You may be a BAO (bad-ass operator) or a bad-ass cyber warfare technician but the single most leveraged point of failure is the human element. The con artist has changed their approach in the digital world, by using modern techniques like “phishing”, “spear phishing” or “whaling” to get you to release something of value (e.g. Money, Passwords, Information, etc.). The average person will have a hard time trying to remember all the passwords for different web-sites, and personal accounts, etc.. So the easiest (remember human element looks for simplicity) is to continue to use the same password for every account. This is where people fail to keep up with technology, we have read or heard news stories on how malicious actors used a password from another site to gain access to your work account, social media account, or banking information. According to the Verizon Data Breach data – VERIS data over the previous three years, they noticed that almost half (49%) of all breaches involve human element failures.
Don’t worry we will get to the cool parts of protecting your home, your mobile devices, and your digital personas in upcoming articles, but first we need to get the human element risk reduced. I also wanted you to note that there are many folks that will have you buy or download their guide to securing your technology and digital personas. Most of this is a ridiculous bit of freeware tools, inaccurate information, and not surprisingly many tools the bad guys use themselves. These articles will only include industrial-strength facts, processes, and some tools that will help you stay relatively safe. As this article states the human element can be undone very quickly. As a former Intelligence Chief and Chief Information Security Officer for Fortune 100 institutions, I am going to give you advice, but it is up to you to make this a part of your routines and realize that you will need to protect your digital world very similar to how you protect your physical world. The same principles can be used related to that like, situational awareness while carrying a concealed firearm, to force protection principles, to SHTF survivalist ideas.
As I mentioned passwords are the single most abused cyber-attacks and the effort today by malicious actors is easy to say the least. There are techniques that have been automated that can identify, find, break (if encrypted), and reuse your singularly used password. To protect yourself against you, you will need to get a password manager. I recommend two paid programs; 1Password or LastPass password managers based on your risk levels and technology platform. I heard the shock on paid as there are free apps out there. However, with paid applications you get more robust security, more functions and you are better ensured by the company that vulnerabilities and backdoors are removed.
1Password works the best on Macs and IOS devices, but has portability to Windows and Android. From a security perspective, I like the 1Password manager the best as it stores your password information in a local encrypted vault and certain configurations of synching between devices must be done manually. I do not recommend signing up for an online account as you are more vulnerable to configurations you may not know about; such as simply synching your devices, vaults or sharing an account over the Internet. Synching over a secured Wi-Fi network is a better option and stops you from sharing your vault where you may forget that you opened it up to others and compromise the integrity of your vault.
LastPass is good for platforms such as Windows, Linux, Android, IOS, Windows Phone, and Blackberry (if you’re still stuck in the 90s) and features an additional layer of security using what is referred to as two-factor authentication (basically besides a master password, there is another login process). It features auto-change features that change all your passwords in one swoop. It is the most comprehensive password manager out there, but note that in 2015, they did suffer a breach that exposed user email addresses, password hints, and encrypted master passwords; so make sure if you use their online vaulting services you need to change your master password at least semi-annually.
You should do your own web searches to figure out which one is more secure for the options you want and the platform you operate on. As a cybersecurity professional, I only state the following:
- Cloud options are not as secure as you might be led to believe.
- Sometimes manual processes are better than automated as it makes you take additional steps to think about what you are doing.
- Think similarly about how you protect your physical world and apply those same concepts to the digital world; the tools are just that, tools to help you be more secure.