On a daily basis there are new and scary news reports of huge breaches of data security that happen with large and very well-run companies. Target, Adobe, LinkedIn – those are big examples you no doubt heard of. Of course, this doesn’t include the countless smaller stories you never hear about unless you’re like me and read tech blogs every day. Add to that the frequent occurrence of run-of-the-mill website hacks – and the impression is inescapable that your information is either vulnerable to theft, hacking – or just being monitored or sold without your consent.
So how do you keep this onslaught in perspective? Develop a personal online security game plan. A few simple updates to your habits, methods and tools can greatly reduce your risk and minimize damage should a compromise occur. One thing is for sure: you have to be willing to do a bit of work and up your security game. Here’s a few tips and ideas to consider:
1. Website security is about minimizing risk, so don’t be the “low-hanging fruit”. Example: most hacks of WordPress websites are done by automated means that exploit known weaknesses, so don’t provide those weaknesses. There is no such thing as a 100% secure website, but implementing simple preventative measures can protect you from the vast majority of website threats. Simply keeping your WordPress installation and plugins up to date, along with improving your password quality will go a long way to better secure your website.
2. You probably need to change your password ways. I know – its a pain to remember A8Z4wa&vEs#%x, so don’t! Use a password management tool – my favorite is LastPass – but there are many other excellent options. Also – you absolutely do need a unique and strong password for each of your online accounts. For passwords you really have to memorize – consider a “high-entropy” passphrase instead of a string of characters or a word. Example: “swinginpartymrbates” (in this case, a fun combo of an awesome Replacements song plus the beloved Downton Abbey character).
3. Two-step authentication can save the day. It can be bit of a pain to adapt, but implementing two-step on critical logins such as your email (Gmail/Google Apps’ version is excellent) can single-handedly thwart a hacker. If you’re into horror stories, consider this famous cautionary tale by an editor of Wired magazine in 2012. One of the conclusions he reached was that two-step authentication would have stopped the hacking in its tracks.
4. Those old applications you use regularly may not be helping. As your main tools for accessing the internet, browsers and email habits should be reviewed. For browsers, use Chrome or Firefox and keep them updated. If you have an old (< v. 11) copy of IE installed, remove it or update it immediately. As for email, do you really need to use a mail application client? If you use webmail via a browser, you probably (should) have a secure connection (https) while viewing your in-box, which is better. Also, Outlook includes your IP address in your mail message headers, but Gmail doesn’t. Unless you’re a high-profile or public figure, you probably won’t be personally targeted via IP for a malicious hacking, but why broadcast more info about yourself than is necessary? See tip #5…
5. Don’t broadcast more info about yourself than is necessary. Periodically review all settings on your social media accounts (Facebook & Google+ especially); and review what you have posted. Does the whole world need to know where you went to high school, your full birthday or home address? Check Twitter for the tweet-location setting, which should be off except in rare cases. Check info attached to domain registrations – remember, your domain’s “whois” record is publicly available – if your data is not business related, purchase domain privacy. Forward a Google Voice number to give to casual acquaintances instead of sharing your actual mobile number… you get the idea.
Hopefully, the tips above will get you thinking about ways to reduce your overall online security risk. Like any other safety issue, awareness and good habits are essential. Feel free to share your favorite security strategies in the comments. :-)