Marc Goodman is one of the thought leaders in digital security. I heard an interview he did last week and it reminded me I need to work on my own digital security.
The number one thing to keep you safe in the digital world is: Stop, Think, and then Connect. There really is no Nigerian Prince that wants to give you a lot of money or needs your help. Most things are that ridiculous, so don’t do anything on line that you wouldn’t try off line. Use common sense!
He also goes over his way of keeping his digital world safe, and it’s easy. He uses a simple acronym you should adapt for your life, UPDATE.
Update – Keep your software up to date. The number one reason companies update their software is to fix security holes they didn’t know were there until after they released the program. Apple does this all the time with their iPhone OS and other programs. Keep your programs up to date. If you are too busy, or don’t want to deal with it almost every program has an auto update feature, turn it on.
Passwords – Use different passwords for everything. I know it’s a pain but it really is the best way to keep you safe. About 6,000 Facebook accounts are hacked a day. Most people use the same login information for Facebook as they do a lot of other things (including their bank accounts). Don’t do that. You can use auto generate and password banks for everything from companies like LastPass, 1Password, or Dashlane.
I don’t use a password bank but have a unique password for everything, no my memory isn’t that great. I use a simple trick.
I have a couple different keywords I use and then build my password around that. Make up a keyword that you will remember or that is part of your life, I’ll use my name for this one, “ben”. Then use a 3 or 4 digit number, could even be the end of your phone number or address, I’ll use “1604” for the demo (it’s where the gun shop is located). Then we’ll change that number a little to “16)$”. All I did was hold-down the shift key for the last two numbers.
Make it different for each site by using the first 2 letters of the site you are on. And capitalize one of the letters. So for Facebook my password would look like “Faben16)$”. For my Twitter account my password would look like “Twben16&)”. Pretty simple, and I use it for everything. Now you know the first two letters of my password, bet you can’t guess the rest!
This works because most people’s passwords are not broken by a person but by a program that is running common forms of all the on line info it can find on you. Once the program breaks something simple, like your Facebook account, it automatically tries the same log in credentials at all the banks, credit cards, and anything else it’s programmed for. Scared enough to change your password yet?
If not, Marc explains that some of the major hacks in the last couple years aren’t from people that are geniuses that are writing these programs, but by low-level thugs that are scaling up their mugging operations by buying these hacking programs on the open market and then using them to get all your information. The Target hack a couple years ago was done that way.
Downloads – This is simple, don’t download anything that you didn’t ask for, even from your friends because their email may have gotten hacked and it is sending malware to your computer. All those bit torrent sites where you get the latest movies for free, most of that stuff is infected with some kind of computer virus. It’s probably not worth the $10 you are going to save, just buy it.
Administrator Accounts – This is one that I’m guilty of and had to stop writing and fix before continuing. Don’t use your administrator account on your computer for normal use. By default you computer has Admin accounts and User accounts. To change anything in the main operating system in your computer permanently the computer needs the administrator’s okay. When you are logged in as the administrator and download something your computer assumes that you have given it permission to do whatever the program wants to do to your computer. That includes nasty stuff that will destroy your data or key loggers that will steal your passwords.
When you are logged in as just a user, the computer requires the admin password to alter anything major or permanently. So at least you’ll know when that annoying pop-up comes that something is trying to change your computer.
So start a new account that is a user only.
Turn off your Computer – Turn off you computer when you aren’t using it or at least at night. If you won’t do that, turn off your Wi-Fi at night. When your computer is just idle and it is connect to the Internet it is open to getting hacked or if it is already infected with a virus it is doing really bad things while you let it sleep. Your computer is always running maintenance and other small programs in the background even when you think it is sleeping. The only way to stop it running everything is to turn it completely off. Besides, it’s good for your computer to get reset every so often, it will make it run faster.
Encryption – Encrypt your data and your connection. Breaking encryption is almost impossible without your key, so use the programs that come on your computer to encrypt your hard drive. This takes up more space on the hard drive but keeps your data safe if someone gets to your computer.
You can also encrypt your connection when you are on the road by getting your own Virtual Private Network (VPN). This allows you to encrypt your data as it moves through open Wi-Fi connections. When you are at the hotel or airport and using the free Wi-Fi, there are a lot of people on the same network that are looking at your computer. Don’t think so? I have a friend that got all the music off of someone else’s computer while on a flight because they both forget to turn off their sharing and the other person’s computer popped up. While the other person was working on something else the computer was busy transferring a ton of data to my friend’s computer. It happens all the time by people with goals more nefarious then stealing music.
Marc suggested creating your own VPN and PC World has a write up on how to do it.
Be careful whom you do security business with. There are some small companies popping for ultra cheap that are actually people stealing your data because you gave it to them when you did business with them. For your password banks, anti-Virus programs, and VPNs, use a reputable company from a big name you’ve heard of or that is suggested by more than one person you know.