October is Online Security Awareness Month
On today’s show we are talking about cyber security. October is the annual cyber security awareness month.
As more and more of our lives seem to have an online connection, there is a tug of war between convenience and security. Our mobile devices are always listening. My phone using location information tells my thermostat when nobody’s home so that we save energy on heating or air conditioning. We may think that our phone is only listening when we issue a voice command. But that is not the case. My latest car has a smart phone app that allows me to read the current status of the vehicle. It tells me if the windows are open. It tells me if the doors are locked. It tells me where the car is located. It even tells me what my mileage was on my last trip. But if my phone were to become stolen and compromised, someone with my phone can unlock the doors, and even start the engine from the app.
Practicing online safety takes on so many new angles that didn’t exist even a few years ago.
These days it means so much more than making sure your password isn’t something simple. If your password use simple words that are in the dictionary you’re vulnerable to a computer program guessing your password by brute force techniques. The intruder simply makes enough guesses over a long enough period of time that it eventually will guess the password. The shorter the password the quicker the computer will guess your password. Let’s imagine that your password is the word “sand”. At only 4 characters, it will take no more than a few minutes to guess the password. If you extend the password to an entire sentence, something like “Sandisonthebeach” the password has a lot more characters. It’s going to take a lot longer for a program to crack that password. Now if you start including special characters. Let’s say that you replace the S in the word sand with a $, and you replace the letter B with the number 8 which looks a little like a capital B, you’re making it much harder for a computer program to guess the password.
When we talk about cybersecurity, people tend to think first and foremost about password security. That is certainly important. Another technique called two factor authentication brings an added layer. For example, if in addition to having the correct password, you also had to type in a time sensitive code that is only valid for a short period of time, you make the chances of a password breech incredibly small. But there’s another few areas that can create vulnerability.
The first is to never click on a link that’s been sent to you via email. If the link isn’t going to the place you think it is, the act of clicking on a link can initiate the download and installation of software on your computer that might exploit a security vulnerability in your computer’s operating system. Once the hackers have installed software on your computer or your phone, that software can monitor your keystrokes and memorize your passwords. At that point, no amount of passwords security will help because they’re literally eavesdropping on all of your keystrokes.
If you’re in business, your website is a point of vulnerability. It’s not often talked about, but commercial websites are under assault virtually all of the time. For example, every day of the week, I receive notifications from my website and from the website for my wife’s business every time it receives a barrage of attempts to attack the websites security.
I can tell you that I’m seeing hundreds of attempts to crack website security each and every day. We also make edits to the website on a staging site that is not publicly visible. So if the production website was ever to be compromised, we can replace the production website with the staging website with the push of a button and in about 3 minutes, the entire production website has been replaced with a fresh website that could not have been compromised.