Tips for a More Secure You on the Web in 2015
Unless you have been on a remote island you know that cybersecurity, or lack thereof, was a hot topic in 2014. Information security problems started the year strong with the breach at Target and ended with the industry rocking hacking of Sony Studios, with many other breaches and hacks in between. For years security professionals have been crying out of a more secure world, with many of those warnings go unheeded. Now with intense media coverage of these secure breaches many security professionals are saying “it’s about time”.
The problem I fear is that over exposure in the media to security breaches may lull us into a belief that there is nothing we, as consumers, can do to protect ourselves. That is not the case. Many question why we focus on educating the consumer when our organization works directly with government and businesses. What we have found is that speaking directly to the consumers clearly influence corporate behavior. Below are some tips for a more secure you in 2015.
You may have noticed passwords are here to stay. Years ago internet sites were secured with a user account id and a four digit personal identification number (PIN), now more complex password are required. Complex passwords usually have a combination of minimum length, upper and lower case characters, numbers, and special characters. In the future that may not be enough. New hacker tools can crack short eight character password in seconds. We have long since called for the use of passphrases (see the January 2009 article “Passwords – Can not live without them!”) to help you remember and utilize passwords.
Now Password Management tools are in vogue. Password management tools allow the user to create and keep very complex password for all their access need in a centralized place, usually in the cloud.
New Year Resolution - Change Passwords
The New Year brings it’s customary to resolutions. Since many sites still do not force a periodic change of password, I know – shocking, it is time to develop a new resolution. This one you can keep. In the first few weeks of January resolve to change your passwords, specifically to the sites that do not force a change.
Don’t Remember Me
As a security professional I feel one of the tools that has weakened security the most is the “Remember Me” in the operating systems and browsers. In my opinion, this option has single handedly reduced our security by suggesting that remembering one’s security is too much of a hassle. Even as a security professional I would agree there is a lot to remember, however this feature reversed any positive security movements.
Now if a device is stolen the perpetrator can now access numerous dissimilar systems from the owner. Unlike a corporate systems with the capability of single sign on and professionals to quickly and effectively reset user security the end consumers are left to their own solutions. Avoid the “Remember Me” feature.
Slow Down - Read the Fine Print
In this rush, rush society we don’t stop to smell the roses, nor do we stop to read end user license agreements (EULAs) or dialog boxes. Many times our rush to install an application or get to a service makes us accept settings that are not to our benefit. You may see browser with several add-ons. Often these come with the default setting of other tools to install. Additionally, we fail to investigate if the developer or application provider is credible. In our haste we grab the first link or application in the store. The criminals understate this behavior and exploit it to their advantage.
Slow down, read the agreements and dialog boxes. Take time to ensure you know who you are dealing with.
Wise Up and Don’t Get Greedy
It is shocking to me and I’m sure other security professionals how many individuals fall prey to email and web scams and phishing. Admittedly some scams are very deceptive and do a great job of tricking the viewer, but others exploit our desire to get that “special deal” or worst “something for nothing”. As security professionals we say this over and over “there is no free lunch”. Don’t be greedy. Unless you are a professional in a specific industries you will not have an inside track.
Many individuals, and corporations alike, do set up opportunities to set up cybersecurity tools. For consumers some tools come with the operating system others with their internet service provider, and yet others will purchase tools from a computer or office supply or computer store. The problem is once installed, the consumer rarely monitors the activities, read the logs, or maintain the currency of the application. That is like getting the best lock, but never using it.
Monitor the health of your security tools by ensuring the tool’s version is up to date. Periodically review the logs and reports from the security tool. Pay attention to media reports of fast moving virus attacks.
Limit Your Exposure
Limiting your exposure to the internet and the risk of a cybersecurity attack is not easy in this connected society. Connection seems like it should be added to Maslow’s Hierarchy of needs. With so many applications that are not only internet aware, but internet dependent, it is truly hard to unplug. Taking time to maintenance a system ensures the long term health of that system. Taking your system down periodically can be helpful to your overall security health, just ensure you also schedule those updates. Unplug.
Default No More
All too often end consumers open themselves to unnecessary risk because they failed to change the default settings of the equipment and applications they acquire. The hacker community knows all the default settings and these defaults settings are usually the first thing hackers try to exploit. Take time to change your default settings.
This term may be unfamiliar to the end consumer, but in lay terms it is the strategy or practice that help guide your choices. It is your habits. Governance help you quickly identify what actions are out of bounds. Develop a good governance model. Use the tips above to develop you model.
Twenty-fifteen will experience ever more outrageous breaches. Develop good habits today and stay vigilant.
Clifford M. Clarke, CISM,CRISC, CEGIT