Happy New Year etc.! OK, now the pleasantries are out out of the way, we can get on with the usual cliche'd list of New Year's Resolutions. You can see I'm going well already with my drive to avoid cynicism in blog posts. These resolutions are aimed more at your personal IT needs than your work life, but you might find a spot of cross applicability in any case.
- Housekeeping! - Yes, it is a bit early for a spring clean, but since you've a while to go before you have to break out the washing up gloves and the hoover, you've got time for a bit of a clear-out in online accounts. Each login you have, even if it doesn't protect anything "interesting" or "valuable", is a potential route in for a "cross site privilege escalation" - an attacker could, for example use this to find your postal address or mobile number, which you gave on sign-up, and use these to gain entry to a more "interesting" site, which may have your credit card details. Take a look back at the marketing emails you received in December (they're all at it over the holidays so this is a great time for it) and close down anything you don't use.
- Pesky Passwords - by following the first resolution, you've protected yourself some more against having your password stolen in a site-breach - there's been enough of these in 2013 to sink a battleship. Ideally, you're going to want a different password for each site or service, and there are 2 ways to help reduce your password re-use: First, federate login (eg. through google and facebook), which is very much putting all your eggs in one basket - so you had better watch that basket by following my other resolutions. The second method is to use a password service, such as lastpass. There's no reason not to have a little from column A, and a little from column B, of course. While you're at it, you might check to see if any of the passwords you've been naughtily re-using have been leaked to the world here: https://haveibeenpwned.com/
- Backup: Half the Story - and I'm assuming you are halfway there, right? You should back up as much as possible as often as possible. I prefer "everything, all the time" for my files (I personally use backblaze, good value for money!) Other backup services/strategies exist. YMMV. The other side of the backup story is restore. Having your files sent to the great hard disk in the sky is all well and good, but you need to be sure you can get them back. At the very least, pick a few files and try to restore them. You might find a problem you never knew you had!
- No Pain, No Gain - 2 Factor Authentication. Yes, I mean you. Pay attention at the back. I know you've been putting this off because you think it will be a pain in the backside. Yes, it will, but once you're used to it, it's minor, and the protection afforded against keyloggers and brute force attacks are not to be understated. This isn't a panacea, but it's one more useful protection against the legion wrongdoers. Many sites & services now support this, a not-particularly-exhaustive list on a post over here.
- Finally, One Good Turn... - I'm quite sure you are already 100% on top of all of these suggestions, so I am going to leave you with resolution 5 - go help someone less fortunate (in the Info-security sense) than yourself. Parents, siblings, other-halves, whoever. I know, it's a pain, you're probably the person they'll come to when it all goes pear shaped in any case, and you do enough family tech support as it is, blah blah. Nut up, and go do a good turn. It's the new year, and you'll feel better for it. Not only that, but some of these resolutions will help reduce the calls you get in 2014 from panicking friends and family, and their security is, in many ways, allied to your own. Much like a compromise on a "less important" account that can be priv-esc'd, a security-compromised friend is a threat to your own online safety. On the subject of good turns - if you're after more resolutiony goodness, check out Graham Cluley's list here.
One last thing... thanks for reading the Smoothwall blog in 2013, hope we can keep you interested and entertained in 2014. -Tom
No comments:
Post a Comment