Go Wash Your Hands; Cyber Security

Wash your hands!!

That is a familiar refrain offered to children from parents for a long time. We have a friend with two children and I still remember this common exchange:

Mother (to children): Did you wash your hands?

Children: Yes

Mother: With soap?

Children: OK, we will

We can appreciate the wisdom in that when it comes to preventing illness. One of the most common ways to prevent the spread of numerous illnesses is to wash; soap helps but even a plain water wash will do some good.

When it comes to computers and networks, hygiene is important as well. Cyber hygiene seems to be a little more difficult to get universally adopted, perhaps because it isn’t quite as simple as washing with soap. For example the New York State website has some things to do to be cyber hygenic:

Count:            Know what’s connected to your network
Configure:      Implement key security settings to help protect your system
Control:          Limit and manage those who have administrative privileges to change,
bypass, or override your security settings
Patch:             Regularly update all applications, software, and operating systems
Repeat:           Regularize to form a solid foundation of cyber security for your organization

There is a link there that should take you to the Cyber Hygiene Pledge at the Center for Internet Security. However, it seems to be broken and a search of cisecurity.org fails to find anything. Apparently there are no mothers in charge of that phase of hygiene.

If you go here, you will see a list of recommendations from the Secret Service. Published in 2016, it is still quite valid; long, complex passwords with different ones for each account, patching your systems, current AV, scrutinizing carefully all email attachments, and backups. There are also some ideas for securing Point-of-Sale (POS) devices.

Let’s look a little at the password issue. Yes, it is much easier to use one password everywhere. If you are wondering about the chances of your password being compromised, head over here. This website has just under 5 BILLION email addresses that have been compromised. If you put in your email address the site will let you know if that address is in the database and if it is, what breach exposed it. The way things have gone in the last year or two, chances are high you will find your address there. If you only used one password for lots of accounts, the bad guys have your other accounts as well.

“But I have a LOT of online accounts. That’s a lot of passwords to remember”. To that I say, ‘Use a password manager, then you just need to remember one’. There are lot of them out there, some free, some in the cloud (personally not for me. What happens if they get breached?). I have 258 entries in my manager. I have passwords for network items (router, etc) as well as online accounts. I can have it generate random complex passwords for me and the copy paste function allows me to forget the passwords, except for the one that opens the safe.

If you want to see what a difference the length of a password makes head over to this site. You can put in a password and get an idea of how long it would take for a bad guy to break it. Keep in mind if you put “password” in it will show almost 7 years for an online attack to be successful. This assumes that the bad guy is just doing a random sequence search, not using a dictionary of common passwords. (In that dictionary 12345, 123456, and password and its variants are near the top and would be tried first). What it does show is the dramatic increase in how much work it takes to break a password as length increases. Hence the value of a different password for each account. If one account is breached and your password is cracked, no other accounts are at risk.

Just as physical hygiene involves more than just washing your hands, cyber hygiene is more than passwords. It involves caution when posting personal information on social media. It involves knowing what to look for to identify dangerous spam emails. It involves securing your home networks. It involves understanding the risks of the internet connected devices (baby monitor, door bell, door locks, refrigerators, etc.) in your house. It involves care in choosing the source of software for your phone and computer. And it involves being an educated user when it comes to computers. If you need the education, get connected to someone who can make sure you know how to ‘wash your hands’.  Ashton provides cyber security training sessions throughout the year, and we’d be happy to set one up for you.  Give us a call at 216 397-4080 to learn more.