Cyber Hygiene Begins at Home
“Through third party neglect, passwords are exposed all the time, which is why using different passwords for different sites is recommended.”
As cyberattacks increase, we corporate restructuring folk need to protect ourselves and our clients. The great majority of successful cyberattacks derive not from technological superiority but from exploiting human error. No expert in this area, I have been poring over the recommendations available and offer you what I have culled as the first line of defense: our own behavior.
Establish a Deliberate Password Strategy
Breaching cyber defenses by getting hold of and using other people's passwords is the most common path to havoc. Implementing a password integrity strategy is thus the first step. A password strategy consists not just of how you create them and how many you use, but how you store and share them, and how often you change them.
In addition to keeping passwords secret, you need to avoid creating a single point of failure, which can happen if you use the same password for many websites, or store your passwords in a spreadsheet on your hard drive.
Many sites insist on alphanumeric passwords that include symbols because they are harder for attackers with their relentless algorithms to discover. Password length, which increases the number of permutations hackers' machines have to test, also helps. Be patient, therefore, with the need for complex passwords.
Password managers are powerful, easy to use, and not expensive. One master password unlocks your entire collection, which makes them convenient. They do, however, risk creation of that single point of failure mentioned above, which is why keeping your critical passwords separately and changing them often is suggested.
Through third party neglect, passwords are exposed all the time, which is why using different passwords for different sites is recommended. Two-step authentication provides another layer of defense by providing what is essentially a second, temporary password.
Most banks use this approach in protecting online bank accounts at sign in. Many social media and other heavily used sites offer their users the opportunity to set up the two level systems themselves. You can set up two-step authentication with Google or LinkedIn for example. This way, even if someone succeeds in getting hold of your password, they would also need access to your phone — an unlikely scenario.
Protect Your Mobile Devices (and Your Companies) from Intrusions
Improve the security of your mobile devices by keeping their Wi-Fi and Bluetooth capabilities turned off, except when you have a specific need to use them. Leaving these features “on” all the time makes it easy for hackers to penetrate your defenses by slipping into your phone, accessing networks your device has connected to before, including your clients' corporate networks, and creating untold mischief. They can bombard your device with malware, steal data or spy on you, and gain access to a great deal of sensitive information, often without your being aware of any intrusion.
Finally, carefully consider your needs before adding new Internet-connected devices. As Cisco CEO Chambers observed recently, one reason we will see increasing breaches of cyber defenses is simply the rapidly escalating number of Internet enabled devices.
Doing these simple things may not only protect you and your clients from disaster but will also make you mindful of the issues all companies need to address.