Being an Information Security professional, my family and friends often look to me for advice on how to stay safe in the electronic information age we live in. Here are some personal habits that help protect me from cyber-criminals.
Manage passwords instead of memorizing them. I couldn’t tell you the password to any of my online accounts. They are completely arbitrary, consist of a minimum of 25 characters, and all are unique. I have one password: the password I use to unlock my password manager. Password management software helps me create complex passwords for my accounts and it automatically submits this information when I need to log into them. It also notifies me when a website I have an account on has been breached. I use the paid password manager 1Password, but there are free alternatives out there, such as Last Pass. Keep in mind that all of your passwords will be protected by one password, so make sure it is a strong and complex password. Do not use this password anywhere else, especially for any online accounts. Most importantly, do not share this password with anyone.
Use multifactor authentication. I discussed this in one of my previous blog posts. Simply put, multifactor authentication requires more than one step to access accounts, making them almost impossible to compromise. I use multifactor authentication wherever it’s supported.
Update software frequently. I keep all my devices up-to-date, including my smartphone and tablet. Hackers are constantly working to discover new security flaws that will give them access to your accounts. To prevent these flaws from being exploited, you must keep your software up-to-date. Make a habit of frequently updating both your operating system and any third-party applications, such as Adobe Flash and Java.
Encrypt your devices. I encrypt all my devices, which scrambles my information so it’s not easy to read. If any of my devices is lost or stolen, my personal data will be safe from prying eyes. Apple’s upcoming smart device operating system, iOS 9, will require encryption through the use of a six-digit passcode. I recommend encrypting all your devices. Here are tutorials for encrypting popular operating systems:
Run antivirus software. Yes, you too, Mac users. Contrary to popular belief, Macs are just as prone to getting a virus as Windows PCs. Again, running anti-virus software doesn’t hinder the performance of most new devices. If you need to run a virus scan, do it during a time you don’t plan on using the device, because it can take time.
Stay away from public Wi-Fi. It’s a safe assumption that most public Wi-Fi services are not secure. If you must use public Wi-Fi, do not perform any transactions that involve personal information, like online shopping or banking.
Back up your data. Availability of data is a major focus of information security that many folks overlook. If the last 10 years of family photos are on a single device’s hard drive and it crashes, they will be gone forever. Make a habit to back up your data at least once a week. You may someday thank yourself for it.
Go paperless, and shred any unneeded paper. I have many bank account, credit card, auto insurance, and other statement-producing online accounts, and I always opt to go paperless. This reduces the risk of someone finding a statement containing your account number, which will allow them access to your information. Only keep paper copies of information when it’s absolutely necessary. Shred any paperwork you do not need, even if it simply contains your address.
Although it does take some time and effort to follow the practices outlined above, they will highly decrease the chance of your financial information or identity being stolen. If you prefer not to do this yourself, I highly recommend having a computer professional or the family “IT guy” periodically review the health of your devices. It could save you a significant amount of time dealing with identity theft or financial fraud in the future.
Brendan Chamberlain is an Information Security Analyst and a member of the Information Security team at The University of Vermont Medical Center, where he works hard to enhance the security of sensitive information. He has been diligently training for the upcoming Spartan Race in Killington, VT, this fall.