Recently, Australia’s Prime Minister addressed the issue of sustained cyber attacks on all levels of Government, as well as personal and business accounts across Australia. This isn’t “new” news, we can assume that information held by government departments will always be of interest to the more nefarious operators out there. But it is a positive reminder to us all to review our own online security practices.
We have all been guilty of re-using a password, or cycling through a few different ones and thinking we’re being suitably cryptic by using combinations of our family member’s names and birthdays. Since this source of inspiration is most likely available on Facebook, this is about as secure as locking up when you leave the house, and hanging your key on a hook next to the front door. With everything from our location data to our health records now stored online, our best defence against an opportunistic hack is having a few simple hygiene measures in place.
Run through this list and you’ll be miles ahead of the low-hanging fruit who are still using Password123 for everything including their Uber, the office Canva account and their personal LinkedIn. Hey, did you know that all of those companies have been compromised by major data breaches in recent years? Change your passwords.
Security Basics Checklist
1. Use long, strong and random passwords
No longer can you rely on “tricky” passwords like MyD0gSa11y or P@ssW0rd. With the sophisticated and powerful computer systems available to test and match passwords, if you’re relying on simplistic number/letter replacement, then you’re essentially securing your digital front door with a piece of cotton. It’s not going to cut it!
2. Never re-use passwords between accounts
One of the simplest methods for the ‘bad guys’ is to successfully crack into one of your accounts, then test that same email and password combination on every other web-based account associated with your email address. And they can do this in mere seconds with automated software!
3. Check to see if your email address has been included in any known data breaches
Companies are obligated to communicate data breaches in most countries. Data from those breaches is often made available on websites like haveibeenpwnd.com. By searching for your email address, you’ll be able to check if your accounts are among those involved in previous data breaches.
What do you do if your email address does show up on the list of breached accounts? Immediately change your password to a random, complex password. Enable 2-step authentication on that account as well, if supported.
4. Install a password manager across all your devices
We use and recommend LastPass. Other options include 1Password, or Keychain on Mac. When you’re running a business with the need for your team to have access to shared passwords, using a password manager becomes even more efficient (and secure). For example, we use Lastpass shared folders to store logins for our team, which means if one person changes the password on an account, it’s immediately available for everyone else who has access.
And, if you need to share logins with 3rd parties, you can securely do so. No more sharing passwords insecurely by email!
5. Enable 2-step authentication on all accounts where it’s available
You may already be familiar with 2-step, or 2-factor, authentication if you have a business banking account. Adding an extra “factor” to your login makes it much harder to break into your account if your username and password are known.
Common options for this are sending a code by text message or using a code generator app. If you’re already using LastPass, we recommend using LastPass Authenticator for the code generation app. This can be backed up securely to your LastPass account so if your phone is ever replaced (or stolen), you can easily restore your accounts.
6. Use updated Antivirus software (ensure it also includes anti-malware and anti-phishing)
AVG is a solid option for both Windows and Mac computers, and offers a free version that includes most of the basic protections needed.
7. Keep your computer and mobile software up to date
Online security is a rapidly-evolving dance between the good guys and the bad guys. The bad guys find a hole in the system, exploit it for a while, then the good guys find out and plug the hole. This goes on basically forever, with all of us stuck in the middle just trying to get on with our digital-enabled lives.
Whatever device or system you use, always keep it up to date with the latest updates. Combine those updated with a regular backup plan just in case something does break – not all updates are perfect so best to play it safe!
8. Install an ad-blocker for your web browser
Malware on websites is notorious for stealing your keystrokes or other sensitive information. While web browser companies do a great job keeping their software updated, it’s always a game of cat and mouse with the bad guys exploiting the holes, and the companies patching them. Rinse and repeat, forever! Here’s a great list of ad blocker extensions you can install for the Chrome browser.
9. Have a regular backup schedule, with more than one copy of your data
You may have heard the 3 rules of backup? They are 1) Backup, 2) Backup, and 3) Backup! When all else fails, your backups are all that is left between a compromised or failed computer system and days (weeks!) of misery as you mourn the loss of your data and hours upon hours of work.
We strongly recommend having a minimum of two separate hard disk backups for your computer, which you can rotate every week or two. Always keep one of them in a separate location – keep one at home and one at the office for example.
10. Turn on hard drive encryption
While preventing bad guys on the internet from stealing your stuff is important, physical security is something to consider as well. With many of us working from laptops and from home, office and cafe, the risk of having your devices stolen is very real. And with physical access to your device and time on their hands, your data is very much at risk.
Who is this for?
Consider these steps to be a good foundation which will help to protect your business and typical personal online accounts. Depending on the business you’re in and the kind of information you need to store for yourselves and your clients, you may need stronger measures than we have listed.
Save this checklist, share it with your colleagues and friends, and if you can run through the basics with your older friends and family members, it could do a world of good.