Information Security, Network Security, Cyber Security… whatever you call it, it should be something that you do every day. “Ethical Hacking” and “Penetration Tests” are useful, but they are the smear-tests and prostate-exams of your security health: something which should happen occasionally — especially when at particular risk — but your health doesn’t stop there.
In an attempt to encapsulate good security practice in just five rules that you should practice daily, as part of your “business as usual”, I would propose the following —but be aware that this is not an exhaustive list of security practices, it’s just my top five “healthy behaviours” for home or business:
- Install all software updates and patches promptly; if you use anti-malware software, then update it promptly, too.
- Stop using, even erase, delete or destroy, any software or devices which are past their end-of-life, end-of-support, or for which you can no longer obtain software updates. Make sure to save any data that you want or need.
- Use, and promote use of, different passwords for every site and app that relies upon passwords; using password management software may help.
- Consider each piece of data you create and what would happen if you lost it, or if it leaked to the public at large. Make backups accordingly.
- Review your security settings — iOS, Android, Facebook, Gmail, Linux, MySQL, VCL, Junos — check out what’s publicly visible and who and how can access your account or system. Keep it tidy.
I’ll post this to Twitter and fully expect a firestorm of protest, “whatabout?”, claims of overgeneralisation, claims of vagueness and handwaving, criticisms of approach (“but legacy software is a thing!”) etc; but the same criticisms can be laid at the feet of any “5 A Day” advice and — just as there is largely nothing wrong with suggesting that people eat more fruit — I aver that there is nothing greatly wrong with the above advice.
You will certainly want to make other security efforts (and you will want to eat more than merely 5 pieces of fruit per day) too, but the above is a good start which I believe — if broadly adopted —would greatly enhance everyone’s “cyberhealth”.
Five Tips for Life
Some people suggest that the above are too complex, only aspirational, or even impossible goals for human beings to deal; so, for those people I offer the following five tips which they may be missing in their daily life:
- When you buy food, use it promptly, while it’s still fresh; keep it properly refrigerated or stored. It tastes better that way, too.
- If your food has gone beyond its recommended “use-by” date, consider disposing of it; if it’s clearly “off” then definitely dispose of it. Unless you hunt it yourself, generally get your food from somewhere reputable, where you have a guarantee of quality and the ability to complain.
- When you go out, or to work, shut your windows and doors. Lock them. Use a good lock — something like a 5 pin mortice deadlock, perhaps one with some sort of insurance certification. Same thinking goes for your car.
- Keep an eye on your bag, wallet and phone — there are thieves everywhere. Try not to make yourself an easy victim, e.g. don’t stash stuff in your back pocket. If you’re prone to losing things, you can make life overall a little less stressful with a good bag and making a “system”. Maybe leave a spare key with a trusted friend.
- Check your body occasionally for lumps and bumps and spots which aren’t meant to be there; cancer is a thing, but addressable if caught early. Don’t leave it to chance — it’s okay to ask questions of your doctor.
This is a metaphor, of course, but the point is: security is an addressable personal (and enterprise) challenge.