If you haven’t taken steps to secure your personal and professional data, consider Data Privacy Day (Jan 28th) as a belated New Year’s resolution. Even if you think of yourself as completely secure already, chances are that you’ll find yourself lacking on at least one or two of the following 10 ways to safeguard your information.
1. Password Protection. Everything
that you use has a password, right? And it’s been changed in the past 3-4 months? Your PC, your smartphone,
your router, your accounts, your screensaver? You say yes, but you’re secretly saying “well, except for x which doesn’t need one”. No, x needs one too. If it exists, someone is going
to pick up/ sit down at/ try to hack into it. And even if it does have a password,
now’s the time to change
it, because six months/ one year/ five years is too long.
2. Password Optimization. So
you know enough to change your default passwords. You know that {password” or “123456” isn’t going to cut it. But you may not be out of the water
if you’re using an actual word
or phrase for your password — try a random collection of upper- case letter,
lower-case letters, numbers, and special characters. Several online tools such as strong password generator.com will do the hard work for you.
3. Password Differentiation.
I hope you had fun generating your random password, because you’re going to want to do it again for each and every
device and account that you have. There’s no excuse for using the same password to log into
your bank account as you use to log into Facebook. If anybody gets the one,
they’ll automatically have
all of them —
it’s called damage
control.
4. Insecurity Question. Of
course, those backup security questions will be there to give you a little help
if that randomly-generated password eludes you. They’ll also help someone else steal it from you. So how
about making it harder for them, by choosing a question and answer that nobody
in their right mind would choose? Microsoft
Researcher Danah Boyd offers
some tips to get you started.
5. Email Bombs. Many of the
worst data breaches of the past year started with a simple phishing strategy. You’ve heard this all before, but many of you didn’t listen, so here we go again: don’t open attachments from strangers, don’t click links in emails from strangers. And because
contact lists are the first things to get exploited,“strangers” means pretty much anybody, unless you’ve got a very good reason to expect and trust attachments
and links from them.
Don’t forward emails to and from your different accounts
(especially between Gmail/ Hotmail/ Yahoo Mail and enterprise email servers).
Crank up the spam/ junk mail controls and encrypt as much as possible.
6. The Uncarved Block. You’re leaving your data in more places than ever these
days, please try to wipe before you flush. Whether it’s that amusing Lego zip drive that you let your friend
borrow, or last year’s
iPhone that you trade in to your mobile provider, take the time to erase,
overwrite, or otherwise remove any trace of your previous ownership — it can come back to haunt you. Re-format anything
that has a drive before you let go of it.
7. The Soft Touch.
Personally, I hate security software. Anti-virus applications tend to hog
resources, launch on startup, run in the background, update themselves automatically,
and generally do all of the things that I specifically try to prevent my
applications from doing. But since they also protect me from becoming infested
with malware, I learn to live with it.
Without playing favorites,
allow me to direct you to a good round-up of the best anti-malware tools.
8. Keep the Home Fires
Burning.
Speaking of smart things that
I hate to install and keep running, a good firewall is one of your best friends.
Undoubtedly you have one —
in your router, server, and/ or operating system. Have you closed all open
ports? Have you thought to check the firewall’s logs? The firewall can tell you if you’re getting poked and prodded by would-be intruders,
giving you notice to tighten your security measures even more.
9. Remote Control. Your
operating system, router, and even your smartphone may actually have some sort
of remote access turned on by default. You may not know this fact, but I’ll guarantee that would-be infiltrators do. Make it your
business to hunt down every possible remote administration setting and process,
and turn them off —
otherwise, you’re
potentially at the mercy of anyone with an Internet connection.
10. Managing Risk. Are you
running a company, or in charge of the company network? You not only have to close
your own holes, but also keep company workers from creating new ones. Establish
best practices, develop an Acceptable Use Policy, and ensure that everyone is fully
trained. Deactivate accounts as soon as employees become ex- employees, and
optimize access credentials to ride that fine line between security and
creating more work for yourself — such as constantly responding to user
confusion and complaints.
No comments:
Post a Comment