CBA Inc

Information Security - Better Safe than Sorry!

15

Jan
2014

Better Safe than Sorry!

Information Security - Better Safe than Sorry

I want to share some very useful tips with you on information safety.

Unfortunately, I recently learned the hard way when my credit card number was stolen as I checked into a Las Vegas Hotel for a seminar. Luckily though, my bank was very diligent and the breach was under $100 and very short lived!

  • 1)  ALWAYS use strong passwords (combinations of capital letter, number and punctuation work best and are harder to crack). An easy way to remember is also using something similar to the following short phrase: I8cookies
  • 2)  Don’t use the same passwords for all accounts and change passwords regularly. This is easier said than done and is more secure. There are password vault applications available (many free) on the web and on smartphones that can help you compile and manage your different passwords securely. Granted, you sometimes get as much functionality as you pay for. There are some really good paid options too. A personal favorite of a colleague of mine is called RoboForm.
  • 3)  Back up your data into multiple and diverse solutions such as an external portable hard drive in conjunction with a secured cloud based backup solution. Don’t rely on a single storage medium for your most important data (family photos, etc.)
  • 4)  Basic information like your address and birthday are easily obtainable online. For Password Reset questions always use secret questions that are fairly obscure and only you or close family would know.
  • 5)  Another good practice is to make sure public profiles on Google, Facebook, etc. are controlled and you only share information that you are comfortable with the whole world seeing. Don’t make it easy for someone to guess your password. Also, don’t set your social, email or other accounts to “auto login”. If someone nabs your computer or device, you have given them instant access.
  • 6)  Full disk encryption (e.g., BitLocker for Windows, FileVault for Mac OS X, dm-crypt + LUKS for Linux) for your personal machines is critical to secure your data in the event you misplace or lose it. That way, despite the loss of the hardware, it becomes more difficult for someone else to access your data.
  • 7)  Be wary of using your credit card or other sensitive information online with websites that are not well known. Always ensure that HTTPS/SSL encryption is used when performing any transaction that requires you to enter sensitive information including your username and password. Look for https on the URL and the padlock icon in the URL. To even be safer, one can click the padlock and ensure the site has a valid certificate (such as Verisign).
  • 8)  Enable every alert possible for transaction confirmations, password changes and other notifications. It is one of the best ways to keep on top of any unauthorized change in any online account. Pay attention to the options each site provides and enable as many as possible.
  • 9)  Be aware of email phishing scams where a hacker attempts to gather information about you such as your username, passwords, or credit card details by masquerading as a trustworthy entity. Avoid clicking on any suspicious links or providing any data about yourself. Always contact the entity directly using their published contact details to validate if it’s a legitimate request.

  1. On the subject of passwords & information security, this article emphasizes exactly what Vickie is talking about. http://mashable.com/2014/01/22/worst-passwords-2013