Security Resolutions for 2017

It is traditional for many to create a set of New Years resolutions to usher in a new year. Often it is lossing XX lbs, going to the gym every day, cleaning out that old shed or paying off debts. I am not saying there is anything wrong with those resolutions however maybe you should consider adding one additional one to your list… “Become more Security Minded”. This blog post will hopefully offer you some simple tips to stay secure online, I will follow this up with a more detailed post later in the year but for now these are just baby steps.

Change your Passwords

If you are still using the same password you have used since 2003, now is a great time to change it. Ideally you should use a complicated password that is unique to every website you are on however if this is not an option that you are willing to explore, at least change your password to something fresh. Hopefully you are using some sort of a password manager but in the event that you are not, now is a great time to try it.

Close old Accounts

If you have active accounts with services you no longer use, now is a great option to close those accounts. As many were aware, Yahoo suffered a major attack that saw the details of close to 1 BILLION users leaked last year – many of these users have not used Yahoo for email in years yet their details were leaked. If users closed their Yahoo accounts instead of just abandoning them, it is possible that their details would not have been leaked for the world to see.

Password Protect your Mobile Devices

You should always have a screen lock on your mobile phones and tablets to keep unauthorized users out of your phone. Ideally you should use a 6 digit pin to unlock your phone. You should also encrypt your mobile phone if not done at the factory (most Android and iOS phones sold in the past 2 years normally come encrypted). If you are an Android user who has a MicroSD card, make sure it is also encrypted if possible. This protects against theft and unwanted searches. You should also have a way to remotely trigger a factory reset in the event that your phone is stolen.

2 Factor Authentication

If websites offer the option of using 2 Factor Authentication, you should consider turning it on. Turning on 2 Factor Authentication will add an extra step to the login process that will foil most attackers – even if they manage to obtain your password. 2 Factor Authentication normally involves you having to enter a code sent to you via e-Mail, SMS, Hardware Token, Software Token or having to insert a dedicated security device. While many methods of 2 Factor Authentication have faults (SMS and E-Mail), they are still better then going without.

Be Vocal!!!

It is absurd that there are still a massive number of websites that do not support SSL/TLS for logins (https:// vs http:// ). I find it insane that several websites impose stupid restrictions on password length and complexity – if I want to use !,<, $, %, [,],},or ÷, I should be praised, not given a message that “Your password contains illegal characters”. I find it insulting that many “High Security” services such as banks do not offer 2 Factor Authentication. I find it a joke that some websites still store passwords in plain text and will simply provide you with your original password when you tap the “Lost Password” button.

When you see these things, take to Social Media and call these websites out.  Sometimes Peer Pressure can be a powerful tool to get some of these websites to get their developers motivated to fix the problems.  The saying “If you see something, say something” applies to websites as well as to Airports.

Note : The Be Vocal part does not apply to one thing – finding a security vulnerability or exploit. These should privately disclosed to the website operator and only be disclosed after giving the operator time to resolve the issue. The only exception is when a operator refuses to fix the issue or is unresponsive.

 

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply

Your email address will not be published. Required fields are marked *