Apple’s announcement of iCloud today is yet more evidence of the unstoppable migration of data and assets to the cloud. Despite the shocking recent breaches of security at a variety of organizations, including the multiple breaches that have afflicted millions of Sony customers, more and more of us are entrusting personal or business assets to the cloud. This is an irreversible trend. It’s not going to stop.
Yet many of us remain naive about the necessary steps we should take to keep our online assets secure. I’m not talking about excessively geeky ways to preserve your online safety. Just following these five simple guidelines will go a long way towards helping the average man or woman at work and play to keep online threats at bay.
There are two routes to your online assets. One is through the cloud provider’s infrastructure, and as the headlines constantly remind us, even household names don’t always do everything they should to keep your secrets safe. But the second route is even more potent, and it’s much closer to home. The easiest and most prevalent route for an intruder to access your online records is through your login details. Of course you need your provider to be secure, but don’t let that make you careless about your own login details.
2. Use strong, memorable passwords
The trouble with making up strong passwords is that they’re not memorable. The trick is to start with something memorable and then turn it into a strong password â which means mixing numbers, letters, lower and upper case, maybe a few symbols as well. What do you already know from memory that jumbles up all these different types of characters? Start with addresses, car license numbers, telephone numbers, dates of birth. But don’t use your own â use people you know; friends, employers, parents, partners, previous addresses; or old addresses of your own and cars you sold a decade ago. Anything that can’t be linked to your online persona but always jumble it up â half a zipcode, a name with part of a birthdate, segments of an address. Then add in a dash, an exclamation mark or an @ sign to spice it up some more.
3. Guard the crown jewels of your inbox
Of course you’re going to reuse passwords, especially for sites where you’re not storing crucial data like your credit card numbers, date and place of birth, address or social security number. But there’s one site where you should always use a unique and strongest possible password â your email inbox. Because this is the one place where all your other logins redirect to when you reset a password. This one location is the passport to all your other online assets.
Although it’s a hassle to do so, you should consider double-protecting your inbox with two-factor authentication, which means you have to enter a secondary code (for example a code sent by SMS to your mobile phone) to get access. This is especially important if you have a habit of visiting malicious websites, you never remember to keep your anti-malware software up to date, or you have a track record of failing to recognize phishing emails.
4. Don’t leave the password recovery back door ajar
Very often, people take all kinds of precautions to protect their login information but make it really easy to reset their password through the password recovery mechanism. If your user ID is totally easy to guess (it’s often your email) then don’t use something obvious or easy to discover for your password reset, such as your date or place of birth, mother or wife’s maiden name or some other readily sourced personal information. That’s as lame as leaving your doorkey under the front doormat.
5. Have an alternate to fall back on
Security is all about risk mitigation, and however careful your planning, you can’t eliminate all risk. So give yourself a fallback. Don’t put all your cash in one online account, have a separate emergency email address, make sure you’ve got a 3G card or local Starbucks you can resort to if your main Internet connection goes down. Knowing that you’ve got a second option if the worst happens helps you keep a cool head in an emergency, which gives you a better chance of surviving a crisis.
(Cross-posted @ Software as Services Blog RSS | ZDNet)