11 steps to a better relationship…with your data.
Posted on | April 19, 2014 | Comments Off on 11 steps to a better relationship…with your data.
11 steps to a better relationship…with your data.
New Years Resolutions – Keep your data Yours.
After reading some new information regarding the Target data breach in December that exposed the personal and financial information of more than one hundred and ten million people (110,000,000) we at 2bridges Technologies thought it would be wise to go over some simple things that we can all do to help protect our own private data from loss while online.
1- We know it is an inconvenience but it is important to lock every digital device that you own and use.
-
Use a Pin code. Make it longer than 4 numbers if you can.
Picture passwords are arguably better than pin codes
Actual passwords/phrases are better than either.
The jury is out on Apple’s fingerprint reader – it has been breached but it is better than nothing
2- Make sure your computer and device screens auto lock after a time limit and require a password to log back in. Don’t leave your computers unattended at work. On windows machines just get in the habit of using WindowsKey-L when ever you step away from your desk. On Macs use Ctrl-Shft-Eject (or Power if you computer doesn’t have an eject key)
3- Make sure your antivirus and anti-malware software is up to date and running. I know that even though antivirus software isn’t proactive and does not protect you from certain types of security threats, it is still one very important component of any security plan for individuals or businesses.If you don’t have any installed – find a reasonable vendor and install it. Windows 8.x comes with this built in – but there may be better choices.
Don’t skip this step just because you own a Mac. Many thousands of Macs are still infected with a two year old trojan (OS X Flashback) because people assume that their computer doesn’t require protection or do their updates.
4- Make sure you install security updates for your OS and other software.
5- Have a good router/firewall between you and the internet – always. This is one of the most important of things to implement. No kidding. When you travel have a “travel” wifi/ethernet router. Don’t plug directly into a hotel’s wifi/ethernet. These little router are very reasonably priced and smaller than a deck of cards.
6- Never use public wifi anywhere unless you have a VPN loaded on your laptop/tablet/phone. It is trivial to capture your network traffic (including your logins and passwords) without this. If you don’t want to use a commercial VPN company (because you think they are a front for the NSA) make sure your home router supports VPNs and then you can direct all of your interent traffic through that when you are away from home. VPNs encrypt all of your intransit internet traffic. Use a vetted opensource VPN like OpenVPN.
7- This really should be in first place but I’m too lazy to renumber everything. Backup you stuff. Unless you don’t care about it. Take one of the backups off your network – CryptoLocker and it’s ilk are not going away.
8- Use multifactor authentication if it doesn’t make you crazy. Many of the services you use offer this. Twitter, Facebook, Dropbox, Gmail, Apple, Evernote, Paypal, Microsoft, Amazon web services, etc.
9- Clean up your browser. Get rid of old, non functioning, out of date extensions and add-ons. Check your system to make sure that you are only using the latest version of flash and java (if you have to use them). I recommend that you reserve a browser for all of your online banking, etc. that does not have any of those extensions loaded. Have a separate browser for your ‘web surfing’.
10- Audit your passwords – 2bridges does not recommend storing your passwords in your browsers – We highly recommend a service such as LastPass that encrypts your passwords and stores them only on your computer.
LastPass has been well vetted and recommended by a number of security experts. The LastPass software uses what is called ‘TNO’ (trust no one) technology that ensures only you have access to your encrypted keys – no third parties. Once you load software like last pass it will import all of your current passwords that are stored in your browser, allowing you to remove them. Do not have it remember your password especially on portable devices.
11- If you want to join the ranks of the truly cautious (some say paranoid) use a tool like TrueCrypt to encrypt the data on all of your computers and your backups. Store the encryption key somewhere off premise or just memorize it and burn the paper copy.
If you have questions about any of these items or just want to talk with someone about a plan of action, give me a call at 2bridges Technologies. We love to talk about this kind of stuff.