare, police corruption is very low. In the United States there is a comprehensive law enforcement network which can support a timely resolution. These factors are rarely present overseas and the 3 hour rule is negated as kidnap for ransom, especially of an American, is almost always financially motivated.

The likelihood of any of us being in an airplane crash is rather unlikely, yet when we board the plane, the first thing we all do after we take our seat is go through the safety brief. A familiarization with the plan and an understanding of the preventative measures employed promote both our collective and personal safety.

Finding ourselves the victim of kidnapping is perhaps even more unlikely, but it’s always good practice to be prepared…

Reducing your vulnerability:

In most cases, the intended victim is a variable the kidnapper is willing to interchange if their chance of success improves. An individual taking even the most basic safety and personal security precautions can significantly increase their vulnerability reduction, and those who take no safety precautions actually enhance the precautions of those who do. Something as simple as modifying your daily movements more than twenty minutes in any direction decreases your chance of being a victim. Taking alternate routes to and from work, school or the gym, or every so often driving around your block before pulling into your driveway sends a clear message to anyone taking notice that your actions are not overly predictable. Paying attention to your surroundings and identifying safe havens anytime you are further away than running distance of home should be common practice. The simplest of changes to your everyday routine could be the biggest reason for a would-be-kidnapper to decide you are not worth the risk when other easier targets are available.

If you are kidnapped:

•Employ any action or mindset that will maximize your chance for survival.

•Remember that your survival is the only thing that matters.

•Tell yourself as often as possible that you will survive – Remain Hopeful

•Any chance to escape or seek help should be taken

•It is important that you understand the reality of your situation and understand that every attempt is being made to rescue you.

•Maintain as high a level of fitness as possible and exercise your mind by making mental notes of every possible detail and then practice committing these details to memory.

•Cooperate as much as possible with demands, understanding that compliant behavior may lead to increased trust or privileges which may aid in your escape

•Assuming what is offered is not tainted, eat and drink as much as you can to stay healthy

When it’s all over:

It is important to understand the immediate need for therapy and counseling in the aftermath of a kidnapping. The return to normal is a long and difficult journey for someone who just spent a considerable and often prolonged period of time with someone who may have treated the victim with unimaginable actions and provided only the most basic of provisions.

Family, friends and coworkers should not expect the victim to simply pick-up where they left off, but rather be patient and understanding with the recovery process. Appropriate legal counsel and media professional should also be sought out to help with any legal or media issues inherent to the safe recovery of a person.

Kidnapping, like terrorism, promotes fear in the face of uncertainty and exploits the lack of knowledge, the lack of preparation, and the inherent complacency in their intended victims. Remaining safe and vigilant requires the participation of everyone. If we all do our part to walk a little taller and act a little smarter, even the smallest steps forward will lead to preparing today for a safer tomorrow.


Spencer Coursen helps manage unfavorable circumstance toward favorable resolve. He is a security advisor, analyst, consultant, and strategist who is dedicated to reducing risk and preventing violence. His systems and strategies help corporations, non-profit organizations, private individuals, schools, and at-risk public figures ensure the certainty of safety for all involved.




 @SpencerCoursen / @CoursenSecurity