Staying Safe On-Line in 2017

Regarding smoke detectors in your home, “they” say you should change the batteries in these devices when the time changes every year (for those in the east coast at least). I alway use the mnemonic of “Spring forward, fall back” else I would forget. At any rate, we should use January 28th, Data Privacy Day to do a bit of house cleaning to prepare the upcoming year.

I listen to a podcast (Mac Power Users) and they suggested to create a list of recurring charges with services such as Dropbox, AppleMusic etc. I have adjusted this to include Information security as well. Sometimes, we lose track of where our data lives. It is paramount to understand where and who houses our data. At a minimum, you should monitor breach reports to see if your data is at risk.

1. Go through your on-line accounts including social media and make sure the security settings are still where you want them to be. A good idea is to set up a fake Facebook or other social media account with a fake name. Then use that account to view your real account on that social media site. This will give you what the average “non-friend” is seeing on your profile(s). Also check what apps are using that data. I had old iPhones that were still authorized on some accounts which you should remove.

2. Change Passwords. I did a blog a few months back about InfoSec Hygiene, I would recommend you take a look at it. You should change passwords that have not been used for some time. Ensure that the passwords meet a complex pattern and length.

3. Disable/Cancel Online accounts that are no longer needed. I had a Conferencing App that allowed me to have audio conferences. I no longer use it, however the account had remained opened. These accounts should be disabled.

4. Clean out old data stored in your Dropbox, GoogleDrive, OneDrive and similar systems. Many people store old tax returns, bank statements, and the like on their online-storage systems. You should go through these systems and if you have sensitive data, consider encrypting the data and password protecting it if it is necessary to keep it. If not, secure delete the files. This gives you an opportunity to do some “winter cleaning”. It can also save you from space constraints where you would normally have to buy more storage.

5. Dealing with Internet-of-Things. At my house, I bought a Vizio TV for my bedroom. I connected it to the WiFi and started to log its connections. I was mortified at the different countries this thing was connecting to. My TV is a Social Butterfly. I promptly created a hidden SSID for it alone. The TV is no isolated from all other devices. Once I did that, I decided to create separate SSID for most other devices that are not my printers, scanners, etc shared by family. My Nest, Samsung TV, Vizio TV, and other IoT devices are live in their own little SSID world. If you do not want to get down to that level, then at a minimum, create a separate SSID for TVs, Home automation.

NOT CYBER RELATED BUT………
Another thing I recommend is when using physical location security alarm monitoring, you should set up a dual-authentication method with you provider. I had my monitoring company call me one day and tell me that the silent alarm had gone off and “what is your password”. I asked them how could I make sure it was them. I told them I would hang up and call back to the number I knew was theirs. They said they would need to dispatch the police. I told them “go ahead, we are solving this issue today” After identifying myself to police, I called my monitoring company back and told them that when they ask me for the password, they themselves would need to authenticate themselves with a password, before I gave them mine. I told them that if we just gave them the password, to dispatch the police since that would not be standard operating procedure.