Happy New Year from Security Watch! While
drafting my list of New Year's resolutions, I realized this was the
perfect opportunity to adopt new habits to improve my security hygiene.
In 2014, I resolve to take better care of my identity, my data, and my
devices.
I Will Improve My…Passwords
No more poor passwords! The next time there is a data breach, we won't be astounded at the fact that people are using "iloveyou" "password123" and "monkey" for their passwords. For 2014, we will make sure every single online account has a long, complex, and unique password. We will also pledge to change our passwords on a regular basis, to keep them fresh.
We aren't saying you have to store all the passwords in your head. Let 2014 be the year we finally start using a password manager such as 1Password or LastPass. Select a very complex password to secure your password manager, and then store each unique password inside. A password manager will also protect you from entering your login credentials into phishing sites.
Many sites, including Twitter, Facebook, Hotmail (Outlook.com), Gmail, and Dropbox, now offer two-factor authentication. Wherever we can, and unless we have a good reason ("not convenient" is not one), we will turn it on to protect our accounts from fraudsters trying to break in. We will check every few months in case more services have moved towards multi-factor authentication to secure our accounts.
I Will Protect My…Devices
Proper password usage won't be just limited to our online accounts; we will select strong passwords for our computers, the router for our home network, even for our mobile devices. A swipe-to-unlock is not secure at all. We should have a passphrase, a pattern unlock, or in the case of the iPhone 5, the fingerprint scanner, to keep thieves at bay.
Update software regularly. Adobe, Google, Microsoft, and Firefox offer automatic updates, where the application downloads and installs the latest version of the software in the background. Take advantage of the feature. For all other software packages—such as the printer driver, iTunes, or accounting software—let's break ourselves of the habit of ignoring the update prompt "for later," and update right away. Yes, in some cases, it will be annoying because it feels like the update prompt is coming every day. But it's much better than being told a month from now that the malware infection could have been avoided if we'd only updated Flash.
Speaking of malware, security software is critical, whether we are talking about a Mac, PC, or mobile devices. Just like all the other software packages, security software needs to be updated regularly as well.
Consider a firewall to prevent bad traffic from reaching the computer, and to block malware from "phoning home" with stolen data. Windows comes with a basic firewall, and there are third-party firewall software. I prefer to protect all the devices on the network—not just the computers, but also your smart TV, Apple TV, and anything else that has an IP address—in one swoop by turning on the firewall that comes with my network router.
I Will Secure My…Data
I pledge to improve my data security by encrypting all my information. Full disk encryption means that thieves can't access the data on the hard drive without guessing the password. I already encrypt my hard disk (thank you, Ubuntu), but I need to be better about encrypting all my data stored in the cloud and on flash drives, and when I am sharing files with other people. The biggest barrier to encryption is the fact that it isn't easy. Maybe it's time to think differently, to stop expecting everything to be easy.
We will regularly back up our files regularly, whether it's onto an external drive or using cloud services (encrypted, of course). Ransomware is very effective: after infecting the computer, the malware locks all the files. The only way to get all the photos, documents, and reports, back is to pay the ransom to the cyber-criminal. Or… if our files are properly backed up, we would be able to just wipe the hard drive and start over since our data is safe in a different location.
I Will Guard My…Identity
We will take advantage of the tools available to protect our privacy online, whether that's turning off location tracking, restricting who can see the contents of our social media profiles, or just plain thinking twice about posting something online. We will think twice about filling in every field on our social media profiles since some of the information can be used by criminals to guess our password hints (dog's name, place of birth, etc). I will also think twice about those silly memes where I enter my mother's maiden name or other facts that can be used to reset my passwords or unlock my accounts.
With every malware outbreak, data breach, and network incident, we shake our heads over security missteps, mistakes that in hindsight feel rather obvious, and user error. Instead of complaining about the same problems six months from now, let's make some changes in our personal security habits to avoid malware and phishing attacks. If we take some steps now, we may not be panicking during the next data breach (and we know there will be more).
