The Finish Line
The Finish Line!
Oh wait, there is no finish line when it comes to our online security...
It’s obscene, but conservative estimates plot the swelling costs of cybercrime will exceed $2 trillion by 2019. Surveys conducted in 2017, reveal that 4 out of 5 security leaders said it was likely their enterprise would experience a breach that year. It’s a familiar tune—too familiar, “It's not a matter of if, but rather when” the next big data breach occurs. Are you prepared? Is your business?
Whether you are in charge of your company's security stack, or just in charge of your own household, there are steps you can take to stay safe. With the increased frequency of breaches in the last few years, it's important to evaluate how you operate when it comes to security and to optimize and adhere to those practices. Here are some more tips to consider, as we strive to embed cybersecurity into our collective consciousness.
Tips to keep your ASSets safe:
Security needs to be a concern for you, whether you’re running a small business, leading a team within a larger organization, or striving to keep your family safe. Here are four easy steps you can follow to get started:
Educate your people: Employees are the weakest link when it comes to cybersecurity. Invest in education and coaching. Make internet safety a part of your corporate identity and dialogue. Reinforce and reward the merits of good security habits. Enforce policies that promote password hygiene, acceptable use, and clarify the corporate stance on downloading content, streaming and sharing information online.
Do not press the red button… Don’t click that! Make this mantra a part of your corporate dialogue. While surfing websites or checking email, employees need to be aware of suspicious links and activity. Prepare your team for phishing attacks as you’d prepare them for a fire—send out fake phishing emails and discuss the results.
Enforce strong password policies: The 2017 Verizon Data Breach Report, listed the cause of more than 80% of confirmed breaches as due to weak, reused, or stolen passwords:
Do not tape your password to the underside of your keyboard, or write it on a post-it-note stuck to your display.
Do not use passwords that incorporate any iteration of the word “P@ssw0rd”.
Do use strong passwords and develop a system to keep them unique for single use.
Use a password manager or hire a coach to teach your entire org how to use one.
Strong passwords, a primer: The truth is passwords are merely a tiny obstacle to a determined hacker using modern equipment and tech to hack. But, that tiny obstacle is often enough of a deterrent. So, for strong or complex passwords, here are the basic minimums:
Passwords must be at least 8 characters long
Each character-set used increases the complexity of the password exponentially so be sure to include upper and lower-case letters, numbers, and #SpecialCharacters
Try using a 3-pronged approach to create a personal system that makes sense to you. This will enable you to easily remember unique and complex passwords for everything you need passwords to protect. A 3-pronged password looks like this:
This part should change every year (or whenever your organization prompts you to change it). It consists of one or two digits, corresponding to the year or the month you last changed it (18, if you changed it this year, or 04 if you changed it in April) The second part of the prefix is a special character that indicates to you what this password is used for. Be creative and try to avoid using @ for email accounts and $ for bank accounts. So a prefix for a work account that was changed in April might look like: 04$.
Here is the fun part. The meat of your password system that never changes. It stems from something memorable, like two favourite things or a quote...
Favourite things: Say, for instance, your two favourite things are playing ball and knitting then your root would be “knitball”. Of course, you would need to l33t that up so that’s complex itself. Thus, knitball becomes something like: Kn!tB@ll.
Using a quote: Say your favourite quote is, “Ask not what your country can do for you” then you would create your complex root by taking the first letter of each word: anwyccdfy and L33t that up: ANwyCcd4u or @NwyCcd4u.
[site/location]: Try to establish a 3-character system that makes sense to you and lets you know where you are… if this is a password for work then perhaps kRw (see how sneaky that is? wkr backwards). If it's for your RBC bank account, then perhaps cBr.
Using this [prefix]+[Complex Root]+[site location] system we’ve just generated 2 memorable, yet unique and complex passwords. We've embedded a mechanism that allows us to update them with ease. Despite the complexity, this system will keep our heads from exploding! Look at what we did:
Our password for a work account (changed in April): 04$Kn!tB@llkRw or 04$ANwyCcd4ukRw Our password for a royal bank account changed in 2018: 18^Kn!tB@llcBr or 18^ANwyCcd4ucBr
How cool is that? And it’s pretty easy too. Of course, it would still be better to use a complex password, such as any of these we just created, to serve as the master-password for a password-manager system. There are tons to choose from!
Alas! dear friends, there is no finish line. We must keep running. Rest assured our diligence will pay dividends!
Please do not hesitate to contact INTECH Computer Solutions Inc. should you have any questions, or require any assistance shoring up your computer’s defences.
Please comment below, join our mailing list and feel free to share this little gem of wit and wisdom.