iStock photography / ed bock
Cyber Security: What to Do, What’s Not Necessary
Recent events like the Target breach and the Heartbleed scare have increased both awareness and wariness about the safety of communications and purchases on our computer. Here, according to information from two experts, is a look at what to worry about and how to fix those worries.
Data hacks have become an all-too-frequent part of the modern world, affecting both businesses and consumers.
Information thieves with computer skills routinely find chinks in the armor of even cutting-edge, multinational companies. In December, retail giant Target acknowledged that hackers had stolen credit and debit card information from 40 million customers over three weeks following Black Friday.
And in April, it was revealed that a security bug known as Heartbleed had been embedded in open-source encoding software used by many companies to secure web servers, potentially leaving a “back door” that could be exploited by hackers.
Companies like LifeLock offer protection, for a price, from identity theft and credit fraud, but how much value do they really give you? What can individuals do for free to protect themselves from hackers and data thieves?
The world of cyber security can be daunting to those who are unfamiliar with the inner workings of coding, websites and information technology. The good news is there are some simple things that people can do to protect themselves when it comes to using email, social media and e-commerce.
Chris Shively works as director of development for IDD, Inc., a Blacksburg-based information technology that counts as clients a variety of governments, small businesses, Fortune 500 companies and more.
Joel Yonts serves as a security scientist and advisor for Malicious Streams, a company founded to focus on digital defense, and he works as the chief information security officer for a regional Fortune 500 company.
Password Protection
Not all password-protected accounts are created equally.
Yonts recommends dividing your accounts into tiers.
Worry about these:
Email accounts, social media accounts and anything connected to finances, including bank accounts, investment portfolios and retirement accounts.
Each of these accounts should have a separate password.
Email and social media may seem like an afterthought, especially compared to finance-related passwords, but they’re also crucial. If you forget your password with a particular account, the account-holder often will send reset information to your email. If a hacker has your email password, he can often get access to a lot more.
What to do:
Use separate passwords for each account. Good passwords have a minimum of eight characters and include a mix of upper- and lower-case letters, numbers and special characters like @!#%. Change those passwords periodically; Shively recommends changing them every two to three months.
In light of the Heartbleed bug, it’s more important than ever to change passwords, especially if you haven’t done so since April. Most sites have updated their software to remove the Heartbleed bug, but if you’re unsure, you can check a site’s status with a tool at lastpass.com. Even if the site has updated its software, one should still change his or her password to ensure the account won’t be compromised.
Don’t worry about these quite as much:
Accounts that aren’t financially related and that are not connected to your identity – registering for coupons, for example – don’t require as secure a password. It doesn’t hurt, though.
How best to keep track of your different passwords?
Don’t save a list of your passwords on your computer, either via email or in a document. You might handwrite them on a sheet of paper and keep it in a safe, but even that’s not a great idea.
Shively recommends committing them to memory through practice or implementing a strategy such as combining a number and word: “If we combined 1970 with the color ‘Blue’, we could make a strong password like 1b9Lue70!.”
Another Shively idea is to determine how many accounts will allow you to reset your passwords via email. “For those accounts, simply reset their passwords when needed,” Shively says. “It takes an extra step but it allows you to remember fewer passwords and it forces you to change the passwords more frequently.”
Yonts and Shively both endorse password services as a good option. Programs like 1Password help store passwords for multiple accounts with an encrypted vault, helping users keep them straight but also secure.