One of the hot topics at the MS-ISAC Annual Meeting and GFIRST in Atlanta this week was the recent Wired article by Mat Honan entitled: How Apple and Amazon Security Flaws Led to My Epic Hacking.
The entire article is worth reading, and may shock you into action. Here is the first paragraph of the article:
“In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook”
That article, along with other information led to Apple and other organizations changing their over-the-phone password reset procedures.
There is no doubt that the majority of online users typically:
- Use very simple passwords that are easy to guess
- Use the same passwords for multiple applications and services (such as Gmail and Facebook.)
- Only change their passwords when forced to do so
- Use the same passwords for home and work
- Share passwords with friends and family members
I could go on, but the stupid things that we do (or don’t do) with passwords are well-documented.
However, I must admit that the Wired article was a bit of a personal wake-up call for me. While I have always used rather complex passwords, I do slip into some of the other bad habits at times. But lately, I have gone through the simple list above and made adjustments to my personal online security situation regarding passwords. I want to point-out a few practical steps that we all can take to help secure things.
Second, I found this sixty minute security make-over article to be well-done and helpful. It discusses linked social media accounts and a host of other areas that need to be addressed by all of us for better security.
Third, even if you don’t follow these extra security steps, at least regularly change your passwords to something a bit more complex and don’t reuse them across home and work. Also, back up important data.
I know, I know. Security pros have known about these basic password steps for years. But actions speak louder than words. And there is too much at stake with our online data to do nothing. I like many of these new precautions, since one-time actions can provide much better overall protections.
What are your thoughts on personal passwords? Any ideas to share?
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.
During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader.
Lohrmann led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprisewide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan.
He currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. He is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors. He has advised senior leaders at the White House, National Governors Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and nonprofit institutions.
He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.
Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD for You: The Guide to Bring Your Own Device to Work. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington, D.C., to Moscow.
He holds a master's degree in computer science (CS) from Johns Hopkins University in Baltimore, and a bachelor's degree in CS from Valparaiso University in Indiana.
Follow Lohrmann on Twitter at: @govcso
Building effective virtual government requires new ideas, innovative thinking and hard work. From cybersecurity to cloud computing to mobile devices, Dan discusses what’s hot and what works in the world of gov tech.