Protecting Files, Phones & Grandma – A Simple Security Tip Sheet
At first I thought it was a joke for my brother to offer me a ransom to retrieve his phone. As it turned out, everyone in his contact list received the ransom texts and calls – because my brother’s phone had been stolen. In rectifying the stolen phone, local police said they were dealing with a few of these same phone ransoms a week. What stung the most was that my brother could have set up a few security steps at the start to prevent the whole situation.
The story reminded me of something we lose sight of in data security, at organizations large and small. People are at the cornerstone of protecting data. I wanted to pass along some of the advice I’ve been sharing on a recent media tour (and on the latest episode of our security show, “Thieves, Snoops & Idiots”).
Not All Hacks are the Same:While compromised cars and baby monitors can grab headlines when it comes to personal security, they really boil down to the same problems of connected access. When you buy that baby monitor or WiFi device, change the factory default password. When you get that new smartphone – or new connected watch, even – take the time at the start to set up simple features like PIN access and two-factor approvals.
Dial Up Better Protection: My brother’s phone had settings for remote “wipes”, remote locking and location. Like a lot of people, he didn’t know how easy they were to set up. Depending on your operating system, you can quickly set up these features on smartphones and devices via iCloud or Android. These steps may seem like a pain to set up, but think of them like insurance should the worst case scenario happen with your phone. Bonus tip – if you have kids or other people using your phone, and you want to limit their browsing and access, iOS users can try these steps. Under “Settings”, click “General” and then “Accessibility”. Here, you’ll see a feature called “Guided Access”, which keeps a user on one app, like a game for instance. It also keeps your phone from any unwanted sites, purchases, etc.
Don’t Worry About Passwords: You could drive yourself nuts trying to juggle 20 passwords and you still may not be secure. What I like to use are free browser services that automatically provide long, random passwords – and take the memory test out of accessing your email, social networks and payment systems. For good examples of these services, check out LastPass or One Password.
Encrypt What’s Important: How do you know what digital documents to protect? Anything with “PII”, or personally identifiable information, should get an extra layer of attention. Here, I’m thinking things like tax forms and health care information. The most secure way to lock down that information is through encryption. Yeah, easy for an encryption company to push encryption. What’s most important is that you find encryption which is easy and well-vetted. Check for features like AES-256 and asymmetric keys to get the strongest protection.
Big companies and most governments haven’t shown a great level of responsibility when it comes to protecting our data. It’s increasingly up to us to take steps to stay safe.