Five Cybersecurity Must-dos
I write this for my family and friends out of concern for their digital security…
The level of cybersecurity threats (hacks, phish, worms, and more) to business, academia, government is beyond belief. The Sony Hack has taken these threats to an entirely new and unacceptable level. Your personal systems are targets too! Imagine if we had people checking the doors of our homes and offices - and if not locked - walking right in and doing whatever they please. We would demand that our local, state and federal protection agencies start doing their job! We’d buy locks and be prudent about keeping the place secure. We’d be able to handle the times when strangers did get in.
Today, in cyberspace, we have this very situation. Bad guys are running all over our online properties and doing, for the most part, whatever they want. For reasons too complicated for this piece to cover, local, state and federal organizations have failed to protect our personal and professional digital identities and assets. It does not look like they will be able to marshall a successful, concerted and cooperative digital protective service in the near future.
That leaves things in our hands. While not overly complex or time consuming, they do require commitment. These are repetitive processes, not one-time projects. You need to commit to managing your digital security with the same concern as for your physical security. Read that last sentence over. This is a new activity to weave into your life. You know the feeling you get when you just left for a trip and can’t remember if you locked the door? You should get that same feeling when you forget to attend to your digital assets.
I have almost 15 years of music, family photos and videos and personal and business documents online. Anyone born after 2000 will have aspects of their entire lives digitally recorded. And not just assets they create, but links to all their friends, their family and so on. The probability of something bad happening in 20, 40, 60 years is near certainty. The good news is that you can chose to be prepared. Here’s how.
1. Backup your stuff #
Let’s start with the hardest but most important one. Can you imagine having 50 years of family photos and videos destroyed in a fire? What about your entire music collection? A cyber attack or virus can be just as devastating to your digital assets. However, unlike physical assets, digital ones can be copied. If we’re clever about how many copies we have and where they are kept, we can ensure those assets can survive physical as well as cyber threats. Having a solid backup of your critical files is the only sure way to recover from a nasty computer virus. There are two basic options and they can be used together if you’re the belt and suspenders type.
Online, Cloud-based #
Cloud backup services have matured significantly in the last few years. They are capable, easy and pretty cost effective. I use Carbonite for my work laptop and have been happy with the quality, usability and reliability. It just works. I’m not going to do a cloud backup service review here, so I suggest you search online and pick one that fits your budget based on how much data you have to backup.
An advantage of this approach is that there are no wires and your data is stored off premise - you can get your data back even if the original was physically destroyed. Some services also perform incremental backups, so you can go back to a given revision. This is a great option for backing up a laptop because it works any time you are connected to the internet, regardless of location.
A disadvantage is that it is impractical to backup your entire system - it would just take too long. Instead, you backup the specific files you care about like documents, music, photos and videos. That means a complete system restore is a two-step process: First you have to install a fresh, basic system (or buy a new machine) and then restore your backed up files. Also, you’ll need a broadband internet connection which is generally available for under $75 a month in most areas.
Direct connect to external drive #
The other approach is to connect an external hard drive, like a Western Digital 2 Terabyte drive for less than $100. Then, you’ll use some backup software, like Apple’s Time Machine or Windows Backup to make a copy of your system’s entire hard drive.
Time Machine stores incremental backups, so you can go back to a given version of a file. You can also restore an exact replica of your system onto a brand new machine. This makes it awesome simple to get productive on a new machine in a jiffy.
The bad news is that the external drive is right next to the system you’re backing up. To provide physical redundancy you’ll need a 2nd external drive. Periodically, you’ll exchange the drives, keeping one of them in your car, at the office or at a friend or family member’s place. I use that method for my home system and it’s pretty easy although you do need to be diligent about making the swap regularly. Base the frequency on how many files you’ve added or changed, but once a quarter is a good maximum.
2. Use a great password scheme #
Using a password scheme addresses the tension between not using the same password everywhere and having to remember a unique password for every service. This, coupled with two-factor authentication, described below, will make your service logins as secure as possible while not being overly complicated. Chosing a good scheme is a two step process.
FIRST. Pick a scheme that satisfies the most stringent password requirements of all the services you use. A safe bet is to include letters and at least one number, symbol and uppercase letter. Passwords usually need to be more than 6 characters long.
