I want to call 2014 “The Year of Cyber Security.” I have talked about cyber security, safe computing, password changes, and protecting data in just about every meeting I have had with my clients throughout the past year. And just so you know, I have heard a lot of excuses why you don’t want to change your passwords. For the record, the number one reason I hear for not agreeing to change a password is that you won’t remember the new one. I get it, everyone has a lot of passwords to remember, but it is the number one security breach – passwords that are easy to hack!
It is only natural that I want to write this article about cyber security and best practices, but I don’t want you to glaze over when reading it. So, I thought it would be fun to put a little bit of a different spin on cyber security and put it in the context of New Year’s resolutions, plus it is my dream for you to have these IT New Year’s resolutions and implement them! If I could convince you to make just a few of these IT resolutions for 2015, your pc’s and network would be so much safer.
Here are my top 20 IT New Year’s resolutions for you for 2015. Repeat after me…
- I will change my password at least every ninety days.
- I will use at least a ten digit, strong, password made up of uppercase and lowercase letters, symbols, and numbers. I will stop using my name123 or the password I have had for years that everyone who has ever worked for me knows!
- I will not write my password on a post it note and stick it on my monitor for everyone to see!
- I will put a passcode on my smartphone, so it will automatically encrypt everything on the phone.
- I will label all of my devices with my name and a telephone number to call if found.
- I will not open email from unknown senders. If I get an email that is questionable, I will learn to look at the Microsoft Outlook Message Options to see the header and identity of the sender to help me determine if I should open it.
- I will not click on links or attachments within emails from unknown senders claiming that I need to read or verify something.
- I will not fall prey to fake phone calls from Microsoft Windows scammers claiming to need to do something remotely to my pc, so my Microsoft Windows will work.
- I will make sure that I have an up to date antivirus software license on all of my pc’s/laptops. (A paid for virusscan software license, like Symantec or McAfee, none of this free stuff.)
- I will apply all of the latest patches and updates for my pc on a regular basis. Many of them are security updates, which are really important.
- I will make sure that I have a backup in place to backup all of my data every night.
- I will verify that the backup is really working and check the data on the backup on a regular basis.
- I will take a backup off-site each day or have someone in the office take the backup off-site in the case of a disaster. If I don’t want to do this manually, I will use a cloud backup service.
- I will test a restore from the backup at least twice a year to make sure that the settings are correct all of my data is being backed up.
- I will not use just the standard modem/router that comes with Comcast or FIOS, or whatever internet carrier at my home or office. I will get a business class firewall to connect to the internet carrier modem/router.
- I will make the firewall admin password on the device a strong password. If I already have a firewall in place, I will check the admin password and make sure that it is not set to the default admin password.
- I will always print to pdf or scrub my documents so that all metadata is removed.
- I will use secure methods to communicate with my clients. I will not include personal information within the email message or on attachments.
- I will sign up for an email encryption service like AppRiver CipherPost Pro to send encrypted emails and attachments to my clients or use a secure file transfer service like Citrix ShareFile.
- I will educate my staff about safe computing and data security risks and make it a priority, because it is my client’s data and personal information that is at risk!
The very first step on the road to a safe computing environment is starting with a password policy. It is as simple as changing your password at least every ninety days, make them long and make them strong! I wish you a happy, secure, and safe computing New Year!