Personal Corporate Identity
Be more knowledgeable.
Access to company information resources is a privilege. Each company has their own policy on rights and responsibilities that come with that privilege. Consider access to information resources much like driving a car on a public road: requires a bit of learning, some practice, a license, and comes with penalties for mistakes. In the least, store all of your credentials securely and how to update them, understand systems critical to you and how to use them effectively, and learn the basics through security awareness training.
Recommendation: |
Adopt a security-first mindset and integrate it into your use of information systems. Make sure you know how to use and change your most important credentials. Understand your company's authentication systems. Follow the recommendations in this guide. |
Use Unique Passwords for Every Login.
One of the easiest ways hackers steal information is by getting a batch of username and password combinations from one source and trying those same combinations elsewhere. For example, let's say hackers got your username and password by hacking an email provider. They might try to log into banking sites or major online stores using the same username and password combination. The single best way to prevent one data breach from having a domino effect is to use a strong, unique password for every single online account you have.
Creating a unique and strong password for every account is tough. Some of us choose personal algorithms that work, sort of. Eventually though, you realize that the task is much bigger and that you need a tool called a password manager. When you use a password manager, the only password you need to remember is the master password that locks the password manager itself. When unlocked, the password manager can access your vault.
Recommendation: |
Commit to using a password vault well. This means doing the training, learn about the functions, and invest your time and energy up-front so that it can help you stay safe long-term. Check out 1Password (https://1password.com) for its solo, family, and business features. |
Use Multi-Factor Authentication.
Multi-factor authentication can be a pain, but it absolutely makes your accounts more secure. Multi-factor authentication verifies your identity using at least two different forms of authentication: something you own and something physical. Something you know is usually your credentials. Something you have could be your mobile phone's text messaging.
Recommendation: |
Look to see if every services you use offers MFA and turn it on. Gmail, Office365, Evernote, and Dropbox are a few examples of online services that offer two-factor authentication. You might be asked to enter a code sent via text, or tap a confirmation button on a mobile app. Consider Authy as your default MFA client in-lieu of text messages (https://authy.com/). |
Change these internet browser settings.
Your browser, such as Chrome, is a huge vulnerability. It is the gateway to all software-as-a-service applications and it has a few default settings that will likely get you in trouble. Password capabilities within browsers are convenient, but you are unlikely to invest enough time and effort to maintain them resulting in a breach one day. Notifications are commonly exploited by websites to send malware/adware to your system. Extensions are easily added and can expose your entire life to a malicious third-party.
Recommendation: |
Disable notifications and features that save passwords or automatically fill form data. Manage (review and monitor) extensions manually every few weeks. |
Get a VPN and use it when on the go.
Any time you connect to the Internet using a Wi-Fi network that you don't know, you should use a virtual private network, or VPN, to secure your connection to data. Say you go to a coffee shop; it is possible that someone else on that network to compromise your connection by exploiting the link. A VPN encrypts your internet traffic, routing it through a server owned by the VPN company. That means nobody, not even the owner of the free Wi-Fi network, can snoop on your data.
Recommendation: |
Self-hosted OpenVPN solutions within Amazon Web Services. They are completely private, inexpensive, and functional. If you have Meraki firewalls, you can leverage that VPN technology. However, for the less technically inclined, you can use NordVPN (https://nordvpn.com/) quickly and effectively. |
Always use passcodes.
Apply a passcode lock wherever available, even if it's optional. Think of all the personal data and connections on your smartphone. Going without a passcode lock is unthinkable.
Many smartphones offer a four-digit PIN by default. Don't settle for that. Use biometric authentication when available, and set a strong passcode, not a stupid four-digit PIN. Remember, even when you use Touch ID or equivalent, you can still authenticate with the passcode, so it needs to be strong.
Recommendation: |
Modern iOS devices offer a six-digit option; ignore it. Go to Settings > Touch ID & Passcode and select Change Passcode (or Add Passcode if you don't have one). Enter your old passcode, if needed. On the screen to enter the new code, choose Custom Alphanumeric Code. Enter a strong password, then record it as a secure note in your password manager. |
Don't Fall Prey to Phishing and Clickbait.
Part of securing your online life is being smart about what you click. Clickbait doesn't just refer to cat compilation videos and catchy headlines. It can also comprise links in email, messaging apps, and on Facebook. Phishing links masquerade as secure websites, hoping to trick you into giving them your credentials. Drive-by download pages can cause malware to automatically download and infect your device.
Recommendation: |
The reason phishing and hijacking is so successful is because it exploits trust. You may trust your e-mail system, the appearance of a something on your screen, or the sender. Don't. |
Protect your social-media privacy.
This is a broad topic that is outside our scope, but know all social-media exists to collect and sell data. While the intent is to build consumer patterns, the systems know more about you than often we know about ourselves. While FaceBook and TikTok are all the news today, don't forget that Target knew women were pregnant before they did. This one is on you, but think seriously about the risks and rewards.