SECOND. Pick a pattern that is simple to remember, easy to change over time and unique for each site. That almost sounds impossible, but here are a few patterns and schemes you can use right now, or they might give you an idea for your own.
Pattern: symbol-letters-symbol-numbers-symbol-unique
- Use a mnemonic to remember the three symbols: the pound is worth more than the dollar represents #>$ (or the reverse $<#). A rhyme like hat at less than that represents ^@< A shape analogy like cup represents (_).
- For the letters, pick something short that you can cycle through, like days, months, family initials. You can chose to capitalize the first or last letter.
- For the numbers, pick a number that you know but isn’t easy for someone else to find out, like the year of your first kiss, favorite number, your ideal weight, or month your baby walked.
- For a character unique to each site, we could use the first letter of the name (D for Delta), or last letter in the domain name (a for delta.com).
We can then put the pattern in words, like “mom’s cup in 53” - that’s what makes it so easy to remember, yet incredibly strong and unique.
- The password using this scheme for Delta is (mom_53)D
- The password using the scheme “take five and pound carrots” for United would be &take#5^
Pattern: letters-numbers-symbol-unique
This is another pattern you can create easy-to-remember schemes for. You can see the ways a single group of letters, a number and a symbol or two can be combined and remembered along with a unique aspect for each site.
- If we used the scheme Dad’s first 100 dollar bill our Delta password would be Dads100$D.
- The scheme 57 Chevy! would recall the password for United as Chevy57!U
Changing your password
I suggest you change your passwords (all of them) just once – right now. It’s a total pain to do. But, if you use a good scheme and two factor authentication, you can stick with your new password as long as possible. If you do need to change a password, I suggest having no more than two schemes going at any time. If one does’t work, use the other one.
3. Use two-factor authentication #
Two factor means something you know and something you have. It is incredibly difficult for anyone else to get both at the same time in order to log into a dual factor authenticated service. What you know is the great password you created above. What you have is a phone that can receive a text message with a one-time numeric code.
Almost all popular email and social media sites offer two factor authentication and you should set it up on every service you use. While you have to set it up individually for every service like Apple, Facebook, Google, Yahoo, and others you only have to do it once. Even better, you only have to enter the code once for each new device you use to access the service. When you reset or change browsers, even on the same device, you’ll have to reenter a code, but it’s easy and fast.
4. Never open email attachments you aren’t expecting #
Email attachments and web links present the greatest risk of infecting your computer. For now, mobile devices aren’t as susceptible and I’d almost go so far as to suggest you only read email on a smart phone or tablet! But that’s not always practical, so when reading email on a laptop or desktop, never open attachments that you are not 100% certain of the contents. Even if you get an email from a friend or co-worker that you are not expecting, ask them about it. It’s very easy for anyone to spoof email addresses so you should be suspicious of all emails you are not expecting.
The bad guys are getting very good at crafting emails that sound just like something you might legitimately receive. But be wary of emails asking you to update an account or change a password. Make sure you are aware of some event that might have triggered that request (maybe you cancelled a credit card and now your service provider can’t process a payment). I know of attacks that have mimicked a company’s HR emails and took folks to a web site that looked just like their company’s HR portal! The only subtle flag is that the HR department didn’t normally make requests like that and there was no associated triggering event.
5. Keep your stuff current #
It’s not a matter of if, but when bugs in software and the web are found by the bad guys. It’s really easy and really important to keep all of your systems and applications up to date. Turn on automatic updates and when prompted to complete an update or restart your system, do it, right then and there.
Develop a (good) habit #
Ensuring your digital security is a process, not an event. Just like you lock your door before bed every night, you’ll want to develop habits for your digital security too. Don’t just take time to do this now, but commit to a regular schedule of ‘check ups’. Here’s an suggested schedule.
| Weekly | Ensure system and application updates are happening. |
| Monthly | Check online backups are working. Try a restore. Swap backup drives if you’ve added or changed a lot of files. |
| Quarterly | Swap backup drives. |
Finally #
I’ve suggested five impactful, important yet straight forward practices you should adopt to protect your digital assets. You don’t have to do them all at once. You can be careful with attachments rights now. You can also turn on auto update right now. The next time you’re on a given site, set up two-factor authentication. Start changing your passwords as you use your various services. Think about what backup approach you’d like to use and research some options. Then pick one and go for it. You will sleep better knowing you have a good backup, just like knowing your doors are locked.