Tips to secure your personal and professional information
My email address has been found on the dark web. I don’t know what it was doing there, I never thought of my email as the type to go to seedy places, and worse of all, it gave up our password. unfortunately, I used one 8-character password for, well everything.
My email had “been around”. It was misused by the Russian Mafia, posted on public boards, sold, and traded countless times. It wasn’t my email’s fault or mine, reputable companies led my email astray, such as Adobe, Equifax, and Zynga (OK maybe I should have expected that last one).
- Do I think less of these companies? – Very much so!
- Have I stopped using them? – Ahh, well.
I spent years learning Adobe’s products as part of my profession, so this would be a tough switch to make.
I wish I could stop being a “customer” of Equifax, but I don’t think I have a choice (ahem mafia) and yes, I uninstalled Words with Friends.
Find out if your e-mail has been around
Would you like to check your own email’s whereabouts? You can do so through this poorly named website (yes, it’s an advertising tool for password protection, but it’s still legitimate).
Go Ahead if you want to, l’ll wait.
Where did you breach?
If you were, that is not a good feeling, is it? It is definitely not a feeling you want to share with your customers.
The Biggest Security Risk: PEBCAK (problem exists between chair and keyboard)
Out of the 300 biggest data breaches since 2004 how many were caused by human error?
42
65
96
159
Over half (159) were caused by human error, from a data stick lost by a Heathrow employee to Captial one putting customer files in an unsecured S3 bucket on Amazon’s servers. (As someone who uses Amazon’s servers, I can tell you they ask you multiple times to secure anything you put up there, so this is just laziness!)
What can we do to mitigate this risk? Here are some simple suggestions that work.
1. Use 10 Plus Character Randomised Passwords
Randomized passwords using upper, lower case, and special characters are exponentially harder to crack.
For example:
Nimbus! 9 (the password my email so shamefully gave up) can be cracked with a modern desktop computer in about 2 ½ hrs.
A password like BK809e)67w%iS/h would take the same system and would take longer than the universe existed to crack using the same method, and about 2 years on a supercomputer or botnet.
How do you remember these long complex passwords?
You don’t. Use a password manager to both generate a random password and authenticate your logins. There are many affordable services out there (28 dollars per user) that offer an enterprise solution. I use LastPass, but before choosing one for your business security to compare each against your needs and budget.
Taking it one step further
For larger enterprises, you may want to look into a single-sign-on solution. A single-sign-on, or SSO, allows professionals the use one single login and password (or other means of authentication, such as a smart card) across an organization to access many different systems.
Information Security experts Know B4 offer a great selection of free and paid security tests and training.
People are the first and best line of defense
Train, encourage, and reward your employees for helping to keep the company’s data safe and do the same for yourself and your own personal information.
Bake information security into your personal and business processes. For example, consider using payment services like Paypal or Google Wallet to make online purchases, this limits potential points of failure (the more places your information exists, the greater the chances of a breach).
