New Year, New (Cyber) Me

People typically use the dawn of the new year to shed the old habits that have crept up through the year and spawn new, better, and hopefully healthier habits. Do not limit yourself to just physical goals! The new year poses an excellent chance to take a good look at your cyber hygiene and pick one or two things that might give you some additional protection. Here are some tips that might get you started

1. Password Health Day


Every year I take one day to go through all my passwords and change them. Using a password manager can alleviate this since it automates some of the process, and some managers have scripts to change passwords on common sites as well! However, if you store your passwords on a protected excel document or online password manager you still need to rotate your passwords every once in a while. I take the New Year as a marker to run LastPass’ Security Challenge and make sure I haven’t been reusing any old passwords. Having strong, unique passwords for sites cannot be understated in protecting against credential reuse and brute force attacks.

2. Looking at Website and App[lication] Permissions


Over the course of a few years app permissions can quickly build up as you gain new devices and decommission older ones. Take this opportunity to review all the apps that you have given permission to your personal information and review if these apps still need access. Furthermore, you may want to see if some permissions with finer granularity have emerged more recently. For example, in the early days of Android privilege was primarily grant/deny to large portions of your phone but newer versions contain finer grained controls over specific system functions which have been delineated over time due to developer needs.

3. Uninstalling Services and Software You no Longer Need


Hard drives have become so large that we do not consider the older programs that still take up some space (and sometimes are running in the background unnoticed). Go through all your installed software and figure out if you still need to be running DropBox in the background from that college project you had in 2010. Do you have any software that you installed for a single purpose years ago that you are no longer using? Go through and remove unnecessary clutter and improve your security in the process. Older software may not be updated and may contain security vulnerabilities. If you couple that with required network access, or open ports, for the program you could have a recipe for disaster.

4. Updating all your devices


(Credit Martin Schroder on Flickr)
Having you been putting off installing that iOS or Android update? Many people do not check regularly for device firmware updates since manufacturers do not send push notifications. Make sure you check for updates for all your Internet of Things devices, printers, networking routers, and other oft forgotten items. This will greatly increase the security of the devices and put patches in place to refine or improve functionality. This may be a tricky task since firmware update pages are notoriously tricky to navigate but persist and it will pay off!

5. Considering MFA


source: wikimedia
More and more companies are providing multi-factor authentication which allows users to supplement their login credentials with another form of verification. The sites and applications that allow this fluctuate, as new functionality becomes available within their platforms. So, an annual check to see if your app now provides this may be worthwhile. Most popular email, financial, and social media platforms support this feature and you can use a free app, such as Google Authenticator or LastPass Authenticator, to use this on your accounts. You will need to enable the two(multi) factor authentication on the service and then you will be prompted for a pseudo-random, time-based code every time you log on from an unrecognized device. This additional security measure can offer protection against unauthorized access to your account from credential reuse or brute force password attacks.

I hope these five tips give you a starting point for starting your year off securely! These are little changes that can have a big impact overall towards creating a more secure presence both on and offline.

Authored by: Roland Varriale