A Balancing Act Between Security & Convenience
(Disclaimer: this is a NERD’s rant, with must-follow-guidelines at the end. You can skip the rant by clicking here. If you really need to!)
Technology is awesome. And convenient – I can sit behind my computer and communicate with friends and clients – click here or there, and I can take over their computers and assist them with all their tech problems. Email, WhatsApp, VoIP – whatever your preference, reaching anyone worldwide is simply another button press away. Facebook and Instagram will make you feel you were there for that party whenever/wherever. On Twitter/X you can take part in global conversations, or simply lurk in the comments. Stream music in the background, or maybe not-so-in-the-background YouTube videos? Check!
Our lives are a web of connections – a torrent of communication in an ever-changing landscape of technology. But in the chaos, most of us miss the risks involved with our convenient and interconnected existence.
Signed in with Gmail or Facebook on Spotify? Somewhere else?
One password for everything? Using password1234? Your dog’s name? Your girlfriend’s birth date? What about having your browser remember your bank account login details? Sounds familiar? …and convenient, right?
…but everyone who supply these oh-so-handy services, their associates, the advertisers, stalkers, and hackers – they all wring their hands in glee – because they can make money from us.
The legitimate companies will do it by selling your data, targeting you with customized temptations, while the dark side of the internet’s denizens will steal and manipulate.
You have nothing anyone would ever want; I hear you say?
Think again. From stealing your identity, accessing your credit card details on Takealot, blackmailing you with those indiscreet late-night photos, using your computer’s resources to launch an attack on some else, or gaining access to your company’s network – you have more to lose than you realize.
That little rant brings me to the question – how do you balance the convenience with a responsible digital security strategy? Because none of us can remember a 32-character alpha-numeric password for every site or service we signed up for!
It is all about risk management, since if you are connected in any way to the internet (no, it does not matter that you do not go to dodgy sites!), you will always be exposed to some risk. Okay, so here are a few best practice steps to follow, that isn’t too much of a hassle, but that will reduce your digital risk tremendously.
Passwords
Use unique, 32-character alphanumeric generated passwords. Yes, an individual one for every service. That way, if the service’s server gets breached in the future, not all of your other accounts are compromised by reused passwords. And how do you remember all 9000 passwords? You don’t – you use a password manager!
Password managers
Use one. Seriously. Having an encrypted list of passwords, which you can then copy & paste is the trick to having unique passwords. Two basic solutions are BitWarden’s free tier password manager, the other option is to use Microsoft’s Vault in OneDrive together with some old school text files – easy copy & paste!
2-Factor Authentication (2FA)
2FA uses an encrypted service to provide you with a time sensitive one-time-pin (OTP) that you use in conjunction with your password. Accounts protected with 2FA can prevent more than 93% of illegal access attempts. That is simply because the hackers require something you have (OTP via token or app), together with the compromised password.
2FA is the simplest and most influential method to secure your services or accounts. Start with securing your password manager with 2FA! Personally, I use Twilio’s Authy – give it a try.
Browsers…
NEVER have your browser save your passwords. Your browser is a massive weak point in your digital security. Accessing your passwords stored in the browser is very easy – either by taking over the browser completely, accessing it via cookies, or running malicious code from the temporary system folders – after email phishing it is one of the major reasons accounts are compromised.
No, nobody is going to give you thousands of Rands after you sent them a fifty… And no, you don’t have a mystery uncle that died and left you rich… Sorry to burst your bubble.
Learn to recognize phishing emails. Don’t click on links in emails. Don’t open attachments from strangers. If you do, you could have simply taken those free sweets from the strange man with his combi-camper!
Antivirus
Viral code date back to the old DOS days, when the primary infection vector was those large floppy disks… Symantec’s acquisition of Peter Norton’s famous utilities launched the iconic Norton’s brand that was synonymous to the word antivirus the world over for years to come.
Security software came a very long way since those days. And it will continue to evolve, as our tech gets smarter and faster. Currently you get AI-in-the-cloud analysis, process intrusion prevention, and a list of acronyms growing nearly at the speed of light.
Bottomline? Get a modern antivirus, antimalware, cyber security – you name it – but get the latest. As a company we use, and have tested, a few of the major (and even not so major) providers, and there is a solution to fit everyone’s budget and requirements.
Conclusion
Well, there you have the basics. There are much more technical aspects to ensuring your digital safety, but unless you run a business, or operate in a high risk or exposure environment, following these basics will drastically cut your risk profile. If you do require a bit more than the average, let me know and I will gladly advise you.