Trying to stay safe online can be confusing and overwhelming — but Caitlin Sarian’s educational, bite-size videos aren’t. Since 2023, Sarian has made it her mission to help the public protect their privacy on the internet, primarily through digestible social media posts covering everything from how to send a file securely to common scams used by cybercriminals.
Over the course of her career, Sarian has been a global cybersecurity lead at TikTok and senior manager of data protection at a law firm, and served as a cybersecurity consultant for nearly 10 years. But today, her 2 million-plus Instagram and TikTok followers primarily know her by her nickname: Cybersecurity Girl. Just one year after launching her social media accounts, Sarian was named a Cybersecurity Woman Influencer of the Year and one of Top Cyber News Magazine’s 40 Under 40, and now, she spearheads the “world’s largest cybersecurity education platform,” per a video she posted last year.
“This isn’t just my journey — it’s a movement,” she said. “I want to empower more women, more professionals, more everyday people to take control of their online security.”
No idea where to start when it comes to internet privacy? We picked Sarian’s brain to learn tangible steps we can all take to protect ourselves. Read on for her expert advice.
This interview has been edited for brevity and clarity
Where is our data the most vulnerable online, and what can we do about it?
For data most likely to be exposed in a data breach: The answer is third-party companies — retailers, health care providers, social media platforms, and apps you downloaded years ago and forgot about. Your information is sitting in databases you do not control. When they get breached, your data goes with them.
What you can do is control the damage. Use a unique password for every account so one breach does not unlock others, turn on multi-factor authentication wherever possible, and delete old accounts you no longer use (don’t just delete them off your homepage — actually request to delete your account in their settings). You cannot stop every breach, but you can stop one breach from becoming 10.
For data most likely to be exploited to access your accounts: Your email is the biggest target. If someone gets into your inbox, they can reset passwords, intercept verification links, and pivot into your banking, social media, cloud storage, and more.
The fix is to lock down your email and your other key accounts. Use a long, unique password for your email and turn on multi-factor authentication, and then do the same for high-value accounts like banking, primary social media, and cloud storage. Review your recovery email addresses and phone numbers, and remove anything you do not recognize. Your email should be the hardest account to break into because it controls the rest.
For data most likely to be exposed publicly: Social media and data broker sites are at the top of the list. Birth dates, family member names, job history, location updates — individually, these details seem harmless. Together, they create a roadmap for identity theft and social engineering.
To reduce this risk, be intentional about where you create accounts. You do not need an account for every website you visit. When possible, check out as a guest, and limit how many companies store your information in the first place. Tighten your privacy settings and remove unnecessary personal details from social platforms.
You can also request that major data brokers remove your information from their databases (follow my viral series on deleting your online data to learn how). And if you are in the United States, freezing your credit is one of the strongest preventative steps you can take. A credit freeze prevents new accounts from being opened in your name without your authorization.
The less data that exists about you and the less accessible it is, and the harder it is for someone to misuse it.
For data most vulnerable to manipulation: The biggest risk is not a system — it’s human behavior. Through phishing emails, impersonation scams, fake urgency, and deepfakes, attackers increasingly exploit emotion rather than technology.
The solution is to slow down. Do not click links from unexpected messages. Go directly to official websites, and verify before you trust. Most scams depend on speed and emotion. Giving yourself time is a powerful defense.
What’s an unexpected way you’ve seen people risk their online safety, and what can they do to protect themselves?
Probably the most unexpected way is creating accounts everywhere you go. Every website wants you to sign up. Every app wants your full profile. The more accounts you create, the more places your data lives and the more opportunities there are for it to be breached.
You do not need an account for every online purchase. Check out as a guest when you can. Consider using a separate email address for shopping or newsletters. Some people even maintain an online alter ego for non-essential sign-ups, meaning limited personal details and no connection to primary accounts.
You do not owe every platform your full identity.
To what extent can the average person realistically protect their privacy online?
Total privacy is unrealistic if you are using any type of smart device or going online, but meaningful control is absolutely realistic.
You cannot completely disappear from the internet. Your data exists in corporate databases, public records, and marketing ecosystems that are far outside your visibility. But you can dramatically shrink your exposure.
Privacy is not about perfection — it’s about raising the cost of targeting you. Most attackers move on when it becomes inconvenient.
What are the first three steps you’d recommend to someone who’s never made an effort to protect their information online?
1. Identify your key accounts and lock them down.
Start with your email, banking, primary social media, cloud storage, and phone carrier — these are your gateway accounts. Make sure each one has a strong, unique password and multi-factor authentication turned on. Protect the accounts that control your digital life first.
2. Reduce your public exposure.
You do not need to post everything. Look at which apps have access to your location, photos, contacts, microphone, and camera. Turn off anything that is not necessary. On social media, remove personal details like your full birth date, home address, and real-time location. The less information that is publicly available, the harder it is for someone to profile or target you.
3. Do not believe everything you see online.
Phishing scams are everywhere, and they are getting more convincing. Just because an email looks official or a message feels urgent does not mean it is legitimate. Only trust verified sources, go directly to a company’s website instead of clicking links, and give yourself a moment before reacting. Most scams rely on urgency and emotion. Slowing down is one of the most powerful security tools you have.
RELATED: It’s Tax Season: 6 Security Tips to Protect Your Online Privacy & Avoid Scammers
Share to:
