Three Steps to Basic Internet Security

I’m going back to the basics this week and focusing on the essential steps we recommend for securing all internet-connected devices and apps. These can include your LinkedIn profile, smart lightbulbs, laptops, desktops, mobile devices, apps, and Internet of Things devices. 

3. Use Multi-Factor Authentication (MFA)

When accessing systems, a single way of getting into a system is a single authentication factor. These factors can include swiping a magnetic card, entering a password or code you remember, confirming the access attempt in an authenticator app, accessing a confirmation text, call, or email, presenting identification, using a fingerprint or facial recognition, and more. 

Wherever MFA is offered, you should opt into it. If your workplace has been sending you prompts asking for you to set up MFA, you should complete those prompts and install the app or provide a phone number for that process. 

This helps to keep your account secure even if the other two basic steps haven’t been followed completely, and it protects you from many threats. 

2. Practice Good Password Hygiene 

Every single password that you use anywhere should be complex and unique to that system. 

Using passwords that are simple rather than complex, such as 1234, password, or welcome, means your password will be very easy for others to guess. 

Using passwords that are repeated rather than unique (or repeated with variations, like MyStrongPasswordForLinkedIn, MyStrongPasswordForMyBank, and MyStrongPasswordForWorkEmail) means that if any one organization’s password management system is broken and your password to that system is leaked publicly, it will be easy for any criminal who reads the leaked information to guess your password on many other systems. 

You can see if any of your accounts have been part of password leaks on https://haveibeenpwned.com/, a website run by computer security researchers. 

Since remembering dozens or hundreds of complex and unique passwords is nearly impossible for most people, passwords should be stored in a reputable password manager. Reputable third-party tools such as Bitwarden, KeePass, and 1Password may be slightly more complex to set up and learn, but they are accessible on a wider variety of platforms than using the built-in tools that are parts of Microsoft Edge, Google Chrome, and Apple iCloud Keychain. 

Password managers that have not been through security audits and are not produced by large, well-established businesses should not be considered reputable and shouldn’t be used. 

1. Take Updates

The vast, vast majority of Internet attacks rely on attacking devices through known exploits or vulnerabilities that have already been publicly disclosing by software and/or hardware manufacturers. Shortly before openly disclosing these weaknesses, virtually all organizations release patches or updates that protect users from the security problems. 

We all regularly get notices from our apps and devices that tell us updates are available. These notices usually tell us that the update needs to be installed, needs to be downloaded and installed, or needs to have the device rebooted to finish applying the change. When you receive these notices, you should take the actions they request as soon as possible. 

This can be disruptive to one’s work, but it really is the number one most vital task you should be doing at home every month to protect your Internet-connected systems from attacks. If your devices are no longer capable of getting updates from your manufacturers, it is time to seriously consider an upgrade. 

These are just the essentials. We’ll need to help you go beyond these three steps in a number of situations, including if you are running a sensitive system like payment processing or if you are being targeted by a stalker or other motivated threat actor. 

For more assistance and information about securing your resources online, reach out to Deep Core Data today.