Tuesday, 24 October 2017 17:22

Cybersecurity 101: You are the problem - Seriously simple steps you already know, but you don’t do

Written by
Rate this item
(1 Vote)

Look, we’ve all been there.  Complaining about all the security policy rules and how they waste your time.  Frustrated at all the passwords we have to remember.  And just when we do, ‘they’ force us to change them.  Demanding that we make them more complicated. Stronger.  Longer. Random..er.  It’s like, why even bother with new technology?  The technology that is supposed to make us more productive is making us LESS productive.  I’m sorry, but I have some news for you.  You are the problem…or at least part of the problem.  I know that sounds like bad news, but really it’s good news.  Because you can fix you.  Psychologist Henry Cloud says, "You can’t fix a problem that’s not in the room."  So once we are all ready to admit that we are the problem, now we can start building a solution, practicing new disciplines and forming new habits.

Here are just a few security habits that you need to stop or start doing. 

  1. Your password is not secure.  I can’t tell you how many times I’ve had clients give me the puppy dog eyes regarding how simple their password is.  They know it.  I know it.  We all know it. But for those that don’t, here it goes.  Sorry, your company name with a few random numbers is not secure.  No, your favorite season and the current year is no better.   While we are at it, STOP using a word from the dictionary unless you are going to use a passphrase.  What’s a passphrase?  A passphrase is a way to make your password longer while avoiding a string of random letters, characters and numbers that are impossible to memorize.  Length of passwords matter.  Hacker @TinkerSec tweeted the other day that “8 character passwords are dead.”  They said, “…we can go through the entire keyspace (upper,lower,number,symbol 95^8) of all 8 character passwords in ~5 hours (hashtype NTLM).”  That means that no matter what your password is, if it’s 8 characters, you can be hacked in 5 hours or less.  So the new norm is going to have to be longer.  I’m seeing companies starting to enforce 15 character passwords.  How is someone supposed to remember a highly complicated 15 character password?  START using Passphrases.  The fact is that the passphrase "My father wears sneakers in the pool 1" is more secure than the password "a#IKlfpao76ee" let alone "Snowball2017".  It’s also easier to remember.  One catch is that not all systems allow this, so it is not a silver bullet.  Which means at the end of the day, it may be unavoidable for you to START using a password manager. A password manager is an app that will securely store your passwords so you can STOP using post it notes.  LastPass is a good one that I use.  There is a free version for consumers, so now you are without excuse.  All of your super complex passwords and passphrases locked tight and at your fingertips.  When I introduced LastPass to my wife, it changed her life.  In fact, she said, “Using a password manager like LastPass has removed my anxiety of passwords.  I can generate a complex password and easily copy and paste when I need to use them.”
  2. Why just one when you can do two?  I won’t spend a lot of time on this one because it is a similar concept to the first one.  STOP using only a password, and START using multiple forms of authentication.  It’s called multi-factor authentication, which basically means that you need two or more separate ways to authenticate yourself.  The concept is simple.  You will be more secure if authentication requires 2 of the following 3 items: Something you know, something you have or something you are.  Your password is something you know, and hackers have gotten quite good at compromising that.  Something you have would be like a key card, or a phone running the google authenticator app.  Something you are involves biometrics like a fingerprint scanner or something.  Using MFA is getting easier and easier to do, and it will provide much more security.
  3. You have voices in your head, use them.  My mom used to say that, “If it makes your nose wrinkle, pay attention.”   As I have stated, you know what is secure.  You know when an email looks ‘phishy’.  There is a voice deep inside all of us that understands many of these concepts,  but disciplining ourselves to listen to it and take action (or forego taking action) can be challenging.  If something doesn’t seem right, ask someone.  STOP trusting everything.  I have heard it said that you should ‘trust, but verify’.  If you get an email that looks out of the ordinary from someone, take a couple minutes to call and check.  Let them know that it looked suspicious.  For example, “Hi Bob, I got an email from you that only contained a link to a website and nothing else.  It looked suspicious, and I was going to delete it but wanted to check with you first.”  Even if it is a legit email, you are still helping the situation by letting that person know that something they did caused suspicion which might cause them to change behavior and write a little personal note with the link the next time they forward you the latest cat video.  START listening to the voices in your head.  The voices are often smarter than you think. 

