Leadership Mentoring and Security Consulting
Collaborating Securely: Protecting Your Community and Yourself
I had the privilege of presenting Collaborating Securely: Protecting Your Community and Yourself to a room full of community leaders from the Society for Technical Communication.
My Shockproofing Your Use of Social Media: 10 Things You Should Know eBook is now available on Kindle!
For those of you who have attended one of my Lightning Talks about Internet Safety, this book fleshes out my recommendations for keeping safe online.
Please consider buying a copy. You’re welcome to lend your copy out and the book is also available from the Kindle Owners Lending Library and Kindle Unlimited.
If you read it, please leave a review!
If you’re interested, Nick Francesco and I are authoring a series of Your Guru Guides on computing-related subjects. (Search on Amazon
I’ve partnered with Hannah Morgan (careersherpa.net, @careersherpa) to produce our Bulletproofing Your Career Online workshop. We’ve presented Bulletproofing Your Career Online at regional and international conferences in 2012. We’re privileged to provide the keynote at STCPMC13, the annual Society for Technical Communication Philadelphia Metro Chapter’s Mid Atlantic Technical Communication Conference at the Giant Conference Center in Willow Grove, PA on Friday, March 8, 2013, followed up with the workshop the morning of Saturday, March 9, 2013.
We’re interested in procuring other speaking engagements and workshop opportunities. As you may have read in the Infosec Communicator blog, I’m passionate about being safe online. Hannah specializes in Online Reputation Management and is a career consultant.
We invite you to visit our Bulletproofing Your Career Online webpage to learn more about how we think you can leverage social media for your career safely AND effectively. Please like our Facebook page and follow us on Twitter @SherpaAndGuru
Let’s be honest. Passwords are a pain. We all know that it’s important to have different passwords for different places and we all know that they need to be fairly complex. We also know that remembering numerous passwords, especially strong passwords, can be a challenge. So what’s the best strategy?
In this article, I’ll talk about how to create memorable (but strong) passwords and suggest a tool that will make constructing and remembering strong passwords easier.
In general, the strength of a password depends on two factors: length and complexity. Although there’s some disagreement, length is more important than complexity. (For a humorous illustration of password complexity, read the XKCD comic at https://xkcd.com/936/)
Increased complexity makes it more difficult to create a password that you can remember. The idea of a long complex password may be overwhelming. However, increasing password length alone can result in a password that’s memorable and stronger. Because of the way Windows stores some passwords, the “magic number” is 15 characters or more. A traditional complex password of 15 characters might look like this: “qV0m$$#owc2h0X5”. I don’t know about you, but there’s no way I’m going to remember a password like that. You COULD write it down and store it securely, but it’s not the easiest password to enter on a keyboard, and storing passwords in a browser or in a desktop application is insecure.
Here are a couple of strategies for strong passwords.
Did you know you’re a target every time you go online? Did you know that cyber criminals are targeting social networking sites? Do you know how to recognize a phishing attempt? Following these tips will help make your use of social networking sites safer. (Unfortunately, there’s no way to guarantee that you can use them safely.)
It’s important to use strong passwords because automated “cracking” programs can break weak passwords in minutes. At a minimum, you should use 8 characters (preferably 15 or more), mixing upper and lower case letters and numbers. Many websites also allow the use of longer passwords and special characters. Incorporating special characters into your password will make them more difficult to crack. You’ll also want to use different passwords on different accounts. Using a password safe such as LastPass will help you manage these passwords by generating strong passwords and then supplying them when needed.
Attackers take advantage of vulnerabilities in software to place malware on your computers. Keeping up to date with patches/updates helps thwart attackers from using “exploits” to attack known vulnerabilities. It’s important to keep both your Operating System (Windows, Mac OS, linux, etc.) and your applications (Microsoft Office, Adobe, QuickTime) patched.
It’s a good practice to follow the requirements of the RIT Desktop and Portable Computer Security Standard on personally-owned computers. Among other elements, the standard requires use of a firewall, antivirus, and anti-spyware programs. Many security suites contain all of the elements needed to protect your computer. (Your Internet Service Provider may also provide security software.)
You’ve all seen phishing attacks. They’re typically emails that appear to come from a financial institution that ask you to verify information by providing your username and password. Never respond to these requests. Your financial institution should not need your password.
Don’t post personal information (contact info, class schedule, residence, etc.) A talented hacker can see this, even if you’ve restricted your privacy settings! Don’t post potentially embarrassing or compromising photos. Be aware of what photos you’re being “tagged” in—don’t hesitate to ask others to remove photographs of you from their pages.
Did you know that most employers “Google” prospective employees? Have you seen the stories of people’s homes being burglarized because they’ve posted their vacation plans online? Many people other than your friends use these sites.
You can’t really tell who’s using a social network account. If you use Facebook, you’ve certainly seen posts by your “friends” whose accounts have been compromised. Don’t feel like you have to accept every friend request, especially if you don’t know the person.
Have you ever done a “vanity search?” Put your name in a search engine and see what it finds. Did you know that Google allows you to set up an Alert that will monitor when your name appears online? Setting this up with daily notifications will help you see where your name appears.
Identity thieves can put together information you share to develop a profile to help them impersonate you. Be especially careful of Facebook applications. They may collect information that they sell to marketing companies or their databases could be compromised. Do they really need the information they’re requesting?
Default settings in most social networks are set to sharing all information. Adjust the social network’s privacy settings to help protect your identity. Show “limited friends” a cut-down version of your profile. Choose the strongest privacy settings and then “open” them only if needed.
Add me to your circle on Google+
