First Step - Freeze Your Credit!
If you are reading this, you have a device and internet access, which means you have credit. Any individual with credit is a target for identity theft. Identity thieves will open accounts using your identity, quickly spend as much they can, and leave you responsible for payment. It can take months for you to learn of the problem and the cost to recover - not to mention loss of access to existing funds - can be devastating.
Good news: There’s an easy way to protect yourself. Take 15 minutes to contact the major credit bureaus and freeze your credit so no new accounts can be opened using your identity. Here are links to the Security Freeze information pages for the major credit bureaus:
If you have time to savor a “Security Sandwich,” this article by Brian Krebs should hit the spot.
SWALSH, LLC
Worried you're not doing enough to protect your identity and assets? Security Snacks are self-contained recommendations that are desgned to be digested in less time than it takes to eat a bag of chips. And they're good for you!
Please share these Snacks with neighbors, friends and relatives who may not have the benefit of formal security and privacy training from their employers.
 | ||||||
SECURITY SNACKS!
Bite-Sized Security Nuggets - Satisfying and Handy
(not to mention, zero calories!)
Swalsh, LLC Gives Back
Swalsh, LLC is a proud volunteer for (ISC)2 Safe and Secure Online, providing free cybersecurity training to children and seniors within the communities we service. Click on the logo to learn more.
Second Step - Think Before You Click!
We are all alive because our ancestors were skeptical. For example, not all plants are safe to consume and therefore one should scrutinize plants before eating.
The same is true when it comes to cybersecurity. Think of your computer (or iPhone or iPad) as your cyber digestive system. Anything it “consumes” has the potential to cause problems.
A significant number of cybersecurity problems are the result of an individual clicking on a link or opening an attachment that enabled unauthorized access to that person’s system. Unauthorized access can eventually provide a thief with the ability to compromise not only the original user's identity and assets, but potentially that of friends and family.
Here is a simple recipe for CyberSecurity Skepticism:
1. Consider the Appearance
- If it looks/sounds too good to be true, it isn’t true.
- When you “Enter to win a free iPad,” unless you’re at a tech conference or company-sponsored event, it’s not real. Instead, your information is likely being collected to be sold or used for Social Engineering purposes. (More on Social Engineering in a future post!)
2. Consider the Source
- An email is like a prepared meal – someone else has created it for your consumption. Only open email from people you know and who are reputable “chefs” (i.e., they would have already followed the steps in this little Security Snack before they sent you the message.)
3. Consider the Ingredients
- Did they start the email the way they always do? (I.e., "Dear Bill" vs. "Hey Bill" vs. "What are you guys getting Sara for her birthday?")
- Did they use the words and phrases they usually use?
- Did they use punctuation and grammar as you would expect?
4. Consider the Dish
- Were you expecting it?
- Does it seem relevant to you?
- Is it something the sender would be likely to have sent?
When in doubt, contact the sender to verify their intent. Most chefs will appreciate the opportunity to elaborate on their creation, and will be grateful to know it is being consumed by those with discriminating tastes!
Not enough of a snack? Here's a quick example of a tempting email many could not resist. This one comes from another of my favorite sources, Sophos.
Third Step - Simple Password Recipe
Passwords are often your first line of defense. The more complicated they are, the more effective they are. However, the more complicated they are, the more difficult they are to remember. Unless you come up with an algorithm.
1. Pick a Phrase
I base my algorithm on songs.
- Pick a song that you don't mind going through your head. Or pick a poem that you know by heart.
- Pick a verse with at least 6 words in it.
- Use the first letter from each word as the characters in your password.
For example, you could pick Mary Had a Little Lamb: "mary had a little lamb its fleece was white as snow" becomes:
mhallifwwas
2. Substitute With Special Characters
That's good, but not good enough. Many web sites will require that you use uppercase letters, numbers, and special characters in your password. Use a combination that makes sense to you - and that you can remember! For example:
mh4lL!ifww4$
Or we could pick The Gettysburg Address, "four score and seven years ago our fathers brought forth" becomes:
4$a7yaOfb4
3. Customize For the Site or App
If you use the same password for every web site and/or application and one site is compromised, your information on other sites can also be accessed. Again, use a method that makes sense to you, and be consistent when you apply it.
For example, you could take the first word of the app or product and insert it in the middle of your phrase. In this case, if you were creating an account on Amazon.com, your password might be mh4lL!4m4zonifww4$ or 4$a7yaamazonOfb4. To make it shorter, you can choose to always (again, consistency will allow you to remember!) use only the first three letters, as in mh4lL!4m4ifww4$ or 4$a7yaamaOfb4.
SUMMARY:
Pick a phrase you can remember.
Pick consistent substitutions that make sense to you.
Use a unique password for each site or application.
Also, do not share your passwords, do not write down your passwords. If you select an effective algorithm, you should be able to remember them. And when all else fails, you can always select the "forgot my password" link on the web sites and applications if you do happen to forget.
Give it a try now! Create a strong password for your most important account.
Can't Stop at Just One
Password security is so good for us, we’re not going to limit ourselves to just one nugget so let’s take a quick break to nosh on another password-related Security Snack.
Variety is the Spice of Life
The most important thing after creating a strong password is to remember to change your passwords regularly. Mark your calendar, set up a recurring appointment in your smartphone, or just pick a date each month where you change the passwords to all your key accounts.
- Email credentials for millions of Yahoo, Gmail and Hotmail accounts were available hacker sites recently. Here’s a link to an article with details.
- It’s unrealistic to expect your providers to be perfect at preventing security breaches; we all have to share in the responsibility. Password management is your top responsibility.
- Pick a date-based algorithm to help you remember, and as long as you change your passwords regularly, you will be able to remember:
- For example, in Monday’s Snack we created the password 4$a7yaamaOfb4 for your Amazon account.
- We can append a date-based suffix to the end something like “Malb” where “Ma” is for May and “lb” is for 16. The result would be 4$a7yaamaOfb4Malb
Not only should you spice things up by changing your password frequently, but as I’ve mentioned previously, you should use a separate password for each account. Never use the same password for social media accounts as you do for your email, healthcare and financial accounts.
- Your email account is a hacker’s ticket to many other accounts. Think about all the “logins” you have where you use your email address as your password.
- If someone knows your email address and can guess your password on other sites where you have accounts, those other accounts can be compromised if you’re using a simple password.
Key Ingredients to Sweet Password Management
1. The longer the password, the harder it is for automated password hackers to “guess” it.
2. If your provider supports two-factor (or two-step) authentication use it!
- Gmail provides two-step authentication. More info here: https://www.google.com/landing/2step/
- Many banks also support two-step authentication. If you do online banking, ask your bank if they support it, and implement it if they do.
3. Use a unique password for each account (refer to my previous entry for tips on how to do that).
4. Change your password regularly.