These tips will help get you started on the journey ahead.  So that hopefully you can STOP adding to the problem, and START becoming part of the solution.

Read 12928 times Last modified on Tuesday, 24 October 2017 21:22
Jordon Darling - CISSP

Jordon is the President/CEO of  HITECH. He is a business minded security professional who has a passion for people and small business.  Some of his certifications include: CISSP, CSSA, MCPS, MCNPS, MS, SA

773 comments

  • Comment Link google fuck Saturday, 15 December 2018 20:00 posted by google fuck

    I cannot thank you enough for the post.Really looking forward to read more. Cool.

  • Comment Link chp Saturday, 15 December 2018 13:56 posted by chp

    I cannot thank you enough for the post.Really looking forward to read more. Cool.

  • Comment Link Que Es Pesimista Saturday, 15 December 2018 06:31 posted by Que Es Pesimista

    hello there and thank you for your information – I’ve certainly picked up anything new from right here. I did however expertise some technical issues using this site, since I experienced to reload the site lots of times previous to I could get it to load properly. I had been wondering if your hosting is OK? Not that I am complaining, but sluggish loading instances times will very frequently affect your placement in google and could damage your high quality score if advertising and marketing with Adwords. Well I am adding this RSS to my e-mail and can look out for much more of your respective fascinating content. Make sure you update this again very soon..

  • Comment Link Pasando Del Pesimismo Al Optimismo Saturday, 15 December 2018 06:13 posted by Pasando Del Pesimismo Al Optimismo

    hey there and thank you for your information – I have definitely picked up something new from right here. I did however expertise several technical points using this site, as I experienced to reload the website lots of times previous to I could get it to load properly. I had been wondering if your web hosting is OK? Not that I am complaining, but slow loading instances times will very frequently affect your placement in google and can damage your high-quality score if ads and marketing with Adwords. Well I am adding this RSS to my email and can look out for a lot more of your respective exciting content. Ensure that you update this again very soon..

  • Comment Link sa Saturday, 15 December 2018 04:18 posted by sa

    I cannot thank you enough for the post.Really looking forward to read more. Cool.

  • Comment Link google fuck Friday, 14 December 2018 16:39 posted by google fuck

    A big thank you for your blog article.Thanks Again. Want more.

  • Comment Link Kathe Sawinski Friday, 14 December 2018 12:05 posted by Kathe Sawinski

    Hi there! I could have sworn I’ve been to this blog before but after going through a few of the articles I realized it’s new to me. Nonetheless, I’m definitely delighted I came across it and I’ll be book-marking it and checking back frequently!

  • Comment Link Annabelle Friday, 14 December 2018 06:57 posted by Annabelle

    I know this site offers quality dependent content and extra data, is there any other website which
    presents these kinds of things in quality?

  • Comment Link Illa Strazza Thursday, 13 December 2018 23:52 posted by Illa Strazza

    I wish to express some appreciation to the writer just for rescuing me from this issue. Because of researching through the online world and meeting notions which were not productive, I believed my entire life was gone. Living minus the answers to the issues you’ve fixed by means of your main write-up is a critical case, and those which could have adversely affected my career if I hadn’t encountered your blog. Your primary understanding and kindness in touching all areas was precious. I am not sure what I would’ve done if I hadn’t discovered such a subject like this. It’s possible to now look forward to my future. Thank you so much for this skilled and amazing guide. I will not think twice to recommend your web sites to anybody who should have guidelines on this matter.

  • Comment Link Daysi Bergren Thursday, 13 December 2018 23:48 posted by Daysi Bergren

    computer security software program for Microsoft Windows users that combine software as a service cloud protection with traditional Antivirus and anti-spyware desktop technologies. Built into the suite is a two-way firewall, a registry cleaner, Email anti-spam, secure browsing, anti-phishing and a password management service .[url="http://webroot-comsafe.us/" rel="nofollow"]http://webroot-comsafe.us/[/url]

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.