According to this report from Symantec, Internet attacks have increased by 81% since last year. I suggest to read the full document if only to see the good graphical summary of the first pages. This guide from Google introduces the key concepts and suggestions. In the following I will review some hints and provide considerations to often neglected aspects.
The suggestion often provided is to use complex passwords and to have one per account. However, given some people have more accounts than friends, I think this approach is not really practical without the support of some tools. There are many more password manager applications with similar features the one I use is the free Keepass 2. You can use the one you want, just remember that a good password manager software should be:
- multi-platform: I can use it on my tablet, home PC and the work laptop (does not require installation)
- as an option, able to synchronize the database with the cloud or other systems
- integrate with browsers via plugins: once a website is registered, login details are passed automatically. This is particularly useful as I do not like to store passwords in the browser memory
- create lengthy random passwords like “i@Kh,8bRWEqF}yBM`Ril“, so you protect yourself from brute force or dictionary based attacks, since you can copy and paste the passwords, you do not have to actually remember them
- able to set reminders to change passwords
Seems airtight, are we done? Not at all!
There are other risks deriving from users behavior or major hacking of websites. “Humans are a weak link in cyber security, and hackers and social manipulators know this” (FBI, 2012). Just to list a few:
- social engineering and phishing – For a complete coverage on the topic read this interesting article from Symantec. Hackers attempt to gain personal information used to access systems. The range of techniques varies such as persuasion, elicitation, dumpster diving (yes they literally scrap into your rubbish), deceiving emails, planting malicious software – hence the advice: “do not accept candies from strangers”, pardon: “do not open attachment received from people you do not trust”
- hacking of websites – This year, for example, LinkdeIN, the professional social network reported password were stolen. In these cases, unfortunately the only mitigation is to change password after the fact. So look in the news for major hacks
- social network risks: “Once information is posted to a social networking site, it is no longer private. The more information you post, the more vulnerable you may become. Even when using high security settings, friends or websites may inadvertently leak your information” (FBI, 2012)
- if you have kids read these CIA suggestions and do not keep them secret!
As conclusion and in addition to the article by FBI cited before, I just want to mention some obvious caveat often overlooked. Posts in many cases resemble invitations to criminals. Be vary of which picture you post online. For example, that new shiny TV set or stereo you are so proud, might appeal also to burglars that now knows where to find it. Simalry do not advertise your holidays before going. An empty flat for two weeks seems to good to be true.
Finally, for personal safety reasons, it is not a good idea to post meeting details “let’s meet at Harry’s Club at 20:30 tonite” in the wall of a social network might sounds “please assault me at Harry’s Club at 20:30 tonite” to and aggressor. The list can go on but I think I explained the basic idea.