“If you are not concerned about cybersecurity, you don’t know enough about the topic yet.” – Raef Meeuwisse
Strengthening your online, cybersecurity presence is a balancing act along a continuum: On one end lies convenience, using technology to manage our lives by the simplest and quickest method possible and, at the other extreme, security, protecting our interface with technology with the most current and complex tools available to insure our data is confidential, maintains integrity to when we created it and is available to us when we want it. The more we value convenience, the less security we have and the more security we implement, the less convenient using technology becomes. The choice is yours to make, though one must remember that the consequences of not implementing adequate security to protect your information can have far reaching, and expensive, implications. Here are five simple steps to strengthening your online, cyber presence that create a minimal loss of convenience but lead to a much more secure use of accessing your online data.
Step 1: Begin Using a Password Manager
In order to complete the next two steps it is essential that you start with this one. The first step is to download and begin using a password manager. I know what you thinking, I felt the same way. Having all of my passwords and usernames in one place seemed to be a pretty big vulnerability. If my password manager should get hacked, someone would then have access to all of my accounts. The prevailing wisdom now, though, is that it is more risky to either write down your passwords in a book and have a hard copy of them or use an easily remembered password across multiple platforms, than it is to use a password manager. Password managers can be limited to being loaded on one device or can be available through a cloud service and available across multiple devices. My recommendation is to utilize one of the password managers that allows access across multiple devices through a cloud-based service. In this way you are able to access the password manager across a mobile device, tablet, laptop, or desktop computer rather than just your smart phone. The one essential factor one needs to remember in using a password manager is that there is a single password used to access and unlock your passwords. So, make that password complex, yet also one that you will not forget. In order to proceed to the next two steps one must have the password manager set up.
Step 2: Change Your Password
Guidance on creating a secure password usually requires that if you are using four types of characters, capital letter, lowercase letter, number, and symbol, that you would need a password with at least 12 characters. If the password has only three types of characters, such as uppercase letter, lowercase letter, and a symbol or number a secure password would require a length of at least 16 characters. For most of us remembering a password this complex would be impossible or at least very difficult. Now extend that across 50 to a hundred sites, each of these passwords different, and the task become somewhat impossible for most of us. Recently, some of the guidance has encouraged a password to be composed not of just a word or combination of letters characters and symbols but more a phrase. This phrase could be a quote, a line out of a book or it could be some statement that you will remember. Many times a computer focused on hacking a password would have more difficulty cracking a phrase password then it would a multi character type password. My goal for you is to identify two banking accounts that you consistently use and consciously change the password to both of those accounts today.
Step 3. Change Your Username
When setting up a profile for an online site, there is a tendency to want to use an identifier that makes the profile username specific to us (i.e. our name, our email address, first letter last name, etc.). In choosing a username such as this, we make it that much easier for a hacker to access 50% of the login information required to access our account. By modifying a username, and making it as complex as your password, you limit the ability of a hacker to access that account. As a caveat, there is also a tendency to, when asked for a security question, to answer that security question accurately. For example, when the program asks for mother’s maiden name, the tendency is to answer that question accurately. For someone dedicated to penetrating that account, that information could be found online. One recommendation would be to answer that question with an answer that has no relation to the actual name, in this case mother’s maiden name. Thus, when asked mother’s maiden name? The answer to that question could be “green roof”, something totally not related to the actual, verifiable information.
Step 4. Begin using Multi-Factor Authentication
Multi-factor Authentication is a simple, though many times underutilized security option, to provide a more secure access to your account. It is a simple procedure to set up, and is usually accessed within the website security and privacy options. Essentially, using multi-factor authentication is a follow-on step to authenticate that you are indeed who you say you are when working to access an online account. The process works something like this: You enter your username and password and press enter. The online site then triggers a text message, email, and/or prompt within what is called an authenticator application, which requires you to enter either a 5 to 6 digit code into the website to verify that you are who you say you are. Basically, the use of multi-factor authentication adds another level of protection to your account and, if someone were to crack your username/password, before they could access the data within your account, they would have to have access to your phone receiving the text message with the 6-digit code, approving/disapproving within the authenticator app or possibly accessing your email account.
Step 5. Implement Off-site and/or Online Backups of your Digital Data
What we have discussed so far focuses on hardening your defenses against an attack. This 5th step is a way in which to mitigate the damage that could be done when, not if, your data and or controlled access websites are breached. There are a several different options you can use to back-up your data: The first would be an external hard drive, connected to your computer and acting as a backup solution of your digital data. This solution allows you to transfer or copy the data from your computer onto this external drive. This external drive would then be disconnected from the computer and placed in a secure location, preferably in a different location than where the computer housing the original data is located. In the case of a fire or a severe weather incident resulting in the destruction of the computer housing the original data, the backup data can be easily loaded onto a replacement computer. The challenge, sometimes, with an external hard drive is that to back-up the data requires one to consciously plug the external drive into the computer and force the back-up to happen. This can take some time and effort. An alternate solution would be to use an online backup platform to save your data offsite and to automatically back up the data each time it is changed. This solution differs from a Google doc or OneDrive account – these solutions are simply extensions of your existing computer file system. Examples of offsite back-up systems include Carbonite, Iron Mountain, and/or Veeam, all of which are dedicated software platforms for off-site backups.
Challenge yourself now to lean more towards security versus convenience. Proactively make this a priority to you and your team for your future online security and the growth of your business because it is no longer a question of if your data are breached, but when.
(Source: Mark R. Lupo, MBCP, Area Director, UGA SBDC in Columbus)