This is a guest post by Greg Buckskin. If you wish to write one kindly check out the guidelines to write a guest post.
There’s no denying it, 2011 was the biggest year for security breaches. If you haven’t taken steps to secure your personal and professional data, consider Data Privacy Day (Jan 28th) as a belated New Year’s resolution. Even if you think of yourself as completely secure already, chances are that you’ll find yourself lacking on at least one or two of the following 10 ways to safeguard your information.
- Password Protection. Everything that you use has a password, right? And it’s been changed in the past 3-4 months? Your PC, your smartphone, your router, your accounts, your screensaver? You say yes, but you’re secretly saying “well, except for x which doesn’t need one”. No, x needs one too. If it exists, someone is going to pick up/ sit down at/ try to hack into it. And even if it does have a password, now’s the time to change it, because six months/ one year/ five years is too long.
- Password Optimization. So you know enough to change your default passwords. You know that {password” or “123456” isn’t going to cut it. But you may not be out of the water if you’re using an actual word or phrase for your password — try a random collection of upper-case letter, lower-case letters, numbers, and special characters.Several online tools such as strongpasswordgenerator.com will do the hard work for you.
- Password Differentiation. I hope you had fun generating your random password, because you’re going to want to do it again for each and every device and account that you have. There’s no excuse for using the same password to log into your bank account as you use to log into Facebook. If anybody gets the one, they’ll automatically have all of them — it’s called damage control.
- Insecurity Question. Of course, those backup security questions will be there to give you a little help if that randomly-generated password eludes you. They’ll also help someone else steal it from you. So how about making it harder for them, by choosing a question and answer that nobody in their right mind would choose? Microsoft Researcher Danah Boyd offers some tips to get you started.
- Email Bombs. Many of the worst data breaches of the past year started with a simple phishing strategy. You’ve heard this all before, but many of you didn’t listen, so here we go again: don’t open attachments from strangers, don’t click links in emails from strangers. And because contact lists are the first things to get exploited, “strangers” means pretty much anybody, unless you’ve got a very good reason to expect and trust attachments and links from them. Don’t forward emails to and from your different accounts (especially between Gmail/ Hotmail/ Yahoo Mail and enterprise email servers). Crank up the spam/ junk mail controls and encrypt as much as possible.
- The Uncarved Block. You’re leaving your data in more places than ever these days, please try to wipe before you flush. Whether it’s that amusing Lego zip drive that you let your friend borrow, or last year’s iPhone that you trade in to your mobile provider, take the time to erase, overwrite, or otherwise remove any trace of your previous ownership — it can come back to haunt you. Re-format anything that has a drive before you let go of it.
- The Soft Touch. Personally, I hate security software. Anti-virus applications tend to hog resources, launch on startup, run in the background, update themselves automatically, and generally do all of the things that I specifically try to prevent my applications from doing. But since they also protect me from becoming infested with malware, I learn to live with it. Without playing favorites, allow me to direct you to a good round-up of the best anti-malware tools.
- Keep the Home Fires Burning. Speaking of smart things that I hate to install and keep running, a good firewall is one of your best friends. Undoubtedly you have one — in your router, server, and/ or operating system. Have you closed all open ports? Have you thought to check the firewall’s logs? The firewall can tell you if you’re getting poked and prodded by would-be intruders, giving you notice to tighten your security measures even more.
- Remote Control. Your operating system, router, and even your smartphone may actually have some sort of remote access turned on by default. You may not know this fact, but I’ll guarantee that would-be infiltrators do. Make it your business to hunt down every possible remote administration setting and process, and turn them off — otherwise, you’re potentially at the mercy of anyone with an Internet connection.
- Managing Risk. Are you running a company, or in charge of the company network? You not only have to close your own holes, but also keep company workers from creating new ones. Establish best practices, develop an Acceptable Use Policy, and ensure that everyone is fully trained. Deactivate accounts as soon as employees become ex-employees, and optimize access credentials to ride that fine line between security and creating more work for yourself — such as constantly responding to user confusion and complaints.
No comments:
Post a Comment