Data Insecurity: Smart Hackers or Bad Hygiene?
How do we keep our data safe and prevent criminals from using our accounts to get data out of our systems? Do we have to learn to outsmart the hackers? My contention is that basic security is found in boring old hygiene and not in outsmarting or sophisticated technical defenses against hijackers.
You are safer if you keep your computer and software up with the latest security patches and use a different password on every website. That is basic hygiene. Like most other things, there are technological aids for the task, but the actual issue is just making sure the data house is "clean and locked." There are time-tested, non-technological ways to keep a list of secret words. However, in the 21st century, a password manager can give you what you want: having only one password to memorize; and what you need: having a different hard-to-guess password on every website.
How to Protect Your Devices
Try this - get a recommended password manager, then:
1. Make an easy-to-remember, hard-to-guess, 15-or-more character passphrase to secure
your password manager.
2. Follow the password manager's instructions to install your browser plug-ins (these
remember the passwords you type, and paste your stored passwords in on the websites
you log into).
3. Let the password manager record, encrypt, and store the passwords you use during
the day.
4. Next time you have to change a password, be sure to let the password manager generate
your new password and store it.
The only password you should have to remember is your password manager passphrase.
The rest of your passwords are stored in your encrypted password vault in the password
manager, and you use your password manager browser plugin or mobile app to replay
them into websites when you log in. The password manager securely syncs your passwords
across all your devices.
Best practices:
• After setting up your password manager, visit your websites where you are using identical or similar passwords and change your password. Let the password manager generate, store, sync, and encrypt the new password across your devices.
• Use separate vaults or separate accounts in your password manager for your work and personal passwords.
As far as security updates for your personal computer, try browsercheck.pepperdine.edu to find all the out-of-date software and link you to the updates. University-owned computers are maintained up-to-date with Device Management powered by KACE and Windows Software Update Service (WSUS).
Keeping secure is largely a matter of doing these two simple housekeeping tasks consistently. Without hygiene, hackers don't have to outsmart us.