Sunday, October 28, 2012

SECURITY BEGINS WITH YOU


The other night Robin and I were watching TV when I threw a few idea's I had rolling around my brain [ed. - idea limit 3 while watching TV, 'nuff said] and after the 3rd one she said "You should write an article about that". We resumed watching "Person of Interest" (GREAT show BTW). I awoke this morning before dawn due to the resumption of rolling ideas and came in here to get this down on a file so I could get a good nights sleep tonight.

It's hard to miss the big hand pointing a finger at you, so it was probably the first thing you noticed on this blog post, the 2nd being the subject matter. It's easy to to buy Anti-Virus software, get infected, and blame the software, and just as easy to blame your email account (whether it be a Microsoft, Gmail, Yahoo, or AOL email), along with endless other online accounts that require a login name and password. IMHO, this is not outside the boundaries of what makes sense - as long as you have done your part in this security partnership, and that's exactly what it is - a partnership.



Whatever service you sign up for, that service has their own internal security and firewalls that cost more than your car; yet even they are vulnerable (as we've seen throughout this year). But on a personal level you should make things difficult for someone interested in hacking just your account.

THINGS TO AVOID DOING

  • Using the same password for all of your accounts. It's a pain in the butt, but buy a notebook pad and write the information down.
  • If the site allows it, don't use your email address as your login name. I know that many sites will only let you use your email address, but for the ones that will let you pick something else - do it.
  • If the site lets you pick a login name, don't use your name, or any other name that someone could link to who you really are.
  • Birth dates. Some sites require your birth date [ed. - this is where that pad full of logon's and passwords comes in handy], so pick a month, day, and year that isn't yours, but make sure to write that down on your pad should a question about your birth date comes up.
  • Social Networking sites have other things to fill in, like where you work, where did you go to high school, what State or zip code do you live in, etc. If it's required, fill them but make the information FAKE, FAKE, and....FAKE. Then write all of this down on your password pad. Should your account ever get hacked, the information obtained by the hacker will do them no good. They will be creating an information file on someone who doesn't exist.
  • How many email addresses do you have? Some have one, others have 2 - personal and work. Create several more. Why? It's a good practice to have an email address just for non-essentials.
Example: You're at a store and have just made a purchase and they ask for your email address, or, you see that a radio station has a contest you'd like to enter and it requires an email address. Use the non-essential email you just created, not your personal or work email address.

PUBLIC DOMAIN

Many companies you purchase products from will pledge to keep that information with them, and them only, while at the same time, many companies, services, and even magazines you subscribe to will sell that information to someone else, who will sell it to someone else, etc. And let's not forget those contests you entered like trying to win that new Dodge or Ford truck while ignoring the little, tiny fine print allowing them to use the information in any way they wanted to.

Because of this, there is a LOT of information about you floating around the Internet and all it takes is a Google, Bing, or Yahoo search to find it. The information may or may not come up on the first or second page, but if you dig deeper you'll find something - and what you find, may shock you! Think I'm kidding? Here is a recent example:

I was at a clients residence cleaning viruses, spyware, and Trojans off their computer and while I was doing this I handed them a document I'd written in regard to what steps they should take after having their computer's security breached, like changing passwords, how to make the password harder to crack, etc. I could see cold sweat running down this person's (now ash-white) face as they began to get overwhelmed with what they would have to do.

In a calm, soothing manner, I talked about each step and they understood the importance of it all, finally realizing they had to take on this challenge. Of course the usual questions about their infections like: Who? What? Why? were asked (and answered) and how much of their personal information did I think was on the Internet. "I couldn't tell you for sure", I said while pulling up google and typing the person's name in the search box and hitting ENTER. A bunch of links (along with paid advertisements) came up on the first page, but nothing relevant, and the same with the 3rd page; but on page 4 came a link with that person's name on it.

Clicking the link we were told that 57 people with the same name were found in the US. We saw that Texas had 14, and clicked on that to eliminate the other 43. Of the 14, 4 were in the Houston area and it also has the age of the each person next to it. Clicking on the name with the correct age brought us to another page with listed this person's company they worked at (2 companies ago), home address, 3 email addresses, and a map with directions to their house! Oh, and I almost forgot - it even had a picture of them, one that had been used years ago for an instant messaging program no longer used. Most of this information was either in the public domain, or legally purchased from some company on the web.

[End of the example]

While using the Internet makes things super easy, it comes with a price with regard to your personal information, and how super easy it is to find it. If I've just given you a chill down your spine then I've succeeded in conveying the delicate balance of good vs. evil and the Internet.

It's a nice Sunday morning, and after reading the paper, or going to church, it would be a good day to sit down with your spouse and write down every Internet site you use that requires a login name and password, then decide what you can do to make it more secure [ed. - here comes the example]:

Instead of a name, use a sentence or short phrase for a password that has at least one capitalized letter, and a number or other character to go along with it. You find at least two other posts I've written devoted to this subject, so I'll use my common password example of - itrainsinspain. Well now, that wasn't so hard to come up with was it? And I'll bet you can come up with many others (which you should use).

Now let's get a little tougher. You could make it: Itrainsinspain, itRainsinspain, or even ItRainsInSpain. Tougher? very well, let's get really tough! (remember you can use a number or other character like $ or ! as well) - it!Rains!in!spain$ [quite the difference from the very first example, and/or the name of your pet]. WHAT?? You want it even harder to break? Okay, here we go: Alpha/Numeric substitutions - i=1, s=$, and o=0 (zero). Taking our last password (it!Rains!in!spain$) we now have: 1t!Ra!n$!1n!$pa1n$, a password that would be suitable for very high security accounts like banking, stock portfolio, etc. AND - WRITE THEM DOWN ON YOUR PAD OF PASSWORDS!

It's easy to do, just go line-by-line and account-by-account. Line 1 might read,
Bank of America  Login Name: Forrest Tucker, Password: 1t!Ra!n$!1n!$pa1n$.

Next line:
Amazon   Login Name: openrange, Password: D0ntl00kunderthe$ta1r$

Tough? yes. A pain in the butt? yes, but remember, even though you may (or may not) be wearing a uniform, you are fighting in the Cyber war and you are responsible for holding up your end of the security line. Okay, now go do 15 push ups and take a nap -

'Nuff Said,and "Thank You" Robin
Brian

No comments:

Post a Comment