So, you’ve decided it’s time to take your information security a little more seriously… but getting started can be an ominous task, and few people know where to start.
Look For Dominoes
First, lets get looking for anything that needs to be addressed immediately. Namely “domino” accounts; if breached, would cause a cascading security failures that you would continually be cleaning up.
Obvious domino accounts are your email accounts. One less obvious account is your Google Android, or Apple iCloud account. Email is often used as usernames, and serves many automatic account recovery or password reset services – you cannot stop this. If a malicious actor has your email address, they can get into your bank accounts, online shopping, and depending on what is linked to your account, could do a complete takeover of your online identity.
Before we get into anything else, let’s make sure those get locked down. The minimum amount of security you should be comfortable with is;
- Unique password for each account
- Two Factor Authentication
- Notifications for new logins
Identify Your Assets
After you’ve locked down your critical accounts, it’s time to get started on everything else. You’re going to want a password manager to keep track of all your passwords, and you don’t want to have to remember them anyways. I break my account into three groups; (And who I may want to share with as well)
- Financial Accounts; (Only Me)
- Bank Accounts
- Retirement Accounts
- Bills and Utility Accounts; (Only Me & Spouse)
- Entertainment, such as; (Me, Spouse, Kids, Family)
- Streaming Services (Netflix, Hulu)
- Video Games – Often Linked to Payment Information
Consider what you’re using, when you will want access to your accounts, and start grouping those accounts together.
Create Digital Keyrings
Don’t try to remember all your passwords. If you do, you’re going to end up with the same password and permutations of it all over the place. The real issue with passwords is that the people you give them to are bad at keeping them secret. Hackers know this. There is a constant stream of account breaches with new email addresses and passwords to try out all over the internet.
Most current automated hacks include weak or shared passwords.