Here is to a safe and secure year ahead!
I Will Improve My…Passwords
No more poor passwords! The next time there is a data breach, we won't be astounded at the fact that people are using "iloveyou" "password123" and "monkey" for their passwords. For 2014, we will make sure every single online account has a long, complex, and unique password. We will also pledge to change our passwords on a regular basis, to keep them fresh.
We aren't saying you have to store all the passwords in your head. Let 2014 be the year we finally start using a password manager such as 1Password or LastPass. Select a very complex password to secure your password manager, and then store each unique password inside. A password manager will also protect you from entering your login credentials into phishing sites.
Many sites, including Twitter, Facebook, Hotmail (Outlook.com), Gmail, and Dropbox, now offer two-factor authentication. Wherever we can, and unless we have a good reason ("not convenient" is not one), we will turn it on to protect our accounts from fraudsters trying to break in. We will check every few months in case more services have moved towards multi-factor authentication to secure our accounts.
I Will Protect My…Devices
Proper password usage won't be just limited to our online accounts; we will select strong passwords for our computers, the router for our home network, even for our mobile devices. A swipe-to-unlock is not secure at all. We should have a passphrase, a pattern unlock, or in the case of the iPhone 5, the fingerprint scanner, to keep thieves at bay.
Update software regularly. Adobe, Google, Microsoft, and Firefox offer automatic updates, where the application downloads and installs the latest version of the software in the background. Take advantage of the feature. For all other software packages—such as the printer driver, iTunes, or accounting software—let's break ourselves of the habit of ignoring the update prompt "for later," and update right away. Yes, in some cases, it will be annoying because it feels like the update prompt is coming every day. But it's much better than being told a month from now that the malware infection could have been avoided if we'd only updated Flash.
Speaking of malware, security software is critical, whether we are talking about a Mac, PC, or mobile devices. Just like all the other software packages, security software needs to be updated regularly as well.
Consider a firewall to prevent bad traffic from reaching the computer, and to block malware from "phoning home" with stolen data. Windows comes with a basic firewall, and there are third-party firewall software. I prefer to protect all the devices on the network—not just the computers, but also your smart TV, Apple TV, and anything else that has an IP address—in one swoop by turning on the firewall that comes with my network router.
I Will Secure My…Data
I pledge to improve my data security by encrypting all my information. Full disk encryption means that thieves can't access the data on the hard drive without guessing the password. I already encrypt my hard disk (thank you, Ubuntu), but I need to be better about encrypting all my data stored in the cloud and on flash drives, and when I am sharing files with other people. The biggest barrier to encryption is the fact that it isn't easy. Maybe it's time to think differently, to stop expecting everything to be easy.
We will regularly back up our files regularly, whether it's onto an external drive or using cloud services (encrypted, of course). Ransomware is very effective: after infecting the computer, the malware locks all the files. The only way to get all the photos, documents, and reports, back is to pay the ransom to the cyber-criminal. Or… if our files are properly backed up, we would be able to just wipe the hard drive and start over since our data is safe in a different location.
I Will Guard My…Identity
We will take advantage of the tools available to protect our privacy online, whether that's turning off location tracking, restricting who can see the contents of our social media profiles, or just plain thinking twice about posting something online. We will think twice about filling in every field on our social media profiles since some of the information can be used by criminals to guess our password hints (dog's name, place of birth, etc). I will also think twice about those silly memes where I enter my mother's maiden name or other facts that can be used to reset my passwords or unlock my accounts.
With every malware outbreak, data breach, and network incident, we shake our heads over security missteps, mistakes that in hindsight feel rather obvious, and user error. Instead of complaining about the same problems six months from now, let's make some changes in our personal security habits to avoid malware and phishing attacks. If we take some steps now, we may not be panicking during the next data breach (and we know there will be more).
Here is to a safe and secure year ahead!