Ever known a mechanic who drives a car that’s in dire need of a service, or a builder who hasn’t finished his own house? It’s one of those ironies that some of us spend our lives doing something for others that we don’t do for ourselves. For IT professionals and other professionals who may not think about their everyday cyber security, this could put your personal data at great risk.
Sometimes this can be very publicly exposed as in the case of Wired magazine journalist, Mat Honan, whose computer and other devices were disastrously hacked. In the attack, Mat’s Google account was taken over and deleted, his Twitter account was compromised and used as a platform for racist and homophobic messages and his Apple ID account was breached and the data on his iPhone, iPad and MacBook was erased.
Mat admits that he should have regularly backed up his MacBook and identified his own IT security lapses: “In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened.”
So how can professionals across the U.S. protect themselves and their personal data?
Cyber Security Starts with Security Suites and Strong Passwords
The first thing cyber security professionals suggest you do is keep your devices up to date, set tight parameters and patch your operating system (OS) and other applications.
Passwords are also one of those measures that are easy to take for granted. Cryptic passwords are great but they’re hard to remember and easy for hackers to guess using their tools. Even the most security conscious of us are tempted to repeat a few passwords.
Instead of a cryptic password, use easy-to-remember nonsense phrases such as ‘Broncos!Win?Bengals?Lose!’ or ‘Roughhew%Fleeting!Hogback?Buckaroo!’
Even if random phrases are easier to remember than ‘\V9P(t<x;9*7jTEM’, it’s hard to remember a variety of different passwords. Most of us use dozens of websites, online services and applications that need password access. To stay secure, you’re really going to need a password manager of some sort.
Whether it’s the manager built into your internet security package or an internet-based service such as LastPass, it will help you keep track of your passwords. Just make sure you have a highly secure password for whatever manager you use.
Use Public Email Addresses Carefully
Also high on the list of things not to do is use public email addresses for account access and password recovery – especially for services such as Twitter, Facebook and Apple.
While several high-profile hacks have caused companies to tighten up security, it’s still too easy to gain access to a public email such as Gmail or Outlook – especially if the hacker knows personal information about you.
Instead, get your own domain name or use one of the email addresses your ISP gives you for free and use that for password recovery.
Liars are Safer Online
Speaking of which, if you provide your date of birth online – lie. If you use secret questions – lie. With so much being put up on social media today, a hacker can very easily find your street and mailing addresses, your date of birth, where you went to school, the name of your dog and your father’s middle name. If they’ve got those pieces of information they may be able to steal your identity.
These days most of us have personal clouds – Google Drive, DropBox, Apple iCloud, Microsoft OneDrive and others. All of these services provide two-step authentication but it’s not enabled by default. Take the time to set it up, it’s worth the extra five minutes.
Hard Drive Encryption a Double-edged Sword in Cyber Security
There are several ways but at its simplest, a hacker can simply remove the hard drive, put in a USB enclosure and read the files.
For most people, encrypting the entire hard drive is overkill – encrypt just one file instead – especially because it can trash your computer if you get it wrong. If you’re an IT professional, the computer hard drives at your workplace are encrypted, so go ahead.
IT Security: Surfing the Dark Side Safely
Lastly, if you need to access websites that are from unknown developers or dubious sources, protect yourself and your network by using virtualization software.
Creating a computer-within-a-computer will protect your main machine while surfing to doubtful websites or downloading software from unknown developers.
Maintaining computer security on your personal machine should be an extension of your corporate role. Follow these tips and you’ll be a lot more secure.
Don’t forget to back up regularly!