Practical Advice for Securing Internet Accounts
Practical Advice for Securing Internet Accounts
Computer Security is a huge area and topic now. It’s now common place to see various high impact hacks and breaches covered by national news and Security has also been heavily dramatized in TV and Film over the last few decades.
What has changed dramatically is that years back, networks were slower, people weren’t always online, and most operations happened on your own computer.
In the past, if you’d managed to do a reasonable job of securing your computer, life shouldn’t be too complicated. At a simple level, you could install a good Anti-Virus program on, run windows updates and as long as you installed software from trusted publishers, generally things wouldn’t get “too” bad. Fast forward to 2018 and now things aren’t just on your home computer anymore. Everything lives on a mixture of the Clouds. Your phone and computers are really just a means to accessing Cloud Services. Fewer programs and applications are storing data locally on your computer, more are work and personal things are done via a web browser.
The advantage of this is that you can more or less replace your device with a new device and fairly quickly get back to where you were previously – just login to everything and you’re back up and running. The downside to this is that so can the bad guys, and they can do it from around the world 24x7x365.
This dramatically changes the focus on what a normal user must do to stay safe online. To stay safe online now, you still need to secure your computing device, but additionally you need to think about your online accounts and your web browser. Like anything in the world, criminals will go for the easiest targets so making your accounts harder to unpick should put off automated attempts to compromise your accounts and fend off less sophisticated cyber-attacks on your digital identity.
So, knowing the above, what can you do to help secure your online identity?
Device Security
Using a device that you at least have some trust in is always a good start. Always use genuine software, if it’s free or cheap (and should be paid for), then ask yourself why someone is putting it out there in the first place? Run a reputable and known Antivirus/Internet Security Package. This again will help fend off certain threats. Keep the device as up-to date as possible with the latest software patches and operating system patches.
Password Management
These utilities and services can be used to essentially store a central list of your passwords and account details. While this might seem dumb, it’s often much better than having the same password for every account you use. The file is heavily encrypted making it hard (and costly in monetary terms) for an attacker to breach. The file can be opened with a password – something you should never use for any online service. Using that password acts as a key to decrypt the file giving you access to your other passwords. Most Password Management tools have a password generator which will come up with complex pseudo-random passwords meaning you don’t have to think of a new password for each service you add.
It’s our view that you should absolutely use a Password Manager. A password manager can either be a small file that can be password protected that will contain all of your other passwords. Alternatively, you can use password manager services. Apple has keychain built into the Operating System, lots of browsers will replicate passwords and services like LastPass exist online which can store your passwords for easy access.
Importantly, it’s very important to use a “password generator” – something that’ll create long and random passwords for each site or service you use. It’s also very important to not use the same password in more than one place, if it’s compromised in one place, it can be used in other places as well.
Multi-Factor Authentication
Multi-factor authentication is also a great way to stop people getting into your services. At a really basic level, multi-factor means that even if someone has your username and password, they’ll still struggle to login to your services because they’ll be prompted for a further code which will exist on only your phone or a key fob.
Pros and Cons
The “Downsides” of all this security
Changing your phone becomes a bit more tedious – you’ll have to reset all the Multi-Factor Authentications up again when you swap a phone. This isn’t bad, but if you’re a serial phone swapper, you’ll find this annoying.
If you’ve not got your phone available, you’ll also struggle to access things – some services though like Facebook or others might give you a second Multi-Factor option such as using an SMS to your mobile number to provide a login.
The upside to all of this of course is that the bad guys will also struggle to access your services. You’ll avoid a lot of common-place threats and attacks simply be practicing good account security.
We’ve wrote this guide to help the vast majority of people. Following the layout, it’ll make it much harder for bad people to get into your services and cause disruption.
Computer Security is a huge problem, and we’re not going to fix it all in one little blog post. What we are hoping to do though is make it a bit harder for the bad guys to get access to the services you might use in your business day to day.
In security, everyone has a role to play and it’s important to know what you can influence and change. Equally, it is not possible for you to stop Facebook or your email provider getting hacked, but it is possible for you to use different credentials on different sites and use multi-factor authentication where possible. This should at least stop someone hacking your account rather than hacking the provider.
Below we’ve provided a bunch of links to popular services, tools and platforms that enable better security by default.
If we can help in any way with personal or business security, just get in touch with our team!
Further Reading and Research
In the UK we now have the NCSC (National Cyber Security Centre). They have lots of guidance on security which can be found here (https://www.ncsc.gov.uk/guidance). Additionally, for small businesses, they’ve published a guide-book which is well worth reading (https://www.ncsc.gov.uk/guidance/small-business-guide-actions)
Offline – https://keepass.info/
Online – https://www.lastpass.com/business
Keychain (Apple Only)* – https://support.apple.com/en-gb/HT204085
Multi-Factor Auth Programs;
Google Authenticator
https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en
https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8
Authy
https://play.google.com/store/apps/details?id=com.authy.authy&hl=en_GB
https://itunes.apple.com/gb/app/authy/id494168017?mt=8
Microsoft Authenticator
https://play.google.com/store/apps/details?id=com.azure.authenticator&hl=en_GB
https://itunes.apple.com/gb/app/microsoft-authenticator/id983156458?mt=8
With that in mind, we think the key things you need to secure are;
Email Accounts / Internet Authentication (i.e. Google/Outlook.com Accounts).
Apple iCloud Account – https://support.apple.com/en-gb/HT204915
Google – https://support.google.com/accounts/answer/185839?hl=en
Microsoft Accounts / Outlook.com – https://support.microsoft.com/en-gb/help/12408/microsoft-account-about-two-step-verification
Yahoo Email – https://help.yahoo.com/kb/SLN5013.html
Social Media Accounts (Facebook, Twitter, LinkedIn)
Facebook – https://www.facebook.com/help/148233965247823
LinkedIn – https://www.linkedin.com/help/linkedin/answer/544/turning-two-step-verification-on-and-off?lang=en
Twitter – https://help.twitter.com/en/managing-your-account/two-factor-authentication
Cloud Storage;
DropBox – https://www.dropbox.com/help/security/enable-two-step-verification
Microsoft oneDrive and Google Drive are also secured if you follow the email guide – wit.