4 Security Things You Should Know

August 24, 2015

There is plenty of advice on how to secure your life. Given the recent Ashley Madison breach, I thought it was important to highlight 4 things everyone should know about security.

Don’t Use Your Work E-mail For Anything But Work

This comes up first not only because of the Ashley Madison connection but because it is often the least talked about of the recommendations I have.

Employers scan and store every message you send and receive. Best case scenario, you have personal emails that your employer is storing for 7 years “just in case” something happens. They can always go back to these should an unrelated issue arise.

Worst case scenario is that your regulatory agency has a concern and asks for all e-mails related to the Cromwell merger and your ex-girlfriend June Cromwell’s emails get sent to the agency as well. Here is a quick list of bad e-mail practices that have come back to haunt people:

  • SEC starts an investigation and they pull all e-mail related to a topic. A topic that was talked about in personal e-mails.
  • Someone sends out a Super Bowl pool and their e-mail gets pulled as pools are disallowed by the company. An HR violation is filed.
  • Two employees having a torrid relationship email each other eventually using profane language. The language gets pulled by filters for review. Employee is fired.

The list goes on. Just keep your work e-mail in your work account. Keep your personal e-mails in your personal account.

Use a Password Manager

The entire password ecosystem is broken. Forget password hashes getting stolen. People just create really bad passwords. I’ve seen great videos trying to teach people to create really complicated passwords they can remember. I have 574 sites in my password vault. There is no way I could remember 574 passwords.

The answer is to use a password manager. My recommended choice is Lastpass. My focus on recommending a password manager is easy of use. Lastpass is really easy to use, available on all platforms and makes the process of creating and using passwords easy for anyone to do.

They also have an automated password changing functionality where they can change old passwords automatically. (You can imagine how long it would take to change 20 passwords, no less 574.)

Patch, Now

I can’t comprehend the number of people I know who decline automatic updates. Kudos to Google for Chrome’s automated update process.

Here are a few update tips:

  • Always have the automated patch and update processes turned on.
  • Turn it on not only for the operating system but for any application that supports it as well.
  • The day it asks you if they can be applied (probably because it needs to reboot your computer) do it. And reboot your computer.
  • Uninstall software you don’t use.

The Internet Is Like a Postcard

I think the purpose of the Ashley Madison breach was to disclose that they weren’t actually deleting users when they said they were. We blame Ashley Madison. Truth is, the internet is like a postcard. It’s open for everyone to see. If Ashley Madison actually deleted the accounts, there are still fingerprints in old e-mails and other traces of data on your computer and the computers of others.

Assume anything you can do online can be seen by others. So when you send something in an e-mail, assume anyone can read it. When you create an account on a questionable website, assume everyone can see it.

In almost the same context, I have no encryption on my home wireless network. (What?) None. If you’re driving by the house, feel free to connect and surf. It continuously reminds me that anyone can see what I’m doing.