Search

3 Simple Steps to Make Your Data Exponentially More Secure

Tips to protect your personal and professional information.


My email address has been found on the dark web. I don’t know what it was doing there, I never thought of my email as the type to go to seedy places, and worse of all, it gave up our password. Unfortunately, I used one 8 character password for, well everything.


My email had “been around”. It was misused by the Russian Mafia, posted on public boards, sold, and traded countless times. It wasn’t really my email’s fault or mine, reputable companies led my email astray, such as Adobe, Equifax, and Zynga (OK maybe I should have expected that last one).


· Do I think less of these companies? –Very much so!

· Have I stopped using them? –Ahh, well.


I spent years learning Adobe’s products as part of my profession, so this would be a tough switch to make.


I wish I could stop being a “customer” of Equifax, but I don’t think I have a choice (ahem mafia) and yes, I uninstalled Words with Friends.


Find out if your e-mail has been around


Would you like to check your own email’s whereabouts? You can do so through this poorly named website (yes, it’s an advertising tool for password protection, but it’s still legitimate).

https://haveibeenpwned.com/

Go ahead if you want to, I’ll wait.



Were you breached?


If you were, that is not a good feeling, is it? It is definitely not a feeling you want to share with your customers.


If you were, that is not a good feeling, is it? It is definitely not a feeling you want to share with your customers.


The Biggest Security Ris: PEBCAK (Problem exists between the keyboard and the chair)


Out of the 300 biggest data breaches since 2004 how many were caused by human error?

42

65

96

159



Over half (159) were caused by human error, from a data stick lost by a Heathrow employee to CapitalOne putting customer files in an unsecured S3 bucket on Amazon’s servers. (As someone who uses Amazon’s servers, I can tell you they ask you multiple times to secure anything you put up there, so this is just laziness!)


What can we do to mitigate this risk? Here are some simple suggestions that work.


1. Use 10 Plus Character Randomised Passwords

Randomized passwords using upper, lower case, and special characters are exponentially harder to crack.


For example:


Nimbus!9 ( the password my email so shamefully gave up) can be cracked with a modern desktop computer in about 2 ½ hrs.


A password like BK809e)67w%iS/h would take the same system would take longer than the universe existed to crack using the same method, and about 2 years on a supercomputer or botnet.


How do you remember these long complex passwords?


You don’t. Use a password manager to both generate a random password and authenticate your logins. There are many affordable services out there (2-8 dollars per user) that offer an enterprise solution. I personally use LastPass, but before choosing one for your business compare each against your needs and budget.


Taking it one step further


For larger enterprises, you may want to look into a single-sign-on solution. A single-sign-on, or SSO, allows professionals to use one single login and password (or other means of authentication, such as a smart card) across an organization to access many different systems.


Use Two Factor Verification for Personal Accounts

Two-step verification, also known as two-factor authentication (2FA) or multi-factor authentication (MFA), add an additional layer of security to your Litmus account by requiring two forms of authentication (password and SMS verification) during sign-in.


2. Kill Zombie Accounts


Remember Aneesha Patton that worked here five years ago? I do, because every time I type <ane..> her name fills my “to:” line.


Did anyone bother to remove her access? She was a good egg, I have no fear of Aneesha hacking into the company, but what can happen is these accounts that lay around unused can be brought back from the dead by hackers.


This is also true for your personal life… how many accounts have you signed up for and have forgotten about? Do you have a Flickr account or a Live Journal account for writing bad poetry in high school?


Zombie account lay around, and if they are a few years old, they may have very weak passwords, and maybe the key to lots of personal information.

To personally check for your own Zombie accounts, start with Facebook and Google since many sites and services allow you to authenticate through them. That’s the easy part, the hard part is remembering all the services you’ve signed up for. Here is a fairly comprehensive list of accounts with links to their “delete me” function.


Unfortunately, you have to do this manually, there are services that will do this for you, by searching through your email, but I would not recommend giving third party access to your email contents.


Give Access on a Business Need to Know Basis


Only give employees access to data that they need to perform their job functions. Keep a master log of all the systems each person has access to and their permission level.

Audit this list periodically, and when someone leaves ensure they are removed from all systems they have access to. When choosing a Password Manager or SSO solution, check if their service includes this feature.


3. Train your employees


Make protecting data easy at your organization. Many data breaches happened because password and security hurdles are confusing and hard to implement. For example, forcing employees to update their passwords monthly can actually make a system less secure, because people will likely use patterns (like their last name and the number of the month 🙋‍♂️), which are easy to guess.


Provide simple instructions for spotting and reporting suspicious emails or attempts at phishing or social engineering, like the brief video below.



Information Security experts KnowB4 offer a great selection of free and paid security tests and training.


People are the first and best line of defense


Train, encourage, and reward your employees for helping to keep the company’s data safe and do the same for yourself and your own personal information.

Bake information security into your personal and business processes. For example, consider using payment services like Paypal or Google Wallet to make online purchases, this limits potential points of failure (the more places your information exists, the greater the chances of a breach).

3 views0 comments