In 2015, I resolve to:
- Back up my data – this means your work product, pictures, music and any other irreplaceable files stored on your hard drive. Backup once to an external drive attached to your computer, and a second time to an online service such as our recommended solution, Carbonite.
- Create longer and complex passwords (10 characters or more). Long passwords take more time to crack using brute force methods. A 7 character password can generally be cracked in a day using automated tools, a 10 character password will take decades, a 12 character password will take centuries.
- Stop sharing the same password with multiple sites. Use a password generator such as RoboForm or KeePass, or develop a system that uses the same base password but adds 2-3 unique characters for each site.
- Use two factor authentication wherever it is available.
- Set up my password recovery information for my email account and other important accounts
- Never click on a link or attachment in an email without verifying the contents with the sender, or by analyzing them with a service like VirusTotal.
- Make sure my Internet Security software is set up to run daily full system scans to find and remove malware early before it can become worse.
- When downloading or updating applications from the web, beware of free “hitchhiker” programs and unnecessary toolbars. Unchecking the selection will prevent it from installing. Understand that someone pays for “free” applications and games, and free apps are usually advertising supported, which can lead to undesirable search engine and home page changes to Internet Explorer, Chrome and Firefox web browsers.
- Seek professional help. When things start to go wrong, call for help. Things are not going to “clear up” on their own. Waiting does not improve the situation, and just gives the bad guys more time to install more malware on your computer.
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com