As mentioned in my bio I am a information security professional by trade. I won’t go into details on where I work or how I do what I do in this post, but I will mention that this month is Cyber Security Awareness Month.

This month we should reflect upon our security practices, shore up any problems, and otherwise make it harder for the hackers to do what they want to do with your data or bank accounts. Here are a few suggestions for you to add to your security routine:

Enable 2 factor authentication wherever possible. If a hacker is able to get your password, they will still need access to your device or email for the short-term pass-codes. Also, no on will ever ask you for these so don’t give them to someone on the phone.

Never reuse passwords. If one account is breached, you can bet your bottom dollar that the hacker will try that password anywhere and everywhere they can. If you reuse passwords, every account that uses the breached password is now at risk. Which leads into my next point.

Use complex passwords. Letters, numbers, special characters and a mix of upper and lower case are the basics, you need to expand beyond that into hard to guess but easy to remember passwords. Take a sentence like “I love Grandma’s cookies, they are the best in the world!”, take the first letter of each word and swap the L in love for ❤ or the like to add some special characters to the mix and now you have a hard to guess but easy to remember password. Just don’t use common or famous phrases or sentences (I am looking at you Shakespeare fans)

Rather than trying to remember all of those passwords (you don’t want to know how many different accounts I use on a daily basis, its insane) you can use a password vault. This piece of software stores, remembers and will even generate secure passwords for you to use on any website or application. All you need to do is remember (and use a very secure) the master password for the vault and it takes care of the rest. It takes a little getting used to but it is worth it.

You never know what hackers are after. Some want money, some do it for the lulz, others for various types of scams, or even theft of data. Don’t fall into the trap of thinking that your data isn’t valuable or that you are a nobody so no one is going to target you. Hackers will do anything they can to get in to a system or network and sort out the rest later.

Be cautious of emails, txt messages and phone calls from people you don’t know. Is the content alarming but lacking in details like “your password is about to expire, click here to change it” but they don’t mention what account? The email address doesn’t make sense, such as a “Microsoft email” coming from bob[@]acmeautos.com. Links that point in weird directions and so on. Examine every email that you are not expecting and when in doubt reach out to the sender via a known good channel (like a phone call) to verify that you should in fact be expecting the email or txt message.

Those should be a good start to getting your security in order. If you have any questions by all means let me know via the socials. If you have tips of your own feel free to send them my way as well, I may feature them on this blog.

-The Half-assed Taoist