Most of the problems that we really want to solve in the security field can’t be solved by computers alone.” *

sp_tips-June-16

This simple, straightforward message speaks volumes to the approach that most folks take when it comes to their security online: they expect their smart and not-so-smart devices to do security for them. It may be a strange way of saying it, but too many of us don’t realize that security – in the physical world as well as online – is a participation game. Our personal participation is required, even if only at a basic level.

Our devices and the apps and software we use are just tools. We are each responsible for using these tools in an appropriate manner. And just as importantly, we are responsible for our own behavior: what we click on, our approach to passwords, etc.

The good news is that we don’t have to be computer geeks to enjoy security online, because much of being safe on the internet is based on our not acting in a reckless or irresponsible manner. Just like in the physical world, not being clueless goes a long way to keeping us safe.

Here are 4 little things that you can do to be more secure online:

1 Keep everything up-to-date

When asked about their online safety practices, security experts indicate that installing software updates tops their own lists. Experts know that a key attack entry for hackers is holes in software before and even after they get patched. Bad guys attack even patched holes because they know that too many people don’t keep their software up-to-date. That’s huge! Keeping your software up-to-date is an easy way to stay a step ahead of hackers.

This is one behavior that is simple to adopt as your own and requires no special technical knowledge.

2 Be aware!

Awareness of threats is highly underrated. Awareness allows us to choose the right defense to protect ourselves. And, just like potholes, knowing what threats are out there allows us to avoid them. We may not always be successful in steering clear of them, but knowing they are out there gives us a chance. If you’ve never heard of phishing, how would you know to be suspicious of links in emails aggressively imploring you (or else we’ll shut your account!) to confirm your login info and other personal info?

What about corporate hacks that have already happened? It’s not like we can individually protect Ashley Madison or LinkedIn from being attacked, but knowing that a vendor we use was hacked will allow us to take action that can get us out of the ‘danger zone’. What do you think the first thing Mark Zuckerberg’s security team did when his Twitter and Pinterest accounts were hacked when his password was revealed in the LinkedIn hack? They changed his passwords for those accounts! (And then they reprimanded him and told him to stop being silly!)

Have you changed your LinkedIn account?

Awareness events like those sponsored by the National Cyber Security Alliance, and their StopThinkConnect campaign, are great ways to keep in the know about what’s going on now. We’re proud to participate in the #ChatSTC series of monthly Twitter chats.

3 Passwords, passwords, passwords

You have lots of them. Way too many of them to remember them all. When asked about their own practices, security experts indicated that they use a password manager to handle all of their unique, strong passwords. The fact of the matter is that passwords aren’t meant to be remembered; one or a couple of strong passwords can be remembered, but you’d almost need to be a savant to remember all of your strong, unique passwords and match them up for each of your accounts.

A password manager is the right tool for long and strong passwords – and matching them up to all of your accounts. With most password managers, you’ll have your own encrypted database that is protected with the one strong password you can remember: your master password.

If you aren’t using a password manager, start today! We recommend Sticky Password to create and protect your passwords on all your devices.

And don’t forget two-factor authentication! Activate 2FA on all accounts that offer it. It’s that extra bit of security that works!

4 Privacy and security go hand-in-hand

In a world where the default setting for most folks seems to be full frontal exposure on social media, it’s very hard to be private. It’s even harder when your friends say you’re paranoid for even thinking about security. Being the responsible person in a rubber room full of exhibitionists isn’t easy!

Security requires privacy! Your private passwords protect your accounts. Keeping the details of your personal life helps keep you safe against identity theft.

It’s really surprising when you consider people who excuse their own poor habits by thinking that no hackers or bad guys would be interested in them. It’s what we like to call ‘little ol’ me’ syndrome: “I’m so far below the radar of bad guys in terms of having something interesting to steal that I don’t have to worry about being attacked.” I have nothing to steal, so I have nothing to hide.

That couldn’t be further from the truth. Any data about you has value to the bad guys. Your social security number (personal ID) can be misused for identity theft. Your driver’s license or bank account number can be misused as proof that it’s really you. Your login and password to your email account would allow a bad guy to change the passwords on just about all of your accounts. When looked at that way, we all have something to hide – and rightfully so.

How to protect your own privacy:

  • don’t use public WiFi’s for your personal business. Public is public and you never know who is ‘listening in’ to the traffic that is going on. By simply logging into your email account while on a café’s public WiFi, you could be revealing yourself to a hacker. Make sure you use a VPN or stay on your cell phone provider’s data network.
  • check and monitor the privacy settings on your social media sites. These tend to change from time to time, so make sure you check them to ensure that only those people you want to see something get to see it. Also, if you share devices with others, you might consider using anonymous browsing and clearing the cache of the browser after using it.
  • in general, online is forever and, unlike the slogan for Las Vegas, what happens online has a way of spreading like wildfire. If you use that as a rule of thumb, you’ll have less of a risk of oversharing than if you think that you are in control of that insensitive tweet or post. Once it’s out there, you are no longer in control.
  • turn off location services and GPS on your devices. Location services on cameras and smartphones reveal much more than the information on the picture. They can show precisely where you are – and that’s not necessarily a good thing when you’re away from your home, or someplace you shouldn’t be (e.g. in a bad part of town, or if you’re playing hooky from work).

Knowledge is power, and June is National Internet Safety Month. Spread the word to your family and friends about the role they each play in their own security.

 

*Researcher Pablo Breuer talking with CSO’s Steve Ragan at CircleCityCon. The short discussion is focused on businesses making the right choices for their security products. There are no 100% secure solutions, everything comes down to choosing the right application for the business and the people who work with the application. The same applies to us at the consumer level. That great application you just installed can only be great if you use it the right way and don’t go out of your way to subject it to dangerous circumstances by your behavior.