How to Sign In
Cengage Technology & Computing Blog
cancel
Showing results for 
Search instead for 
Did you mean: 
X
Bad New Year's Security Resolutions
Mentor
92 Views
0 Comments

Bad New Year's Security Resolutions

[Reading Time - 3 minutes 13 seconds]

 

It's that time of year again: time for those annual New Year's resolutions. The online, TV, and print media are full of suggestions on how to tackle the usual resolutions to lose weight, work out at the gym daily, and save more money. But there are also a growing number of "cybersecurity New Year's resolutions" making the rounds as well. Unfortunately, many of these resolutions are, well, just plain wrong--and some make no sense at all.

 

Here are a few bad security New Year's resolutions that you should NOT do in 2019:

 

1. 'Change the WiFi password from the default, something like BJ6*&!L8HVZJF7, to something humans can remember.' Wrong. Remember this:

 

If you can remember a password, then by definition it is a weak password.

 

Passwords should be something that are long, complicated, and unique so that you CANNOT remember them. Don't rely on your memory to store passwords; instead, use a password manager. And actually, BJ6*&!L8HVZJF7 is not a bad password, if it was longer.

 

2. 'Back up the computer by syncing the files to an external hard drive a couple of times a year.' A computer should be backed up, but only "a couple of times a year" is a wrong resolution. Suppose you back up on January 1 and July 1. But on June 30 your hard drive dies. You will then have lost everything you have done for the last six months. Data backups are essential and can protect against hardware malfunctions, user error, software corruption, and natural disasters. They can also protect against cyberattacks because they can restore infected computers to their properly functioning state.

 

Online backup services (such as Backblaze, Carbonite and iDrive) use special software on the computer to monitor what files have changed or have been created; these are then automatically uploaded to a cloud server. Because these backups are performed automatically and stored at a remote location these online backup services provide the highest degree of protection to most users. However, there are sometimes situations when an online backup service may not be the right choice, such as when only a slow Internet connection is available. In that case you can perform your own backup from the hard drive to another medium and then store that medium in a remote location. Modern operating systems can perform these backups, and third-party software is also available. Whichever you choose, just be sure to backup your computer regularly--far more often than a couple of times a year!

 

3. 'Update everybody's phones, including the apps, operating systems, everything.' This is not really necessary. Unlike personal computers, our phones are designed to leave the human out of the update cycle: they mostly update themselves without asking us. But it's not a bad idea to check your phone to make sure it's configured for all automatic updates.

 

4. 'Never, ever, ever use public (unsecured) Wi-Fi such as the Wi-Fi in a café, hotel or airport. To remain anonymous and secure on the Internet, invest in a Virtual Private Network account, but remember, the bad guys are very smart, so by the time this column runs, they may have figured out a way to hack into a VPN.' This advice is much like telling everyone to only eat fruits and vegetables in order to stay healthy. Good advice, but not really practical advice. It's pretty hard to avoid ever using a public Wi-Fi. Using a Virtual Private Network (VPN) is a good solution to protect your transmissions. And however smart the "bad guys" are, they have not cracked VPNs.

 

5. 'Create hard-to-crack 12-character passwords. Whenever possible, use a “passphrase” as your answer to account security questions – such as "Youllneverguessmybrotherinlawsmiddlename." ' Wrong on both counts. Passwords should be over 20 characters to be secure; a 12-character password can rather easily be broken (depending on how it is composed). And instead of using a passphrase as the answer to a security question, create a random set of characters (like 4eG5tt+?@/PxPna8Z8ZE) as the answer to the security question, and store it in your password manager.

 

6. 'Never plug your devices (mobile phone, tablet and/or laptop) into an electrical outlet in an airport. Doing so will make you more susceptible to being hacked. Instead, travel with an external battery charger to keep your devices charged.' The way this resolution is stated is impossible. There is something called powerline (PL) technology (HomePlug is one common product based on PL) that can use the electrical lines to transmit network data. However, it requires that the receiving computer be plugged not into the electrical outlet for its data but instead the computer is plugged into a special PL device using an Ethernet network cable. The computer does not receive data directly from an electrical outlet. So, an attacker being able to use the electrical infrastructure to send malware to your computer is again wrong. Forget this resolution.